Simple User Authentication for Ruby on Rails 7

ChatGPT-4 Screenshot question about Rails 7 user authentication

A quick question I asked ChatGPT-4:
Can you show me an example of user authentication for a Ruby on Rails 7 application?

Here was the response I got:

Sure, in this example I’ll show how to implement a basic user authentication in a Ruby on Rails 7 application using a simplified version of the “has_secure_password” mechanism, provided by Rails through the BCrypt gem.

The below steps assume you already have a Rails 7 application created. If you don’t, create a new one with the following command:

rails new my_app

Step 1: Add the bcrypt gem to your Gemfile. It is usually already there, uncommented.

gem 'bcrypt'

Step 2: Run the bundle command.

bundle install

Step 3: Generate the User model.

rails generate model User username:string password_digest:string

Step 4: Migrate the database.

rails db:migrate

Step 5: Add has_secure_password to the User model. This is the line that will give our User model authentication methods via bcrypt.

# app/models/user.rb

class User < ApplicationRecord
  has_secure_password
end

This macro adds methods to set and authenticate against a BCrypt password. This mechanism requires a password_digest attribute.

Step 6: Create the Signup form.

<!-- app/views/users/new.html.erb -->

<h1>Signup</h1>

<%= form_for @user do |f| %>
  <%= f.label :username %>
  <%= f.text_field :username %>

  <%= f.label :password %>
  <%= f.password_field :password %>

  <%= f.submit "Sign up" %>
<% end %>

Step 7: Add Signup method to UsersController.

# app/controllers/users_controller.rb

class UsersController < ApplicationController
  def new
    @user = User.new
  end

  def create
    @user = User.new(user_params)
    if @user.save
      session[:user_id] = @user.id
      redirect_to '/welcome'
    else
      redirect_to '/signup'
    end
  end

  private

  def user_params
    params.require(:user).permit(:username, :password)
  end
end

Step 8: Setup the routing for signup.

# config/routes.rb

Rails.application.routes.draw do
  get 'signup', to: 'users#new'
  post 'signup', to: 'users#create'
end

Step 9: Create a Welcome controller and view.

rails generate controller Welcome index

Update the welcome/index.html.erb file:

<!-- app/views/welcome/index.html.erb -->

<h1>Welcome, <%= @current_user.username %></h1>

Update welcome_controller.rb:

# app/controllers/welcome_controller.rb

class WelcomeController < ApplicationController
  before_action :set_current_user

  def index
  end

  private

  def set_current_user
    @current_user = User.find(session[:user_id])
  end
end

And add the corresponding route:

# config/routes.rb

Rails.application.routes.draw do
  get 'signup', to: 'users#new'
  post 'signup', to: 'users#create'

  get 'welcome', to: 'welcome#index'
end

This is a very simple setup without much error handling or feedback for the user, but it illustrates the core of how a basic authentication system could be implemented in Rails. In a production application, additional measures such as validations, encryption, token generation, expiration, etc. should be considered.