Summary
I create my User model and build out the base of the needed Sessions controller.
User Model
My app will have a separate Profile model that will contain most of a User's info (bio, profile pic, birthday, etc).
So for my User model I just need the following
- username
- password
Because I am using bcrypt and not JWT or any other complicated - and still not a system I understand how to use - the password
field needs to be create with _digest
. Here is the command I wrote to generate the User model.
rails g model User username email password_digest
It generated this file 001_create_users.rb
class CreateUsers < ActiveRecord::Migration[6.0]
def change
create_table :users do |t|
t.string :username
t.string :email
t.string :password_digest
t.timestamps
end
end
end
Before I migrated I checked the migration file to ensure I typed things correctly. I also renamed the mirgration file, taking the datatime out of the file name and replacing it with
001
. This is a little thing I've picked up durning my time in this bootcamp that I find to be helpful if there are going to be a few migration files. Numbering them like this allows for easier troubleshooting - for me at least - if something goes wrong with a model at some point. I can look at the schema file and see what version it is on (4, maybe 8) instead of a version number twelve characters long. Also easier to rollback a specific migration if needed by typing 00x instead of 2020xxyyzzww .... blah blah blah.
I digress.
With the model migrated go to the user.rb
model and include the following:
has_secure_password
# part of bycrpt
# needed to ensure the
# password is not saved as plain text
# below are nice to have but not required
# I want my app to ensure usernames and emails are unique
# it gives me more options for searching and finding users later
validates_presence_of :username
validates_uniqueness_of :username
validates_presence_of :email
validates_uniqueness_of :email
Sessions Controller
So the full details on exactly what a session is and what the controller is/does is not fully understood by me as of yet...
(fyi, it is April 26th 2020, for future readers and myself)
... but full understanding isn't needed right now. I get what the code is doing in general terms and for only 13 weeks into learning to be a software engineer; I'd say I'm doing okay in the understand a lot of stuff department.
Here is what needs to go into a Sessions Controller to get the base authentication functionality in place.
class SessionsController < ApplicationController
def create
# find user by uniq username
# try is built in
user = User
.find_by(username: params["user"]["username"])
.try(:authenticate, params["user"]["password"])
# conditional to render json object of a status notification,
# a boolean for logged in, and the user model data
if user
session[:user_id] = user.id
render json: {
status: :created,
logged_in: true,
user: user,
}
else
# if something goes wrong, a username isn't found,
# hacker doing hacky things, 401 is the standard status code
render json: { status: 401 }
end
end
end
Top comments (0)