11.2 Iteration F2: Logging in 10.1 Iteration E1: Capturing an Order
rails generate scaffold user name:string hashed_password:string salt:string
invoke active_record
create db/migrate/20120629191252_create_users.rb
create app/models/user.rb
invoke test_unit
create test/unit/user_test.rb
create test/fixtures/users.yml
route resources :users
invoke scaffold_controller
create app/controllers/users_controller.rb
invoke erb
create app/views/users
create app/views/users/index.html.erb
create app/views/users/edit.html.erb
create app/views/users/show.html.erb
create app/views/users/new.html.erb
create app/views/users/_form.html.erb
invoke test_unit
create test/functional/users_controller_test.rb
invoke helper
create app/helpers/users_helper.rb
invoke test_unit
create test/unit/helpers/users_helper_test.rb
invoke stylesheets
identical public/stylesheets/scaffold.css
cat db/migrate/20120629191252_create_users.rb
class CreateUsers < ActiveRecord::Migration
def self.up
create_table :users do |t|
t.string :name
t.string :hashed_password
t.string :salt
t.timestamps
end
end
def self.down
drop_table :users
end
end
rake db:migrate
mv 20120629191252_create_users.rb 20110711000007_create_users.rb
== CreateUsers: migrating ====================================================
-- create_table(:users)
-> 0.0019s
== CreateUsers: migrated (0.0020s) ===========================================
edit app/models/user.rb
require 'digest/sha1'
class User < ActiveRecord::Base
validates_presence_of :name
validates_uniqueness_of :name
attr_accessor :password_confirmation
validates_confirmation_of :password
validate :password_non_blank
def self.authenticate(name, password)
user = self.find_by_name(name)
if user
expected_password = encrypted_password(password, user.salt)
if user.hashed_password != expected_password
user = nil
end
end
user
end
# 'password' is a virtual attribute
def password
@password
end
def password=(pwd)
@password = pwd
return if pwd.blank?
create_new_salt
self.hashed_password = User.encrypted_password(self.password, self.salt)
end
private
def password_non_blank
errors.add(:password, "Missing password") if hashed_password.blank?
end
def create_new_salt
self.salt = self.object_id.to_s + rand.to_s
end
def self.encrypted_password(password, salt)
string_to_hash = password + "wibble" + salt
Digest::SHA1.hexdigest(string_to_hash)
end
end
edit app/controllers/users_controller.rb
class UsersController < ApplicationController
# GET /users
# GET /users.xml
def index
@users = User.all(:order => :name)
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
# GET /users/1
# GET /users/1.xml
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/new
# GET /users/new.xml
def new
@user = User.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/1/edit
def edit
@user = User.find(params[:id])
end
# POST /users
# POST /users.xml
def create
@user = User.new(params[:user])
respond_to do |format|
if @user.save
format.html { redirect_to(users_url,
:notice => "User #{@user.name} was successfully created.") }
format.xml { render :xml => @user, :status => :created,
:location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# PUT /users/1
# PUT /users/1.xml
def update
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to(users_url,
:notice => "User #{@user.name} was successfully updated.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.xml
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
end
edit app/views/users/index.html.erb
<p class="notice"><%= notice %></p>
<h1>Listing users</h1>
<table>
<tr>
<th>Name</th>
<th></th>
<th></th>
<th></th>
</tr>
<% @users.each do |user| %>
<tr>
<td><%= user.name %></td>
<td><%= link_to 'Show', user %></td>
<td><%= link_to 'Edit', edit_user_path(user) %></td>
<td><%= link_to 'Destroy', user, :confirm => 'Are you sure?',
:method => :delete %></td>
</tr>
<% end %>
</table>
<br />
<%= link_to 'New User', new_user_path %>
edit app/views/users/new.html.erb
<div class="depot-form">
<%= form_for(@user) do |f| %>
<%= f.error_messages %>
<fieldset>
<legend>Enter User Details</legend>
<div>
<%= f.label :name %>:
<%= f.text_field :name, :size => 40 %>
</div>
<div>
<%= f.label :password, 'Password' %>:
<%= f.password_field :password, :size => 40 %>
</div>
<div>
<%= f.label :password_confirmation, 'Confirm' %>:
<%= f.password_field :password_confirmation, :size => 40 %>
</div>
<div>
<%= f.submit "Add User", :class => "submit" %>
</div>
</fieldset>
<% end %>
</div>
get /users
get /users/new
post /users
get http://localhost:3000/users
sqlite3> select * from users
id = 1
name = dave
hashed_password = 9e4c1e8686d59c5202142be0054001a6f0ba8d53
salt = 699596864246000.628262038194712
created_at = 2012-06-29 19:12:58.631163
updated_at = 2012-06-29 19:12:58.631163
11.2 Iteration F2: Logging in 10.1 Iteration E1: Capturing an Order