Bummer! This is just a preview. You need to be signed in with a Pro account to view the entire video.
How to Choose Libraries for Authentication4:21 with Jim Hoskins
[Master Class] [Designer and Developer Workflow] [Choosing Libraries] 0:00 So, now I have the latest and greatest version of Easy Jobs 0:05 with Nick's basic layout sort of set up right now. 0:08 There's still a lot more visual design to work on, but while he's working on that, 0:12 what I want to work on is adding some sort of authentication to our system. 0:16 Basically, right now, anybody can just go to the site, click "new job" and go back. 0:21 They could edit any job that's already there, 0:26 and that's not really what we want, obviously. 0:29 So, what we need to do is have a way that people can sign up for Easy Jobs 0:32 in order to post jobs as well as edit and remove the jobs that they post. 0:35 So, that's actually two separate systems that we need to handle. 0:41 The first is authentication, and authentication is just handling the ability to authenticate 0:44 or prove who someone is, so we're going to be able to register and then 0:50 they'll be able to sign in with maybe an email address and password. 0:54 But the second layer to that is authorization, and authorization is the system 0:58 that defines what a person who is logged in can or cannot do. 1:02 For instance, somebody who's logged in could create a new job 1:06 or edit any job that belongs to them, 1:10 but they shouldn't be able to delete another job that they didn't create. 1:13 So, what we're going to work on first is the authentication system. 1:16 Now, there are a lot of different ways we could go to implement this. 1:20 We could pretty much create our own authentication system, 1:23 create a user, create some sort of system where they log in 1:26 and we could check their email address and password and then keep that in the system. 1:30 Now, there are a lot of different tools we could use for authentication in Rails, 1:34 and really in any category of thing that we may want to do there are a lot of prebuilt tools. 1:38 One site that I like to look at when trying to search for a prebuilt solution 1:43 is a site called "Ruby Toolbox" 1:47 and Ruby Toolbox is at ruby-toolbox.com, and what it does is it gathers and categorizes 1:51 a lot of open-source code into the different tasks and problems that it solves. 1:58 So, it's grouped into things like managing ActiveRecord encryption to 2:07 all sorts of different ActiveRecord plug-ins, APIs, backups, integration testing, 2:10 CSS frameworks, so many different things. 2:15 But what we're looking for is Ruby on Rails authentication. 2:18 So actually, down here we can see that there is a category called "Rails Authentication." 2:22 So, if we click on that we'll get a list of different tools that we could use 2:28 for handling Rails authentication. 2:31 Now, the way that the tools are organized on this page are by a score 2:34 that is calculated by the GitHub followers and GitHub forks. 2:38 So, it's sort of a popularity ranking. 2:42 So, right now, sort of the top three are devise, authlogic and restful authentication. 2:44 There are several more, and many of these are very quality options, 2:52 but the top ones are really devise and authlogic right now. 2:57 A while back, restful authentication really used to be the go-to solution, 3:01 and then authlogic really gained popularity, 3:05 and right now it seems that devise is really sort of taking the lead role. 3:08 I'm actually going to go with authlogic. 3:13 It's a tool I like. 3:15 It has about the right level of abstraction and flexibility, 3:17 but devise is a great choice that you could use too. 3:20 This is just my personal choice on this project. 3:23 So, we'll be going through how to set up an authlogic system 3:26 for managing our authentication. 3:29 Now, we can go to the code on the GitHub page and it's at binarylogic/authlogic, 3:33 and there's a little bit of documentation here giving you an overview of how it works. 3:39 Basically, we'll create our own user model, and what authologic does 3:43 is it uses the idea of a model called a "session," and to log in 3:48 we create a new session, and to log out we delete one. 3:53 And what authlogic provides is the logic for creating this sort of session, 3:57 and we can create a new one by passing it an email address and password, 4:02 and based on the configuration, it'll look for a user with matching credentials 4:07 and create a session based on that. 4:12 So, what we're going to do is basically go through the steps 4:15 of creating a basic authlogic system. 4:19
You need to sign up for Treehouse in order to download course files.Sign up