Auth Exploration - Iteration 2
Implement User Login
When users register for our site, we’ll want them to be able to later return to our site and login using the details that they provided when registering—specifically, the e-mail address and password. How will our application determine whether or not the user supplied a correct e-mail and password combination?
class User < ApplicationRecord
# e.g., User.authenticate('penelope@turing.com', 'boom')
def self.authenticate(email, password)
# if email and password correspond to a valid user, return that user
# otherwise, return nil
end
end
Figure 1. Shell code for an authenticate method.
We’ll add an .authenticate
method to our User
model to make this determination. Figure 1 provides some shell code and pseudocode for our method.
Now, let’s actually implement logging in by allowing users to submit their login credentials as a post request to a /login
URL. If the user sends a valid email and password combination, we’ll log the user in. We’ll “remember” that the user is logged in by storing data in the session
hash. Use the following user story to help guide this implementation:
As a visitor
I visit the users index
and click on 'Log In'
Then my current path is '/login'
As a visitor
I visit '/login'
When I fill in a form with an existing user's email and password
And click 'Log Me In!'
I am redirected to the users index
And I see a message saying 'Welcome <user name>, you are logged in!'
And I do not see a link to 'Log In'
If the session
hash and/or how to use it is unclear, revisit this reading. Also, remember that you have access to the session information in the view, if you need it (hint hint). If it is still unclear after reading the documentation, ask for help from a cohortmate or staff member.
Also, the form that you will use to ‘log in’ will not deal with creating or editing resources in our database as we have done previously with form_with
, so you will need a new tool - form_tag
. Explore how to use form_tag
on the rails guides.
Note: there’s not many agreed upon RESTful routing conventions for logging in/logging out. I suggest having a UsersController
that handles registering a new user (so new
and create
actions) and a SessionsController
to handle logging in and logging out.