Authentiication
There are a few steps that need to be followed in order for Authentication to work in a web application. The code below will set up some basic sign up and sign in. Hopefully this step by step can help you quickly get your authentication working.
In your application controller, you need to define your
current user and your authorized user for use in authentication.
class ApplicationController < ActionController::API
include ActionController::Cookies
before_action :authorized_user
def current_user
@user ||= User.find_by(id: session[:user_id]) if session[:user_id]
end
def authorized_user
render json: {errors: "unauthorized"}, status: :unauthorized unless current_user
end
end
In Your Sessions controller is where you define your login route which is a "POST" and your logout which is a "DELETE".
It will create a session and it will delete the session for the user so that the user can see the appropriate information that they are supposed to see rendered to the page.
class SessionsController < ApplicationController
skip_before_action :authorized_user, only:[:login]
def login
user = User.find_by(email: params[:email])
if user&.authenticate(params[:password])
session[:user_id] = user.id
render json: user, status: :created
else
render json: {error: "Invalid Credentials"}, status: :unauthorized
end
end
def logout
session.delete :user_id
head :no_content
end
end
In your Users Controller or wherever your user is living. The table will hold all of the users information with a secure password. login and logout will create a new session where as sign up will allow a returning user sign in on future updates.
class UsersController < ApplicationController
before_action :find_user, only: [ :update, :destroy]
skip_before_action :authorized_user, only: [:create]
def create
new_user = User.create!(user_params)
session[:user_id] = new_user.id
render json: new_user, status: :created
end
private
def find_user
@user = User.find(params[:id])
end
def user_params
params.permit(:email, :password)
end
end
In your User Model is where you will add you validations and have has_secure_password so that creation of your users goes smoothly.
class User < ApplicationRecord
has_secure_password
validates_presence_of :email
validates :email, presence: true, uniqueness: true
validates :password, presence: true, length: { minimum: 8 }, on: :create
end
The Authorization Fetch Call in your App.js will make sure that the current user or the one person who is logged in has access to what they need access to and that no one else has access to that information.
useEffect(() => {
const fetchData = () =>
fetch('/auth')
.then(res => {
if(res.ok){
res.json().then(user => setCurrentUser(user))
}
// else {
// const error = res.json().then(error = setError(error))
// }
})
if (!currentUser)
{fetchData() }
},[currentUser])
In the routes.rb custom routes for authorization login and logout. The custom routes allow for easy identification in naming and calling routes in your front end to make sure they end up correctly in the backend.
post "/login", to: "sessions#login"
post "/signup", to: "users#create"
get "/auth", to: "users#show"
delete "/logout", to: "sessions#logout"
In app file
if(!currentUser) {
return login ? <LogIn setLogin={setLogin} setCurrentUser={setCurrentUser} /> : <SignUp setLogin={setLogin} setCurrentUser={setCurrentUser} />
}
In Conclusion
Creation of authentication actually has a lot of moving parts and depending on when you decide on implementing your you make break a lot of things in your site. Go slowly track your changes.
Top comments (0)