How to Create a Simple Login System in Ruby on Rails

Contents
In this article, you will learn how to create a simple login system in Ruby on Rails.
Creating a simple login system
Creating a simple login system in Ruby on Rails involves the following steps:
Generate a new Rails application
To create a new Rails application, open a terminal window and type the following command:
rails new myapp
This will create a new Rails application in a directory named myapp.
Create a User model
To create a User model, open a terminal window and type the following command:
rails generate model User email:string password_digest:string
This will create a User model with two attributes: email and password_digest. The password_digest attribute is used to store an encrypted version of the user’s password.
Migrate the database
To create the Users table in the database, run the following command:
rails db:migrate
Add the bcrypt gem
To use password encryption, add the bcrypt gem to your Gemfile:
gem 'bcrypt', '~> 3.1.7'
Then run bundle install to install the gem.
Add authentication to the User model
Add the following line to the User model (app/models/user.rb) to enable authentication using bcrypt:
class User < ApplicationRecord
has_secure_password
end
This will add two new methods to the User model: password and password_confirmation. When a user signs up or updates their password, these methods are used to generate and confirm the password.
Add a login form
Create a new view file for the login form (app/views/sessions/new.html.erb) with the following code:
<%= form_with url: login_path, local: true do |form| %>
<%= form.label :email %>
<%= form.email_field :email %>
<%= form.label :password %>
<%= form.password_field :password %>
<%= form.submit "Log in" %>
<% end %>
Add a login route
Add the following route to your config/routes.rb file to create a route for the login form:
get '/login', to: 'sessions#new'
post '/login', to: 'sessions#create'
Create a Sessions controller
Create a new Sessions controller (app/controllers/sessions_controller.rb) with the following code:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
log_in user
redirect_to user
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
log_out
redirect_to root_url
end
end
This code defines two actions: new (which displays the login form) and create (which logs the user in). The log_in and log_out methods are defined in a separate module (app/helpers/sessions_helper.rb) as follows:
module SessionsHelper
def log_in(user)
session[:user_id] = user.id
end
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def logged_in?
!current_user.nil?
end
def log_out
session.delete(:user_id)
@current_user = nil
end
end
These methods are used to set and clear the user_id session variable, which is used to keep track of the logged-in user.
Add a link to the login form
A link to the login form can be added to any view by using the link_to method with the appropriate URL. For example, <%= link_to 'Log in', login_path %> will create a link to the login form.