Creating a Login System
Problem
You want your application to support a login system based on user accounts. Users will log in with a unique username and password, as in most commercial and community web sites.
Solution
Create a users table that contains nonnull username and password fields. The SQL to create this table should look something like this MySQL example:
use mywebapp_development; DROP TABLE IF EXISTS users; CREATE TABLE users ( id INT(11) NOT NULL AUTO_INCREMENT, username VARCHAR(255) NOT NULL, password VARCHAR(40) NOT NULL, PRIMARY KEY (id) );
Enter the main directory of the application and generate a User model corresponding to this table:
$ ./script/generate model User exists app/models/ exists test/unit/ exists test/fixtures/ create app/models/user.rb create test/unit/user_test.rb create test/fixtures/users.yml
Open the generated file app/models/user.rb and edit it to look like this:
class User < ActiveRecord::Base validates_uniqueness_of :username validates_confirmation_of :password, :on => :create validates_length_of :password, :within => 5..40 # If a user matching the credentials is found, returns the User object. # If no matching user is found, returns nil. def self.authenticate(user_info) find_by_username_and_password(user_info[:username], user_info[:password]) end end
Now youve got a User class that represents a user account, and a way of validating a username and password against the one stored in the database.
Discussion
The simple User model given in the Solution defines a method for doing username/password validation, and some validation rules that impose limitations on the data to be stored in the users table. These validation rules tell User to:
- Ensure that each username is unique. No two users can have the same username.
- Ensure that, whenever the password attribute is being set, the password_confirmation attribute has the same value.
- Ensure that the value of the password attribute is between 5 and 40 characters long.
Now lets create a controller for this model. Itll have a login action to display the login page, a process_login action to check the username and password, and a logout action to deauthenticate a logged-in session. So that the user accounts will actually do something, well also add a my_account action:
$ ./script/generate controller user login process_login logout my_account exists app/controllers/ exists app/helpers/ create app/views/user exists test/functional/ create app/controllers/user_controller.rb create test/functional/user_controller_test.rb create app/helpers/user_helper.rb create app/views/user/ login.rhtml create app/views/user/process_login.rhtml create app/views/user/logout.rhtml
Edit app/controllers/user_controller.rb to define the three actions:
class UserController < ApplicationController def login @user = User.new @user.username = params[:username] end def process_login if user = User.authenticate(params[:user]) session[:id] = user.id # Remember the users id during this session redirect_to session[:return_to] || / else flash[:error] = Invalid login. redirect_to :action => login, :username => params[:user][:username] end end def logout reset_session flash[:message] = Logged out. redirect_to :action => login end def my_account end end
Now for the views. The process_login and logout actions just redirect to other actions, so we only need views for login and my_account. Heres a view for login:
<% if @flash[:message] %><%= @flash[:message] %><% end %> <% if @flash[:error] %><%= @flash[:error] %><% end %> <%= form_tag :action => process_login %> Username: <%= text_field "user", "username" %> Password: <%= password_field "user", "password" %> <%= submit_tag %> <%= end_form_tag %>
The @flash instance variable is a hashlike object used to store temporary messages for the user between actions. When the logout action sets flash[:message] and redirects to login, or process_login sets flash[:error] and redirects to login, the results are available to the view of the login action. Then they get cleared out.
Heres a very simple view for my_account:
Account Info
Your username is <%= User.find(session[:id]).username %>
Create an entry in the users table, start the server, and youll find that you can log in from http://localhost:3000/user/login , and view your account information from http://localhost:3000/user/my_account.
$ ./script/runner User.create(:username => "johndoe", :password => "changeme")
Theres just one missing piece: you can visit the my_account action even if you e not logged in. We don have a way to close off an action to unauthenticated users. Add the following code to your app/controllers/application.rb file:
class ApplicationController < ActionController::Base before_filter :set_user protected def set_user @user = User.find(session[:id]) if @user.nil? && session[:id] end def login_required return true if @user access_denied return false end def access_denied session[:return_to] = request.request_uri flash[:error] = Oops. You need to login before you can view that page. redirect_to :controller => user, :action => login end end
This code defines two filters, set_user and login_required, which you can apply to actions or controllers. The set_user filter is run on every action (because we pass it into before_filter in ApplicationController, the superclass of all our controllers). The set_user method sets the instance variable @user if the user is logged in. Now information about the logged-in user (if any) is available throughout your application. Action methods and views can use this instance variable like any other. This is useful even for actions that don require login: for instance, your main layout view might display the name of the logged-in user (if any) on every page.
You can prohibit unauthenticated users from using a specific action or controller by passing the symbol for the login_required method into before_filter. Heres how to protect the my_account action defined in app/controllers/user_controller.rb:
class UserController < ApplicationController before_filter :login_required, :only => :my_account end
Now if you try to use the my_account action without being logged in, youll be redirected to the login page.
See Also
- Recipe 13.14, "Validating Data with ActiveRecord"
- Recipe 15.6, "Integrating a Database with Your Rails Application"
- Recipe 15.9, "Storing Hashed User Passwords in the Database"
- Recipe 15.11, "Setting and Retrieving Session Information"
- Rather than doing this work yourself, you can install the login_generator gem and use its login generator: it will give your application a User model and a controller that implements a password-based authentication system; see http://wiki.rubyonrails.com/rails/pages/LoginGenerator; also see http://wiki.rubyonrails.com/rails/pages/AvailableGenerators for other generators (including the more sophisticated model_security_generator)
Strings
- Strings
- Building a String from Parts
- Substituting Variables into Strings
- Substituting Variables into an Existing String
- Reversing a String by Words or Characters
- Representing Unprintable Characters
- Converting Between Characters and Values
- Converting Between Strings and Symbols
- Processing a String One Character at a Time
- Processing a String One Word at a Time
- Changing the Case of a String
- Managing Whitespace
- Testing Whether an Object Is String-Like
- Getting the Parts of a String You Want
- Handling International Encodings
- Word-Wrapping Lines of Text
- Generating a Succession of Strings
- Matching Strings with Regular Expressions
- Replacing Multiple Patterns in a Single Pass
- Validating an Email Address
- Classifying Text with a Bayesian Analyzer
Numbers
- Numbers
- Parsing a Number from a String
- Comparing Floating-Point Numbers
- Representing Numbers to Arbitrary Precision
- Representing Rational Numbers
- Generating Random Numbers
- Converting Between Numeric Bases
- Taking Logarithms
- Finding Mean, Median, and Mode
- Converting Between Degrees and Radians
- Multiplying Matrices
- Solving a System of Linear Equations
- Using Complex Numbers
- Simulating a Subclass of Fixnum
- Doing Math with Roman Numbers
- Generating a Sequence of Numbers
- Generating Prime Numbers
- Checking a Credit Card Checksum
Date and Time
- Date and Time
- Finding Todays Date
- Parsing Dates, Precisely or Fuzzily
- Printing a Date
- Iterating Over Dates
- Doing Date Arithmetic
- Counting the Days Since an Arbitrary Date
- Converting Between Time Zones
- Checking Whether Daylight Saving Time Is in Effect
- Converting Between Time and DateTime Objects
- Finding the Day of the Week
- Handling Commercial Dates
- Running a Code Block Periodically
- Waiting a Certain Amount of Time
- Adding a Timeout to a Long-Running Operation
Arrays
- Arrays
- Iterating Over an Array
- Rearranging Values Without Using Temporary Variables
- Stripping Duplicate Elements from an Array
- Reversing an Array
- Sorting an Array
- Ignoring Case When Sorting Strings
- Making Sure a Sorted Array Stays Sorted
- Summing the Items of an Array
- Sorting an Array by Frequency of Appearance
- Shuffling an Array
- Getting the N Smallest Items of an Array
- Building Up a Hash Using Injection
- Extracting Portions of Arrays
- Computing Set Operations on Arrays
- Partitioning or Classifying a Set
Hashes
- Hashes
- Using Symbols as Hash Keys
- Creating a Hash with a Default Value
- Adding Elements to a Hash
- Removing Elements from a Hash
- Using an Array or Other Modifiable Object as a Hash Key
- Keeping Multiple Values for the Same Hash Key
- Iterating Over a Hash
- Iterating Over a Hash in Insertion Order
- Printing a Hash
- Inverting a Hash
- Choosing Randomly from a Weighted List
- Building a Histogram
- Remapping the Keys and Values of a Hash
- Extracting Portions of Hashes
- Searching a Hash with Regular Expressions
Files and Directories
- Files and Directories
- Checking to See If a File Exists
- Checking Your Access to a File
- Changing the Permissions on a File
- Seeing When a File Was Last Used Problem
- Listing a Directory
- Reading the Contents of a File
- Writing to a File
- Writing to a Temporary File
- Picking a Random Line from a File
- Comparing Two Files
- Performing Random Access on Read-Once Input Streams
- Walking a Directory Tree
- Locking a File
- Backing Up to Versioned Filenames
- Pretending a String Is a File
- Redirecting Standard Input or Output
- Processing a Binary File
- Deleting a File
- Truncating a File
- Finding the Files You Want
- Finding and Changing the Current Working Directory
Code Blocks and Iteration
- Code Blocks and Iteration
- Creating and Invoking a Block
- Writing a Method That Accepts a Block
- Binding a Block Argument to a Variable
- Blocks as Closures: Using Outside Variables Within a Code Block
- Writing an Iterator Over a Data Structure
- Changing the Way an Object Iterates
- Writing Block Methods That Classify or Collect
- Stopping an Iteration
- Looping Through Multiple Iterables in Parallel
- Hiding Setup and Cleanup in a Block Method
- Coupling Systems Loosely with Callbacks
Objects and Classes8
- Objects and Classes8
- Managing Instance Data
- Managing Class Data
- Checking Class or Module Membership
- Writing an Inherited Class
- Overloading Methods
- Validating and Modifying Attribute Values
- Defining a Virtual Attribute
- Delegating Method Calls to Another Object
- Converting and Coercing Objects to Different Types
- Getting a Human-Readable Printout of Any Object
- Accepting or Passing a Variable Number of Arguments
- Simulating Keyword Arguments
- Calling a Superclasss Method
- Creating an Abstract Method
- Freezing an Object to Prevent Changes
- Making a Copy of an Object
- Declaring Constants
- Implementing Class and Singleton Methods
- Controlling Access by Making Methods Private
Modules and Namespaces
- Modules and Namespaces
- Simulating Multiple Inheritance with Mixins
- Extending Specific Objects with Modules
- Mixing in Class Methods
- Implementing Enumerable: Write One Method, Get 22 Free
- Avoiding Naming Collisions with Namespaces
- Automatically Loading Libraries as Needed
- Including Namespaces
- Initializing Instance Variables Defined by a Module
- Automatically Initializing Mixed-In Modules
Reflection and Metaprogramming
- Reflection and Metaprogramming
- Finding an Objects Class and Superclass
- Listing an Objects Methods
- Listing Methods Unique to an Object
- Getting a Reference to a Method
- Fixing Bugs in Someone Elses Class
- Listening for Changes to a Class
- Checking Whether an Object Has Necessary Attributes
- Responding to Calls to Undefined Methods
- Automatically Initializing Instance Variables
- Avoiding Boilerplate Code with Metaprogramming
- Metaprogramming with String Evaluations
- Evaluating Code in an Earlier Context
- Undefining a Method
- Aliasing Methods
- Doing Aspect-Oriented Programming
- Enforcing Software Contracts
XML and HTML
- XML and HTML
- Checking XML Well-Formedness
- Extracting Data from a Documents Tree Structure
- Extracting Data While Parsing a Document
- Navigating a Document with XPath
- Parsing Invalid Markup
- Converting an XML Document into a Hash
- Validating an XML Document
- Substituting XML Entities
- Creating and Modifying XML Documents
- Compressing Whitespace in an XML Document
- Guessing a Documents Encoding
- Converting from One Encoding to Another
- Extracting All the URLs from an HTML Document
- Transforming Plain Text to HTML
- Converting HTML Documents from the Web into Text
- A Simple Feed Aggregator
Graphics and Other File Formats
- Graphics and Other File Formats
- Thumbnailing Images
- Adding Text to an Image
- Converting One Image Format to Another
- Graphing Data
- Adding Graphical Context with Sparklines
- Strongly Encrypting Data
- Parsing Comma-Separated Data
- Parsing Not-Quite-Comma-Separated Data
- Generating and Parsing Excel Spreadsheets
- Compressing and Archiving Files with Gzip and Tar
- Reading and Writing ZIP Files
- Reading and Writing Configuration Files
- Generating PDF Files
- Representing Data as MIDI Music
Databases and Persistence
- Databases and Persistence
- Serializing Data with YAML
- Serializing Data with Marshal
- Persisting Objects with Madeleine
- Indexing Unstructured Text with SimpleSearch
- Indexing Structured Text with Ferret
- Using Berkeley DB Databases
- Controlling MySQL on Unix
- Finding the Number of Rows Returned by a Query
- Talking Directly to a MySQL Database
- Talking Directly to a PostgreSQL Database
- Using Object Relational Mapping with ActiveRecord
- Using Object Relational Mapping with Og
- Building Queries Programmatically
- Validating Data with ActiveRecord
- Preventing SQL Injection Attacks
- Using Transactions in ActiveRecord
- Adding Hooks to Table Events
- Adding Taggability with a Database Mixin
Internet Services
- Internet Services
- Grabbing the Contents of a Web Page
- Making an HTTPS Web Request
- Customizing HTTP Request Headers
- Performing DNS Queries
- Sending Mail
- Reading Mail with IMAP
- Reading Mail with POP3
- Being an FTP Client
- Being a Telnet Client
- Being an SSH Client
- Copying a File to Another Machine
- Being a BitTorrent Client
- Pinging a Machine
- Writing an Internet Server
- Parsing URLs
- Writing a CGI Script
- Setting Cookies and Other HTTP Response Headers
- Handling File Uploads via CGI
- Running Servlets with WEBrick
- A Real-World HTTP Client
Web Development Ruby on Rails
- Web Development Ruby on Rails
- Writing a Simple Rails Application to Show System Status
- Passing Data from the Controller to the View
- Creating a Layout for Your Header and Footer
- Redirecting to a Different Location
- Displaying Templates with Render
- Integrating a Database with Your Rails Application
- Understanding Pluralization Rules
- Creating a Login System
- Storing Hashed User Passwords in the Database
- Escaping HTML and JavaScript for Display
- Setting and Retrieving Session Information
- Setting and Retrieving Cookies
- Extracting Code into Helper Functions
- Refactoring the View into Partial Snippets of Views
- Adding DHTML Effects with script.aculo.us
- Generating Forms for Manipulating Model Objects
- Creating an Ajax Form
- Exposing Web Services on Your Web Site
- Sending Mail with Rails
- Automatically Sending Error Messages to Your Email
- Documenting Your Web Site
- Unit Testing Your Web Site
- Using breakpoint in Your Web Application
Web Services and Distributed Programming
- Web Services and Distributed Programming
- Searching for Books on Amazon
- Finding Photos on Flickr
- Writing an XML-RPC Client
- Writing a SOAP Client
- Writing a SOAP Server
- Searching the Web with Googles SOAP Service
- Using a WSDL File to Make SOAP Calls Easier
- Charging a Credit Card
- Finding the Cost to Ship Packages via UPS or FedEx
- Sharing a Hash Between Any Number of Computers
- Implementing a Distributed Queue
- Creating a Shared Whiteboard
- Securing DRb Services with Access Control Lists
- Automatically Discovering DRb Services with Rinda
- Proxying Objects That Cant Be Distributed
- Storing Data on Distributed RAM with MemCached
- Caching Expensive Results with MemCached
- A Remote-Controlled Jukebox
Testing, Debugging, Optimizing, and Documenting
- Testing, Debugging, Optimizing, and Documenting
- Running Code Only in Debug Mode
- Raising an Exception
- Handling an Exception
- Rerunning After an Exception
- Adding Logging to Your Application
- Creating and Understanding Tracebacks
- Writing Unit Tests
- Running Unit Tests
- Testing Code That Uses External Resources
- Using breakpoint to Inspect and Change the State of Your Application
- Documenting Your Application
- Profiling Your Application
- Benchmarking Competing Solutions
- Running Multiple Analysis Tools at Once
- Who s Calling That Method? A Call Graph Analyzer
Packaging and Distributing Software
- Packaging and Distributing Software
- Finding Libraries by Querying Gem Respositories
- Installing and Using a Gem
- Requiring a Specific Version of a Gem
- Uninstalling a Gem
- Reading Documentation for Installed Gems
- Packaging Your Code as a Gem
- Distributing Your Gems
- Installing and Creating Standalone Packages with setup.rb
Automating Tasks with Rake
- Automating Tasks with Rake
- Automatically Running Unit Tests
- Automatically Generating Documentation
- Cleaning Up Generated Files
- Automatically Building a Gem
- Gathering Statistics About Your Code
- Publishing Your Documentation
- Running Multiple Tasks in Parallel
- A Generic Project Rakefile
Multitasking and Multithreading
- Multitasking and Multithreading
- Running a Daemon Process on Unix
- Creating a Windows Service
- Doing Two Things at Once with Threads
- Synchronizing Access to an Object
- Terminating a Thread
- Running a Code Block on Many Objects Simultaneously
- Limiting Multithreading with a Thread Pool
- Driving an External Process with popen
- Capturing the Output and Error Streams from a Unix Shell Command
- Controlling a Process on Another Machine
- Avoiding Deadlock
User Interface
- User Interface
- Getting Input One Line at a Time
- Getting Input One Character at a Time
- Parsing Command-Line Arguments
- Testing Whether a Program Is Running Interactively
- Setting Up and Tearing Down a Curses Program
- Clearing the Screen
- Determining Terminal Size
- Changing Text Color
- Reading a Password
- Allowing Input Editing with Readline
- Making Your Keyboard Lights Blink
- Creating a GUI Application with Tk
- Creating a GUI Application with wxRuby
- Creating a GUI Application with Ruby/GTK
- Creating a Mac OS X Application with RubyCocoa
- Using AppleScript to Get User Input
Extending Ruby with Other Languages
- Extending Ruby with Other Languages
- Writing a C Extension for Ruby
- Using a C Library from Ruby
- Calling a C Library Through SWIG
- Writing Inline C in Your Ruby Code
- Using Java Libraries with JRuby
System Administration
- System Administration
- Scripting an External Program
- Managing Windows Services
- Running Code as Another User
- Running Periodic Tasks Without cron or at
- Deleting Files That Match a Regular Expression
- Renaming Files in Bulk
- Finding Duplicate Files
- Automating Backups
- Normalizing Ownership and Permissions in User Directories
- Killing All Processes for a Given User
Ruby Cookbook (Cookbooks (OReilly))
ISBN: 0596523696
EAN: 2147483647
EAN: 2147483647
Year: N/A
Pages: 399
Pages: 399
Authors: Lucas Carlson, Leonard Richardson
