We're going to make a Rails app that covers a simple authentication flow: users can create accounts, log in, and log out.
Our app has three pages:
- A signup page, where the user enters their username (as
name
), password, and password confirmation. - A login page, where the user submits their username (as
name
) and password and are then logged in. - A user homepage, which says, "Hi, #{name}."
We're not covering validations in this lab, so don't worry about those. (Password validations are hard to get right anyway; it's surprisingly easy to produce rules which decrease password security rather than enhance it.)
Users should not be able to log in if they enter an incorrect password. Just redirect them back to the login page. If you want to present an error, you can either return an HTTP error from the controller and catch it with Javascript, or set a flash
.
-
Create a User model and migrations.
-
Create a Users controller. It should respond to
new
with the signup form, and respond tocreate
by creating a new user. -
Create a Sessions controller and the appropriate actions.
-
Create a user homepage. You can either create a controller for it (a
WelcomeController
is a reasonable thing that you'll see frequently), or you can make it an action in the User's controller.
Happy coding.