Ruby On Rails Classroom image

Neha  Jaggi / Professional / Web Technology

To post your Question Join Classroom
Lesson Topics's No:-  ||
Lessons:-User Has Secure Password

 User Has Secure Password

In previous versions of Rails, adding a secure password was difficult and time-consuming, as seen in the Rails 3.0 version of the Rails Tutorial, 16 which covers the creation of an authentication system from scratch. But web developers’ understanding of how best to authenticate users has matured enough that it now comes bundled with the latest version of Rails. As a result, we’ll complete the implementation of secure passwords (and get to a green test suite) using only a few lines of code. First, we need to make the password and password_confirmation columns accessible (Section 6.1.2) so that we can instantiate new users with an initialization hash:


@user  =  User  .new  ( name:   "Example User",  email:    "",
                  password:   "foobar",   password   confirmation:    "foobar")


Following the model in Listing 6.6, we do this by adding the appropriate symbols to the list of accessible attributes: 

attr   accessible   :name,  :email,  :password,  :password  confirmation


 Second, we need presence and length validations for the password, the latter of which uses the :minimum key in analogy with the :maximum key from Listing 6.15:

validates  :password,  presence:  true,  length:  {  minimum:  6  }


Next, we need to add password and password_confirmation attributes, require the presence of the password, require that they match, and add an authenticate method to compare an encrypted password to the password_digest to authenticate users. This is the only nontrivial step, and in the latest version of Rails all these features come for free with one method, has_secure_password:

has  -secure -password


As long as there is a password_digest column in the database, adding this one method to our model gives us a secure way to create and authenticate new users. (If has_secure_password seems a bit too magical for your taste, I suggest taking a look at the source code for secure password.rb, which is well-documented and quite readable. You’ll see that, among other things, it automatically includes a validation for the password_digest attribute. In Chapter 7, we’ll see that this is a mixed blessing.)  

         Finally, we need a presence validation for the password confirmation:

validates  :password  confirmation,  presence:  true


Putting these three elements together yields the User model shown in Listing 6.30, which completes the implementation of secure passwords.  


You should confirm at this point that the test suite passes:

bundle  exec  rspec  spec/


Neha  Jaggi

Skills    Ruby On Rails

Qualifications :- High School - , College/University - Graphic Era Hill University, Dehradun, College/University - ,
Location :-Dehradun,Dehradun,UTTARAKHAND,India

Experienced Software Developer with a demonstrated history of working in the Information Technology and services industry. Skilled in Web Technologies (Ruby on Rails, PostgreSQL, php, Laravel and AJAX). 


  Students (0)