How to Create a Simple Login System in Ruby on Rails
In this article, you will learn how to create a simple login system in Ruby on Rails.
Creating a simple login system
Creating a simple login system in Ruby on Rails involves the following steps:
Generate a new Rails application
To create a new Rails application, open a terminal window and type the following command:
rails new myapp
This will create a new Rails application in a directory named myapp.
Create a User model
To create a User model, open a terminal window and type the following command:
rails generate model User email:string password_digest:string
This will create a User model with two attributes: email and password_digest. The password_digest attribute is used to store an encrypted version of the user’s password.
Migrate the database
To create the Users table in the database, run the following command:
Add the bcrypt gem
To use password encryption, add the bcrypt gem to your Gemfile:
gem 'bcrypt', '~> 3.1.7'
Then run bundle install to install the gem.
Add authentication to the User model
Add the following line to the User model (app/models/user.rb) to enable authentication using bcrypt:
class User < ApplicationRecord has_secure_password end
This will add two new methods to the User model: password and password_confirmation. When a user signs up or updates their password, these methods are used to generate and confirm the password.
Add a login form
Create a new view file for the login form (app/views/sessions/new.html.erb) with the following code:
<%= form_with url: login_path, local: true do |form| %> <%= form.label :email %> <%= form.email_field :email %> <%= form.label :password %> <%= form.password_field :password %> <%= form.submit "Log in" %> <% end %>
Add a login route
Add the following route to your config/routes.rb file to create a route for the login form:
get '/login', to: 'sessions#new' post '/login', to: 'sessions#create'
Create a Sessions controller
Create a new Sessions controller (app/controllers/sessions_controller.rb) with the following code:
class SessionsController < ApplicationController def new end def create user = User.find_by(email: params[:session][:email].downcase) if user && user.authenticate(params[:session][:password]) log_in user redirect_to user else flash.now[:danger] = 'Invalid email/password combination' render 'new' end end def destroy log_out redirect_to root_url end end
This code defines two actions: new (which displays the login form) and create (which logs the user in). The log_in and log_out methods are defined in a separate module (app/helpers/sessions_helper.rb) as follows:
module SessionsHelper def log_in(user) session[:user_id] = user.id end def current_user @current_user ||= User.find_by(id: session[:user_id]) end def logged_in? !current_user.nil? end def log_out session.delete(:user_id) @current_user = nil end end
These methods are used to set and clear the user_id session variable, which is used to keep track of the logged-in user.
Add a link to the login form
A link to the login form can be added to any view by using the link_to method with the appropriate URL. For example, <%= link_to 'Log in', login_path %> will create a link to the login form.