Bummer! This is just a preview. You need to be signed in with a Pro account to view the entire video.

Preview

Start a free Pro trial
to watch this video

Sign up for Treehouse

How to Create a Login with Passwords

5:20 with Jim Hoskins

In this video, we update our user editing form to include a password and password confirmation field and we create our first user. Download the Beginning of the Project or the Completed Project

  • 0:00

    [Master Class] [Designer and Developer Workflow] [Creating the User Form]

  • 0:05

    So now, we set up our new user scaffold and we can go back and see a list

  • 0:11

    and create a new user, but there's still a lot of work to be done

  • 0:14

    to turn this into a real authentication system.

  • 0:17

    For instance, we added a lot of interesting columns that authlogic will use,

  • 0:21

    however, our user model itself has not been set up to actually use those fields.

  • 0:27

    For instance, if we wanted to add the form for our users, and that's in app, views,

  • 0:35

    users, form, we have our email and name field.

  • 0:41

    And let's say we wanted to add a password field.

  • 0:49

    And we'll go ahead and say "password,"

  • 0:55

    and let's go ahead and make that a password field.

  • 1:00

    Now, we should get an error here when we create new user

  • 1:05

    because there's no method password, and that's because in our database

  • 1:08

    it's called "crypted password," and there's also a password salt.

  • 1:13

    So, when we actually set up our user to use the authlogic logic

  • 1:18

    it will actually create a password field that when it's submitted

  • 1:22

    will encrypt the password and store in the crypted password field.

  • 1:27

    Since we haven't said our user model is an authenticatable model,

  • 1:31

    these magic methods have not been added, so let's go ahead and do that.

  • 1:36

    To do that, it's pretty simple.

  • 1:38

    We're going to go to app, models, and open up our user model.

  • 1:44

    Now, the simplest way to set this up is to use a method called "acts_as_authentic."

  • 1:52

    Now, we can just do that, and if we want to add configuration we can pass a block to it

  • 1:57

    and pass it some configuration options, but so far, we don't need that quite yet.

  • 2:02

    So, let's just leave acts_as_authentic, and this will include all of the information

  • 2:06

    and all of the logic for handling all those magical methods,

  • 2:10

    handling password crypting and all sorts of other good stuff.

  • 2:15

    So, let's save this out and if we go back, you'll now see that password works

  • 2:20

    because as we added the acts_as_authentic, it gives us a password field.

  • 2:26

    Now, there's one more field we want to add, and that's the password confirmation.

  • 2:31

    Be default, if we try to type this in, let's go ahead and see what happens.

  • 2:35

    We'll say "jim@carsonified" and "Jim Hoskins."

  • 2:46

    We're going to get an error saying our password confirmation is too short,

  • 2:50

    and that's because by default, it requires a password confirmation field,

  • 2:55

    and this is just another magic method where we'll add a field called "password confirmation"

  • 2:59

    and during the validation process it will confirm that password

  • 3:03

    and password confirmation are the same.

  • 3:06

    So, that's pretty easy to fix, and I'm going to add this to our form

  • 3:10

    so when Nick starts designing this form he'll have the fields,

  • 3:13

    and he'll be able to lay them out and style them properly.

  • 3:18

    So, we can go ahead and say "confirmation."

  • 3:26

    Let's see if that gets us what we want.

  • 3:29

    So, we'll just go to /user/new and here we have our information again.

  • 3:34

    So, let's try that again.

  • 3:40

    And let's just give it the wrong password.

  • 3:43

    So now, we see that it's actually checking the two against each other,

  • 3:45

    and since I didn't give them the same password it's not going to validate,

  • 3:49

    and we can't register.

  • 3:51

    So, I'm just going to edit this to be a matching password,

  • 3:56

    and now we've created a user, or you could say that we've registered.

  • 4:01

    Now, if we actually wanted to see what our user looked like in the database

  • 4:04

    we could actually open up our Rails console,

  • 4:07

    and we could take a look at the information for our user.

  • 4:11

    So, what I'll do is we'll just say "puts user.first.to_yaml."

  • 4:21

    So, we're grabbing the first user out of the database and just

  • 4:24

    printing out the yaml version.

  • 4:27

    So, we can see it has the name of Jim Hoskins, and we have our single access token

  • 4:33

    which we don't need right now, and if go down here, we can see our crypted password,

  • 4:38

    and this is what's actually stored in the database for my password.

  • 4:41

    Now, to tell you my password that I used here was just the word password,

  • 4:45

    but when it encrypted it, it creates a very long string

  • 4:49

    that any time we try to log in using password, it should generate the same string,

  • 4:53

    and if they match, then log in should work, and this is the salt

  • 4:56

    that is added to my password before actually encrypting it.

  • 5:00

    Then you can see we have our other fields.

  • 5:02

    We have our current log in IP, anything with our log in is going to be zero

  • 5:05

    because we've never logged in before, but that just gives you

  • 5:08

    an idea of what it looks like in the database.

  • 5:11

    Instead of storing our plain text password, it actually went ahead and encrypted it.

  • 5:17

    So, we can go back, and we can see our list of users.

You need to sign up for Treehouse in order to download course files.

Sign up