Listing users
| Name |
|---|
New User
Pragmatic Bookshelf
14.2 Iteration I2: Authenticating Users 13.3 Playtime
Scaffold the user model
rails generate scaffold User name:string hashed_password:string salt:string
invoke active_record
create db/migrate/20120629163433_create_users.rb
create app/models/user.rb
invoke test_unit
create test/unit/user_test.rb
create test/fixtures/users.yml
route resources :users
invoke scaffold_controller
create app/controllers/users_controller.rb
invoke erb
create app/views/users
create app/views/users/index.html.erb
create app/views/users/edit.html.erb
create app/views/users/show.html.erb
create app/views/users/new.html.erb
create app/views/users/_form.html.erb
invoke test_unit
create test/functional/users_controller_test.rb
invoke helper
create app/helpers/users_helper.rb
invoke test_unit
create test/unit/helpers/users_helper_test.rb
invoke stylesheets
identical public/stylesheets/scaffold.css
Run the migration
rake db:migrate
mv 20120629163433_create_users.rb 20110711000009_create_users.rb
== CreateUsers: migrating ====================================================
-- create_table(:users)
-> 0.0019s
== CreateUsers: migrated (0.0020s) ===========================================
Add validation, has_secure_password
edit app/models/user.rb
require 'digest/sha2'
class User < ActiveRecord::Base
validates :name, :presence => true, :uniqueness => true
validates :password, :confirmation => true
attr_accessor :password_confirmation
attr_reader :password
validate :password_must_be_present
def User.authenticate(name, password)
if user = find_by_name(name)
if user.hashed_password == encrypt_password(password, user.salt)
user
end
end
end
def User.encrypt_password(password, salt)
Digest::SHA2.hexdigest(password + "wibble" + salt)
end
# 'password' is a virtual attribute
def password=(password)
@password = password
if password.present?
generate_salt
self.hashed_password = self.class.encrypt_password(password, salt)
end
end
private
def password_must_be_present
errors.add(:password, "Missing password") unless hashed_password.present?
end
def generate_salt
self.salt = self.object_id.to_s + rand.to_s
end
end
Avoid redirect after create, update operations
edit app/controllers/users_controller.rb
def create
@user = User.new(params[:user])
respond_to do |format|
if @user.save
format.html { redirect_to(users_url,
:notice => "User #{@user.name} was successfully created.") }
format.xml { render :xml => @user,
:status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
edit app/controllers/users_controller.rb
def update
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to(users_url,
:notice => "User #{@user.name} was successfully updated.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
Display users sorted by name
edit app/controllers/users_controller.rb
def index
@users = User.order(:name)
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
Add Notice, and remove password digest from view
edit app/views/users/index.html.erb
<h1>Listing users</h1>
<% if notice %>
<p id="notice"><%= notice %></p>
<% end %>
<table>
<tr>
<th>Name</th>
<th></th>
<th></th>
<th></th>
</tr>
<% @users.each do |user| %>
<tr>
<td><%= user.name %></td>
<td><%= link_to 'Show', user %></td>
<td><%= link_to 'Edit', edit_user_path(user) %></td>
<td><%= link_to 'Destroy', user, :confirm => 'Are you sure?',
:method => :delete %></td>
</tr>
<% end %>
</table>
<br />
<%= link_to 'New User', new_user_path %>
Update form used to both create and update users
edit app/views/users/_form.html.erb
<div class="depot_form">
<%= form_for @user do |f| %>
<% if @user.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(@user.errors.count, "error") %>
prohibited this user from being saved:</h2>
<ul>
<% @user.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<fieldset>
<legend>Enter User Details</legend>
<div>
<%= f.label :name %>:
<%= f.text_field :name, :size => 40 %>
</div>
<div>
<%= f.label :password, 'Password' %>:
<%= f.password_field :password, :size => 40 %>
</div>
<div>
<%= f.label :password_confirmation, 'Confirm' %>:
<%= f.password_field :password_confirmation, :size => 40 %>
</div>
<div>
<%= f.submit %>
</div>
</fieldset>
<% end %>
</div>
Demonstrate creating a new user
get /users
get /users/new
post /users
get http://localhost:3000/users
Pragmatic Bookshelf
Show how this is stored in the database
sqlite3> select * from users
id = 1
name = dave
hashed_password = 80f090843e7606a144374f34e852696f0fa61da20f26a2651f5ab587085cd012
salt = 700040779085400.0955178154921096
created_at = 2012-06-29 16:34:40.289380
updated_at = 2012-06-29 16:34:40.289380
edit test/functional/users_controller_test.rb
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
setup do
@input_attributes = {
:name => "sam",
:password => "private",
:password_confirmation => "private"
}
@user = users(:one)
end
#...
test "should create user" do
assert_difference('User.count') do
post :create, :user => @input_attributes
end
assert_redirected_to users_path
end
#...
test "should update user" do
put :update, :id => @user.to_param, :user => @input_attributes
assert_redirected_to users_path
end
end