Form
- The destination url
- Whether the data is associated with a model
- The field names
- The field input types
- The display name of fields
With URL:
<%= form_with url: '/login' do |form| %>
<%= form.label :email %>
<%= form.text_field :email %>
<%= form.submit %>
<% end %>
With model:
<%= form_with model: @user do |form| %>
<%= form.label :email %>
<%= form.text_field :email %>
<%= form.submit %>
<% end %>
form_with models
are database critical
Certain fields need to be explicitly whitelisting
params.require(:post).permit(:title, :content)
Designing forms
- Is the form associeated with DB insertion/update?
- If yes, form_with model
- If not, form_with url
- What end point does the form
POST
to?- define the route in route.rb
- What data need (field name, type, label)
Authentication
Session: on server, hash data structure
Cookie: on browser, pass session_ids to session
log in
obtain a cookie
and create a session
log out
ask server to remove cookie-session
pair
session[:last_search] = "Who am I?"
session[:user] = @user
reset_session
Implementing log in
Create SessionsController
new
method: render a login formcreate
method- Check if valid login credentials were applied
- assign
session[:user_id]
to user’s id
destroy
method: callreset_session
class SessionController < ApplicationController
def new
@user = User.new
end
def create
@user = User.find_by(email: params[:email])
if @user.password == params[:password]
session[:user_id] = @user.id
redirect_to @user
end
end
def destroy
reset_session
redirect_to @user
end
end
<%= form_with url: '/login' do |form| %>
<%= form.label :email %>
<%= form.text_field :email %>
<%= form.label :password %>
<%= form.text_field :password %>
<%= form.submit %>
<%= end %>
Helper methods
class ApplicationController < ActionController::Base
helper_method :logged_in?, :current_user
def logged_in?
session[:user_id]
end
def current_user
@current_user ||= User.find(session[:user_id]) if logged_in?
end
def authenticate_user
redirect_to login_path unless logged_in?
end
end
Personalizing view
<% if logged_in? %>
<h1> Welcome <%= current_user.name %> </h1>
<% else %>
<h1> Please Sign Up! </h1>
<% end %>
# in controller
before_action :authenticate_user
BCrypt
https://www.rubydoc.info/gems/bcrypt-ruby/3.1.5