Agile Web Development with Rails, Edition 4

14.2 Iteration I2: Authenticating Users 13.3 Playtime

14.1 Iteration I1: Adding Users

Scaffold the user model

rails generate scaffold User name:string password:digest
      invoke  active_record
      create    db/migrate/20160306174156_create_users.rb
      create    app/models/user.rb
      invoke    test_unit
      create      test/models/user_test.rb
      create      test/fixtures/users.yml
      invoke  resource_route
       route    resources :users
      invoke  scaffold_controller
      create    app/controllers/users_controller.rb
      invoke    erb
      create      app/views/users
      create      app/views/users/index.html.erb
      create      app/views/users/edit.html.erb
      create      app/views/users/show.html.erb
      create      app/views/users/new.html.erb
      create      app/views/users/_form.html.erb
      invoke    test_unit
      create      test/controllers/users_controller_test.rb
      invoke    helper
      create      app/helpers/users_helper.rb
      invoke      test_unit
      create        test/helpers/users_helper_test.rb
      invoke    jbuilder
      create      app/views/users/index.json.jbuilder
      create      app/views/users/show.json.jbuilder
      invoke  assets
      invoke    coffee
      create      app/assets/javascripts/users.js.coffee
      invoke    scss
      create      app/assets/stylesheets/users.css.scss
      invoke  scss
   identical    app/assets/stylesheets/scaffolds.css.scss

uncomment out bcrypt

edit Gemfile
# Use ActiveModel has_secure_password
gem 'bcrypt', '~> 3.1.7'

Restart the server.

Run the migration

rake db:migrate
mv 20160306174156_create_users.rb 20160306000009_create_users.rb
== 20160306000009 CreateUsers: migrating ======================================
-- create_table(:users)
   -> 0.0022s
== 20160306000009 CreateUsers: migrated (0.0022s) =============================
 

Add validation, has_secure_password

edit app/models/user.rb
class User < ActiveRecord::Base
  validates :name, presence: true, uniqueness: true
  has_secure_password
end

Avoid redirect after create, update operations

edit app/controllers/users_controller.rb
  def create
    @user = User.new(user_params)
 
    respond_to do |format|
      if @user.save
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully created." }
        format.json { render :show, status: :created, location: @user }
      else
        format.html { render :new }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end
edit app/controllers/users_controller.rb
  def update
    respond_to do |format|
      if @user.update(user_params)
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully updated." }
        format.json { render :show, status: :ok, location: @user }
      else
        format.html { render :edit }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

Display users sorted by name

edit app/controllers/users_controller.rb
  def index
    @users = User.order(:name)
  end

Add Notice

edit app/views/users/index.html.erb
<h1>Listing users</h1>
<p id="notice"><%= notice %></p>
 
<table>
  <thead>
    <tr>
      <th>Name</th>
      <th colspan="3"></th>
    </tr>
  </thead>
 
  <tbody>
    <% @users.each do |user| %>
      <tr>
        <td><%= user.name %></td>
        <td><%= link_to 'Show', user %></td>
        <td><%= link_to 'Edit', edit_user_path(user) %></td>
        <td><%= link_to 'Destroy', user, method: :delete,
        data: { confirm: 'Are you sure?' } %></td>
      </tr>
    <% end %>
  </tbody>
</table>
 
<br>
 
<%= link_to 'New User', new_user_path %>

Update form used to both create and update users

edit app/views/users/_form.html.erb
<div class="depot_form">
 
<%= form_for @user do |f| %>
  <% if @user.errors.any? %>
    <div id="error_explanation">
      <h2><%= pluralize(@user.errors.count, "error") %>
        prohibited this user from being saved:</h2>
      <ul>
      <% @user.errors.full_messages.each do |msg| %>
        <li><%= msg %></li>
      <% end %>
      </ul>
    </div>
  <% end %>
 
  <fieldset>
  <legend>Enter User Details</legend>
 
  <div class="field">
    <%= f.label :name, 'Name:' %>
    <%= f.text_field :name, size: 40 %>
  </div>
 
  <div class="field">
    <%= f.label :password, 'Password:' %>
    <%= f.password_field :password, size: 40 %>
  </div>
 
  <div class="field">
    <%= f.label :password_confirmation, 'Confirm:' %>
    <%= f.password_field :password_confirmation, size: 40 %>
  </div>
 
  <div class="actions">
    <%= f.submit %>
  </div>
 
  </fieldset>
<% end %>
 
</div>

Demonstrate creating a new user

get /users

Listing users

Name

New User
get /users/new

New user

Enter User Details
Back
post /users
You are being redirected.
get http://localhost:3000/users

Listing users

User dave was successfully created.

Name
dave Show Edit Destroy

New User

Show how this is stored in the database

sqlite3> select * from users
             id = 1
           name = dave
password_digest = $2a$10$4MJhksoDIw/VcmqfWmSjvuzY4S7IjgRDLNpXSzTTGbEh0uIrS8HdW
     created_at = 2016-03-06 17:41:59.697750
     updated_at = 2016-03-06 17:41:59.697750

Update tests to reflect the changes in redirection and uniqueness

edit test/controllers/users_controller_test.rb
  test "should create user" do
    assert_difference('User.count') do
      post :create, user: { name: 'sam', password: 'secret',
        password_confirmation: 'secret' }
    end
 
    assert_redirected_to users_path
  end
edit test/controllers/users_controller_test.rb
  test "should create user" do
    assert_difference('User.count') do
      post :create, user: { name: 'sam', password: 'secret',
        password_confirmation: 'secret' }
    end
 
    assert_redirected_to users_path
  end

Make sure that all test names are unique

edit test/fixtures/users.yml
# Read about fixtures at
# http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 
one:
  name: dave
  password_digest: <%= BCrypt::Password.create('secret') %>
 
two:
  name: susannah
  password_digest: <%= BCrypt::Password.create('secret') %>
rake test
Run options: --seed 23378
 
# Running:
 
....................................................
 
Finished in 1.089698s, 47.7196 runs/s, 152.3358 assertions/s.
 
52 runs, 166 assertions, 0 failures, 0 errors, 0 skips

14.2 Iteration I2: Authenticating Users 13.3 Playtime