Ruby On Rails Classroom image

Anil  Bist / Professional / Web Technology

 
To post your Question Join Classroom
 
Lesson Topics's No:-  ||
Lessons:-User Has Secure Password

 User Has Secure Password

In previous versions of Rails, adding a secure password was difficult and time-consuming, as seen in the Rails 3.0 version of the Rails Tutorial, 16 which covers the creation of an authentication system from scratch. But web developers’ understanding of how best to authenticate users has matured enough that it now comes bundled with the latest version of Rails. As a result, we’ll complete the implementation of secure passwords (and get to a green test suite) using only a few lines of code. First, we need to make the password and password_confirmation columns accessible (Section 6.1.2) so that we can instantiate new users with an initialization hash:

 

@user  =  User  .new  ( name:   "Example User",  email:    "user@example.com",
                  password:   "foobar",   password   confirmation:    "foobar")

 

Following the model in Listing 6.6, we do this by adding the appropriate symbols to the list of accessible attributes: 

attr   accessible   :name,  :email,  :password,  :password  confirmation

 

 Second, we need presence and length validations for the password, the latter of which uses the :minimum key in analogy with the :maximum key from Listing 6.15:

validates  :password,  presence:  true,  length:  {  minimum:  6  }

 

Next, we need to add password and password_confirmation attributes, require the presence of the password, require that they match, and add an authenticate method to compare an encrypted password to the password_digest to authenticate users. This is the only nontrivial step, and in the latest version of Rails all these features come for free with one method, has_secure_password:

has  -secure -password

 

As long as there is a password_digest column in the database, adding this one method to our model gives us a secure way to create and authenticate new users. (If has_secure_password seems a bit too magical for your taste, I suggest taking a look at the source code for secure password.rb, which is well-documented and quite readable. You’ll see that, among other things, it automatically includes a validation for the password_digest attribute. In Chapter 7, we’ll see that this is a mixed blessing.)  

         Finally, we need a presence validation for the password confirmation:

validates  :password  confirmation,  presence:  true

 

Putting these three elements together yields the User model shown in Listing 6.30, which completes the implementation of secure passwords.  

 

You should confirm at this point that the test suite passes:

bundle  exec  rspec  spec/

 

 
 
 
image
Anil  Bist

Skills    Ruby On Rails

Qualifications :- High School - SLV, College/University - Graphic Era Deemed Univ University,
Location :-Dehradun,Dehradun,Uttarakhand,India
Description:-

I started my Professional Journey in 2006 with one of the Web Development Company in Bangalore and my 1st framework was "Ruby on Rail" as Web development and delivered around 5+ Projects using this platform. Then came another dimension as JEE/Sturst framework, Gradually I realized that I want to build something on my own and give my passion and energy on creating something different a
Explore

 

  Students (0)