How to Create a Login with Passwords

[Master Class] [Designer and Developer Workflow] [Creating the User Form] 0:00 So now, we set up our new user scaffold and we can go back and see a list 0:05 and create a new user, but there's still a lot of work to be done 0:11 to turn this into a real authentication system. 0:14 For instance, we added a lot of interesting columns that authlogic will use, 0:17 however, our user model itself has not been set up to actually use those fields. 0:21 For instance, if we wanted to add the form for our users, and that's in app, views, 0:27 users, form, we have our email and name field. 0:35 And let's say we wanted to add a password field. 0:41 And we'll go ahead and say "password," 0:49 and let's go ahead and make that a password field. 0:55 Now, we should get an error here when we create new user 1:00 because there's no method password, and that's because in our database 1:05 it's called "crypted password," and there's also a password salt. 1:08 So, when we actually set up our user to use the authlogic logic 1:13 it will actually create a password field that when it's submitted 1:18 will encrypt the password and store in the crypted password field. 1:22 Since we haven't said our user model is an authenticatable model, 1:27 these magic methods have not been added, so let's go ahead and do that. 1:31 To do that, it's pretty simple. 1:36 We're going to go to app, models, and open up our user model. 1:38 Now, the simplest way to set this up is to use a method called "acts_as_authentic." 1:44 Now, we can just do that, and if we want to add configuration we can pass a block to it 1:52 and pass it some configuration options, but so far, we don't need that quite yet. 1:57 So, let's just leave acts_as_authentic, and this will include all of the information 2:02 and all of the logic for handling all those magical methods, 2:06 handling password crypting and all sorts of other good stuff. 2:10 So, let's save this out and if we go back, you'll now see that password works 2:15 because as we added the acts_as_authentic, it gives us a password field. 2:20 Now, there's one more field we want to add, and that's the password confirmation. 2:26 Be default, if we try to type this in, let's go ahead and see what happens. 2:31 We'll say "jim@carsonified" and "Jim Hoskins." 2:35 We're going to get an error saying our password confirmation is too short, 2:46 and that's because by default, it requires a password confirmation field, 2:50 and this is just another magic method where we'll add a field called "password confirmation" 2:55 and during the validation process it will confirm that password 2:59 and password confirmation are the same. 3:03 So, that's pretty easy to fix, and I'm going to add this to our form 3:06 so when Nick starts designing this form he'll have the fields, 3:10 and he'll be able to lay them out and style them properly. 3:13 So, we can go ahead and say "confirmation." 3:18 Let's see if that gets us what we want. 3:26 So, we'll just go to /user/new and here we have our information again. 3:29 So, let's try that again. 3:34 And let's just give it the wrong password. 3:40 So now, we see that it's actually checking the two against each other, 3:43 and since I didn't give them the same password it's not going to validate, 3:45 and we can't register. 3:49 So, I'm just going to edit this to be a matching password, 3:51 and now we've created a user, or you could say that we've registered. 3:56 Now, if we actually wanted to see what our user looked like in the database 4:01 we could actually open up our Rails console, 4:04 and we could take a look at the information for our user. 4:07 So, what I'll do is we'll just say "puts user.first.to_yaml." 4:11 So, we're grabbing the first user out of the database and just 4:21 printing out the yaml version. 4:24 So, we can see it has the name of Jim Hoskins, and we have our single access token 4:27 which we don't need right now, and if go down here, we can see our crypted password, 4:33 and this is what's actually stored in the database for my password. 4:38 Now, to tell you my password that I used here was just the word password, 4:41 but when it encrypted it, it creates a very long string 4:45 that any time we try to log in using password, it should generate the same string, 4:49 and if they match, then log in should work, and this is the salt 4:53 that is added to my password before actually encrypting it. 4:56 Then you can see we have our other fields. 5:00 We have our current log in IP, anything with our log in is going to be zero 5:02 because we've never logged in before, but that just gives you 5:05 an idea of what it looks like in the database. 5:08 Instead of storing our plain text password, it actually went ahead and encrypted it. 5:11 So, we can go back, and we can see our list of users. 5:17