A quick question I asked ChatGPT-4:
Can you show me an example of user authentication for a Ruby on Rails 7 application?
Here was the response I got:
Sure, in this example I’ll show how to implement a basic user authentication in a Ruby on Rails 7 application using a simplified version of the “has_secure_password” mechanism, provided by Rails through the BCrypt gem.
The below steps assume you already have a Rails 7 application created. If you don’t, create a new one with the following command:
rails new my_app
Step 1: Add the bcrypt gem to your Gemfile. It is usually already there, uncommented.
gem 'bcrypt'
Step 2: Run the bundle command.
bundle install
Step 3: Generate the User model.
rails generate model User username:string password_digest:string
Step 4: Migrate the database.
rails db:migrate
Step 5: Add has_secure_password to the User model. This is the line that will give our User model authentication methods via bcrypt.
# app/models/user.rb
class User < ApplicationRecord
has_secure_password
end
This macro adds methods to set and authenticate against a BCrypt password. This mechanism requires a password_digest attribute.
Step 6: Create the Signup form.
<!-- app/views/users/new.html.erb -->
<h1>Signup</h1>
<%= form_for @user do |f| %>
<%= f.label :username %>
<%= f.text_field :username %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.submit "Sign up" %>
<% end %>
Step 7: Add Signup method to UsersController.
# app/controllers/users_controller.rb
class UsersController < ApplicationController
def new
@user = User.new
end
def create
@user = User.new(user_params)
if @user.save
session[:user_id] = @user.id
redirect_to '/welcome'
else
redirect_to '/signup'
end
end
private
def user_params
params.require(:user).permit(:username, :password)
end
end
Step 8: Setup the routing for signup.
# config/routes.rb
Rails.application.routes.draw do
get 'signup', to: 'users#new'
post 'signup', to: 'users#create'
end
Step 9: Create a Welcome controller and view.
rails generate controller Welcome index
Update the welcome/index.html.erb file:
<!-- app/views/welcome/index.html.erb -->
<h1>Welcome, <%= @current_user.username %></h1>
Update welcome_controller.rb:
# app/controllers/welcome_controller.rb
class WelcomeController < ApplicationController
before_action :set_current_user
def index
end
private
def set_current_user
@current_user = User.find(session[:user_id])
end
end
And add the corresponding route:
# config/routes.rb
Rails.application.routes.draw do
get 'signup', to: 'users#new'
post 'signup', to: 'users#create'
get 'welcome', to: 'welcome#index'
end
This is a very simple setup without much error handling or feedback for the user, but it illustrates the core of how a basic authentication system could be implemented in Rails. In a production application, additional measures such as validations, encryption, token generation, expiration, etc. should be considered.