RailsCasts Pro episodes are now free!

Learn more or hide this

Authentication with Sorcery

#283 Authentication with Sorcery

Sep 12, 2011 | 10 minutes | Plugins, Authentication
Sorcery is a full-featured, modular solution to authentication which leaves the controller and view layers up to you.
Click to Play Video ▶
  • Download:
  • source codeProject Files in Zip (94.3 KB)
  • mp4Full Size H.264 Video (24.6 MB)
  • m4vSmaller H.264 Video (12.8 MB)
  • webmFull Size VP8 Video (16 MB)
  • ogvFull Size Theora Video (30.1 MB)
Browse_code Browse Source Code

Resources

Update: Changed the rake sorcery:bootstrap command to rails g sorcery:install.

bash 
  bundle
  rails g sorcery:install core remember_me # used to be rake sorcery:bootstrap
  rails g model user --skip-migration
  rake db:migrate
  rails g controller users new
  rails g controller sessions new
Gemfile 
gem 'sorcery'
config/initializers/sorcery.rb 
Rails.application.config.sorcery.submodules = [:remember_me]

# . . .

    user.username_attribute_name = :email
models/user.rb 
class User < ActiveRecord::Base
  authenticates_with_sorcery!
  
  attr_accessible :email, :password, :password_confirmation

  validates_confirmation_of :password
  validates_presence_of :password, :on => :create
  validates_presence_of :email
  validates_uniqueness_of :email
end
users_controller.rb 
def new
  @user = User.new
end

def create
  @user = User.new(params[:user])
  if @user.save
    redirect_to root_url, :notice => "Signed up!"
  else
    render :new
  end
end
views/users/new.html.erb 
<%= form_for @user do |f| %>
  <% if @user.errors.any? %>
    <div class="error_messages">
      <h2>Form is invalid</h2>
      <ul>
        <% for message in @user.errors.full_messages %>
          <li><%= message %></li>
        <% end %>
      </ul>
    </div>
  <% end %>
  <div class="field">
    <%= f.label :email %>
    <%= f.text_field :email %>
  </div>
  <div class="field">
    <%= f.label :password %>
    <%= f.password_field :password %>
  </div>
  <div class="field">
    <%= f.label :password_confirmation %>
    <%= f.password_field :password_confirmation %>
  </div>
  <div class="actions"><%= f.submit %></div>
<% end %>
sessions_controller.rb 
def create
  user = login(params[:email], params[:password], params[:remember_me])
  if user
    redirect_back_or_to root_url, :notice => "Logged in!"
  else
    flash.now.alert = "Email or password was invalid"
    render :new
  end
end

def destroy
  logout
  redirect_to root_url, :notice => "Logged out!"
end
views/sessions/new.html.erb 
<%= form_tag sessions_path do %>
  <div class="field">
    <%= label_tag :email %>
    <%= text_field_tag :email, params[:email] %>
  </div>
  <div class="field">
    <%= label_tag :password %>
    <%= password_field_tag :password %>
  </div>
  <div class="field">
    <%= check_box_tag :remember_me, 1, params[:remember_me] %>
    <%= label_tag :remember_me %>
  </div>
  <div class="actions"><%= submit_tag "Log in" %></div>
<% end %>
config/routes.rb 
get "logout" => "sessions#destroy", :as => "logout"
get "login" => "sessions#new", :as => "login"
get "signup" => "users#new", :as => "signup"
resources :users
resources :sessions
home_controller.rb 
before_filter :require_login, :only => :secret
application_controller.rb 
def not_authenticated
  redirect_to login_url, :alert => "First login to access this page."
end
application.html.erb 
<% if current_user %>
  Logged in as <%= current_user.email %>.
  <%= link_to "Log out", logout_path %>
<% else %>
  <%= link_to "Sign up", signup_path %> or
  <%= link_to "log in", login_path %>.
<% end %>