Skip to content

learn-co-curriculum/phase-4-password-protection-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

.github/workflows

.github/workflows

 
 

app

app

 
 

bin

bin

 
 

client

client

 
 

config

config

 
 

db

db

 
 

lib/tasks

lib/tasks

 
 

log

log

 
 

public

public

 
 

spec

spec

 
 

tmp

tmp

 
 

.canvas

.canvas

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.rspec

.rspec

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE.md

LICENSE.md

 
 

Procfile.dev

Procfile.dev

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

config.ru

config.ru

 
 

Repository files navigation

Password Protection Lab

Learning Goals

  • Implement login and signup with a password
  • Use has_secure_password to hash and salt passwords

Introduction

We're going to make a Rails app that covers a simple authentication flow: users can create accounts, log in, and log out.

There is some starter code in place for a Rails API backend and a React frontend. To get set up, run:

$ bundle install
$ npm install --prefix client

You can work on this lab by running the tests with learn test. It will also be helpful to see what's happening during the request/response cycle by running the app in the browser. You can run the Rails server with:

$ rails s

And you can run React in another terminal with:

$ npm start --prefix client

You don't have to make any changes to the React code to get this lab working.

Setup

Our app has three pages:

  1. A signup page, where the user enters their username, password, and password confirmation.
  2. A login page, where the user submits their username and password and are then logged in.
  3. A user homepage, which says, "Welcome, ${username}!"

Users should not be able to log in if they enter an incorrect password.

Note: we're not covering password validations in this lab, so don't worry about those. Password validation is hard to get right anyway — it's surprisingly easy to produce rules that decrease password security rather than enhance it.

Instructions

To complete the lab and get the tests passing, you will need to:

  • Create a User model, and migrations for a users table with username and password_digest columns. Make sure to use password_digest, not password, in your migration, and to include the has_secure_password macro in your model.

  • Create a UsersController with a create method that responds to a POST /signup request. It should: create a new user; save their hashed password in the database; save the user's ID in the session hash; and return the user object in the JSON response.

  • Add a show method to your UsersController that responds to a GET /me request. If the user is authenticated, return the user object in the JSON response.

  • Create a Sessions controller with a create action for logging in that responds to a POST /login request, and a destroy action for logging out that responds to a DELETE /logout request.

Happy coding!

Resources

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

1 star

Watchers

16 watching

Forks

2.3k forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages