Summary

I create my User model and build out the base of the needed Sessions controller.

User Model

My app will have a separate Profile model that will contain most of a User's info (bio, profile pic, birthday, etc).

So for my User model I just need the following

• username
• email
• password

Because I am using bcrypt and not JWT or any other complicated - and still not a system I understand how to use - the password field needs to be create with _digest. Here is the command I wrote to generate the User model.

rails g model User username email password_digest

It generated this file 001_create_users.rb

class CreateUsers < ActiveRecord::Migration[6.0]
  def change
    create_table :users do |t|
      t.string :username
      t.string :email
      t.string :password_digest

      t.timestamps
    end
  end
end

Before I migrated I checked the migration file to ensure I typed things correctly. I also renamed the mirgration file, taking the datatime out of the file name and replacing it with 001. This is a little thing I've picked up durning my time in this bootcamp that I find to be helpful if there are going to be a few migration files. Numbering them like this allows for easier troubleshooting - for me at least - if something goes wrong with a model at some point. I can look at the schema file and see what version it is on (4, maybe 8) instead of a version number twelve characters long. Also easier to rollback a specific migration if needed by typing 00x instead of 2020xxyyzzww .... blah blah blah.

I digress.

With the model migrated go to the user.rb model and include the following:

has_secure_password 
# part of bycrpt
# needed to ensure the 
# password is not saved as plain text

# below are nice to have but not required
# I want my app to ensure usernames and emails are unique
# it gives me more options for searching and finding users later
validates_presence_of :username
validates_uniqueness_of :username
validates_presence_of :email
validates_uniqueness_of :email

Sessions Controller

So the full details on exactly what a session is and what the controller is/does is not fully understood by me as of yet...

(fyi, it is April 26th 2020, for future readers and myself)

... but full understanding isn't needed right now. I get what the code is doing in general terms and for only 13 weeks into learning to be a software engineer; I'd say I'm doing okay in the understand a lot of stuff department.

Here is what needs to go into a Sessions Controller to get the base authentication functionality in place.

class SessionsController < ApplicationController
  def create
    # find user by uniq username
    # try is built in
    user = User
      .find_by(username: params["user"]["username"])
      .try(:authenticate, params["user"]["password"])

    # conditional to render json object of a status notification, 
    # a boolean for logged in, and the user model data
    if user
      session[:user_id] = user.id
      render json: {
        status: :created,
        logged_in: true,
        user: user,
      }
    else 
      # if something goes wrong, a username isn't found, 
      # hacker doing hacky things, 401 is the standard status code
      render json: { status: 401 }
    end
  end
end