RailsCasts Pro episodes are now free!

Learn more or hide this

Authlogic

#160 Authlogic

May 04, 2009 | 14 minutes | Plugins, Authentication
Authentication can get very complex. In this episode I show how Authlogic can handle this complexity while you stay in control of how it is presented to the user.
Click to Play Video ▶
  • Download:
  • source codeProject Files in Zip (97.4 KB)
  • mp4Full Size H.264 Video (22.8 MB)
  • m4vSmaller H.264 Video (15.2 MB)
  • webmFull Size VP8 Video (42.7 MB)
  • ogvFull Size Theora Video (34.4 MB)
Browse_code Browse Source Code

Resources

Note: Don't forget to specify "password" in the filter_parameter_logging line in your ApplicationController. Otherwise the password will be stored as plain text in the log file.

bash 
sudo rake gems:install
script/generate nifty_scaffold user username:string email:string password:string new edit
rake db:migrate
script/generate session user_session
script/generate nifty_scaffold user_session --skip-model username:string password:string new destroy
config/environment.rb 
config.gem "authlogic"
models/user.rb 
acts_as_authentic
users_controller.rb 
def create
  @user = User.new(params[:user])
  if @user.save
    flash[:notice] = "Registration successful."
    redirect_to root_url
  else
    render :action => 'new'
  end
end

def edit
  @user = current_user
end

def update
  @user = current_user
  if @user.update_attributes(params[:user])
    flash[:notice] = "Successfully updated profile."
    redirect_to root_url
  else
    render :action => 'edit'
  end
end
user_sessions_controller.rb 
def create
  @user_session = UserSession.new(params[:user_session])
  if @user_session.save
    flash[:notice] = "Successfully logged in."
    redirect_to root_url
  else
    render :action => 'new'
  end
end

def destroy
  @user_session = UserSession.find
  @user_session.destroy
  flash[:notice] = "Successfully logged out."
  redirect_to root_url
end
application_controller.rb 
filter_parameter_logging :password

helper_method :current_user

private

def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session = UserSession.find
end

def current_user
  return @current_user if defined?(@current_user)
  @current_user = current_user_session && current_user_session.record
end
config/routes.rb 
map.login "login", :controller => "user_sessions", :action => "new"
map.logout "logout", :controller => "user_sessions", :action => "destroy"
layouts/application.html.erb 
<div id="user_nav">
  <% if current_user %>
    <%= link_to "Edit Profile", edit_user_path(:current) %> |
    <%= link_to "Logout", logout_path %>
  <% else %>
    <%= link_to "Register", new_user_path %> |
    <%= link_to "Login", login_path %>
  <% end %>
</div>
user_sessions/new.html.erb 
<% title "Login" %>

<% form_for @user_session do |f| %>
  <%= f.error_messages %>
  <p>
    <%= f.label :username %><br />
    <%= f.text_field :username %>
  </p>
  <p>
    <%= f.label :password %><br />
    <%= f.password_field :password %>
  </p>
  <p><%= f.submit "Submit" %></p>
<% end %>
users/_form.html.erb 
<% form_for @user do |f| %>
  <%= f.error_messages %>
  <p>
    <%= f.label :username %><br />
    <%= f.text_field :username %>
  </p>
  <p>
    <%= f.label :email %><br />
    <%= f.text_field :email %>
  </p>
  <p>
    <%= f.label :password %><br />
    <%= f.password_field :password %>
  </p>
  <p>
    <%= f.label :password_confirmation %><br />
    <%= f.password_field :password_confirmation %>
  </p>
  <p><%= f.submit "Submit" %></p>
<% end %>
application.css 
#user_nav {
  float: right;
  font-size: 12px;
}