How to Create Users

[Master Class] [Designer and Developer Workflow] [Creating the User Model] 0:00 So, we've decided to go with Authlogic for 0:05 handling our authentication in our application. 0:08 Now, if you're learning this for the first time, it can be a little bit confusing. 0:11 The main GitHub repository has a read me in it, 0:14 which gives a good overview of how it works. 0:17 However, the main sort of tutorial and a lot of the documentation 0:20 is lying within some of these links. 0:24 One of the best ones to look at while you're working is this live example 0:26 with tutorial in the read me, 0:30 and this is a basic example of Authlogic implemented in an app, 0:33 but it also has a read me with a great step by step tutorial 0:36 on how to set up your authentication system. 0:41 Now, some of the steps here are a little bit out of date in how we generate things, 0:43 but one of the tables that we'll be using is this piece of information right here, 0:48 which defines some of the behavior that can be implemented simply by adding 0:52 fields to our user model. 0:56 So, let's just get right to it. 0:59 I'm going to open up our code, so I'm just going to jump into our code, 1:02 and the first thing I want to do is add Authlogic as a gem in our application. 1:05 So, we'll open up our gem file. 1:10 Here we can see the gems that we're currently using, 1:14 and we'll just add another gem for Authlogic. 1:17 Then to install we'll go into our terminal here and just do bundle install. 1:20 So, we can check to see if Authlogic is installed by typing "rails generate." 1:34 Now we can see that Authlogic has installed a generator called "authlogic session." 1:42 And we'll be using this in a little bit, but we can see that it is now part of our project. 1:47 So, now we have to figure out what it is we're authenticating. 1:52 Authlogic is built in such a way that we could actually have multiple sort of channels 1:55 of authentication built into our system. 2:00 For instance, we could authenticate users or we could authenticate admins 2:02 or authenticate really any other type of model that we want to have, 2:07 it's just going to be the step of creating a different session 2:10 for each type of authentication we want to create. 2:14 In our application, we're just creating authentication for users, 2:17 so the steps that we need to take are first to define our model of users, 2:20 which is going to be a typical Rails model, and we'll want to use a basic scaffolding setup 2:25 because we'll want to create users like registering, 2:30 and then manage users from the back end, so we'll use a normal Rails scaffold to create that. 2:33 And then we'll use the Authlogic generator to create a session for users. 2:38 We'll call it a user session, and the user session is what is used 2:42 to log in and log out, and we'll see how that works in a moment. 2:46 So first, let's go ahead and define our user. 2:50 We're going to do this in the normal Rails fashion of creating a scaffold, 2:52 so we'll do "rails generate scaffold user," 2:55 and then we can go ahead and define what makes up a user. 3:05 So basically, a user will be identified by an email, which is a string, 3:08 and will have a name field, which will just be another string field, 3:14 and that's all we're going to use. 3:18 The reason I'm not going to list off everything right here is because we'll actually 3:21 go into the migration and add the fields that we want to add before we actually migrate it. 3:24 The email and name is really here for generating the default views 3:30 just so that in the list view we'll see an email and name, and in the forms 3:34 there will be a name and email field, but there's still work 3:39 we're going to have to do in the actual views. 3:41 For instance, in our registration or editing fields we'll have to add things like password 3:44 and password confirmation, but we'll do that manually instead of relying on our scaffold. 3:49 So, let's go ahead and generate this. 3:55 So, we've generated our user. 3:59 We haven't migrated it into the database, 4:01 and that's good because we actually want to go into the migration file 4:04 and actually add some fields that are going to be used by Authlogic to 4:07 authenticate and keep some stats on our users. 4:11 So, we're going to flip over to our code, and the migration file is going to be in DB, migrate, 4:15 and it's probably going to be the last one down. 4:23 It's based on a date stamp, and right now it's a little bit difficult to see, 4:25 but you can see it's ultimately called "createusers.rb," 4:29 and that date stamp is going to be different when you create it yourself. 4:33 So, here we can see the migration. 4:38 Basically, we're creating a table called "users," and it has a string field called "email" 4:40 and a string field called "name." 4:45 It also defines that the default time stamps that Rails provides should be added. 4:48 That is, created at and updated at which are two fields that are populated 4:52 when the user is created and when any updates happen to that field. 4:58 So, I'm going to do a couple of different things here. 5:03 First, I'm going to define that email, we should not allow it to be null. 5:05 So, we'll say null is false, 5:09 and I want to do the same thing for name as well. 5:14 I want to make sure that that's filled in. 5:16 We'll also add information in the user model to make sure it's validated, 5:18 but for the database as well we want to make sure that 5:23 there's no accidental insertions of null values here. 5:25 Now, it's at this point that that example projects documentation comes in handy. 5:30 So, if we flip over to our browser and we take a look at the database fields here, 5:35 we can see that there are a few that we're going to definitely want to add, 5:39 and a few magic columns that track some different stats about our users. 5:43 Now, we're not going to use log in because we're going to log in with email addresses 5:48 so we're not going to be adding this field. 5:51 We have our email here, so that's already done. 5:53 And the next field we want to add is crypted password, 5:57 and crypted password is actually where we're going to be storing our password 6:00 for our users, but instead of storing the password in plain text, 6:05 what Authlogic will do is it will hash the password or encrypt it 6:09 so that it can be safely stored in the database, and when somebody logs in, 6:13 they will do the same operation to the password that they're submitting 6:17 and then compare the crypted password versus the crypted submitted password. 6:21 Now, all this is done transparently, but this is the good practice 6:26 you want to use when creating a system. 6:29 You definitely never want to store a plain text password. 6:32 In the next field below it, the password salt is another protection for the password. 6:35 The algorithms to create the crypted password are pretty solid. 6:40 However, people have created tables of common passwords 6:44 to their encrypted equivalents. 6:48 So, what the salt is is it's a little bit of random information 6:50 that makes sure that the crypted password is different then if you were to have 6:53 just encrypted the password itself. 6:57 So, combining the salt and the password together, then encrypting it 7:00 will result in a completely different result, which will make it harder for an attacker 7:03 who has the crypted password to figure out what the original password is. 7:08 Again, all of this is handled by Authlogic, so you don't have to worry about 7:12 doing any of the algorithms. 7:15 All we need to do is add the crypted password and password salt field. 7:17 So, we can actually just copy that. 7:22 And let's just add it in there. 7:25 And I'm going to go ahead and just remove those comments. 7:28 So now, we're going to be using a password-based authentication system. 7:32 Let's take a look at some of the other columns. 7:36 Now, the persistence token is something that is required. 7:39 Basically, this token is what is going to be stored in the cookie for the user 7:43 saying which user is logged in. 7:48 Basically, when somebody logs in with their user name and password, 7:50 a persistence token will be generated and will be stored 7:53 under that user's database row and that token will also appear in their cookie, 7:57 and so whenever somebody requests, they'll send their persistence token 8:02 and Rails will be able to figure out which user is requesting this. 8:06 Now, we use a persistence token instead of something like a user id 8:10 because that persistence token will be something that the user 8:15 could change on their end, and we don't want to make it simply an id 8:18 that they could change and be logged in as somebody else. 8:22 So, having a persistence token is what we're going to need, 8:27 and it's required in order to be able to stay logged in. 8:30 So, the next field we'll add is our persistence token. 8:33 So, then there are fields called single acess token and perishable token 8:39 which are different ways that we can log in, giving them a token in order to, for instance, 8:43 change their password or a simple way to log in once. 8:48 We can add these in, there's no problem for doing that. 8:53 And I'm going to add them in, though I don't know for sure if I'm going to end up using them. 8:56 But simply by adding them in we add the functionality in order to utilize them. 9:02 So, then we have some magic columns, and these are columns a lot like 9:09 the created at and updated at fields where if they exist in the database, 9:13 Rails or in this case Authlogic will populate them with information that you want. 9:17 So, if we have an integer field called log in count, it will update that log in count 9:23 every time that they log in as well as the failed log in count, 9:27 and it will save the last time that the user made a request. 9:31 We can also save the time that they currently logged in and the last time they logged in 9:35 as well as the current log in IP and last log in IP. 9:40 So, for instance, if you wanted to show the user the IP they're logged into 9:43 versus their last log in IP in order to perhaps tell them that they were accessed 9:47 from a weird IP across the world, you could use these fields. 9:52 And these are also just useful for your own information. 9:56 So, what I'm going to do is just add all of these columns because I want to have 10:00 all that information for me. 10:03 There's no harm in not having them, but they're sort of free, 10:06 so let's go ahead and just add them in. 10:09 So now, our user field has our email, name, which are really public information 10:15 about the user and what we're going to be editing, and it also has our crypted password 10:21 and password salt which manage the actual password and storing it safely, 10:25 and the persistence token which is what actually keeps somebody logged in. 10:30 Then we have some nice fields like single access token and perishable token, 10:34 which allow us to enable the user to access their account 10:37 in different ways using these tokens. 10:40 And then we have our extra magic information that we can use for our own data mining 10:43 or even giving more information to the user. 10:48 So, now that we have our migration all configured, let's go ahead 10:51 and run our database migration by running "rake db:migrate." 10:54 And this just saw our new migration for creating users, 11:03 and now we have our table of users and based on this and the scaffold we've generated, 11:06 we should actually be able to go to our application of Easy Jobs, 11:12 switch out jobs and go to /users and we can see our listing of users, 11:17 and this is the default scaffolding, so there's no real style applied to it. 11:23 So, if we clicked on "new user" we could add a new user. 11:27 However, right now it's just an email and a name and no password or anything, 11:31 so the next step is to update this new form to take a password and a password confirmation 11:36 so we can actually create the user with their password. 11:42