O'Reilly logo

Professional Ruby on Rails™ by Noel Rappin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

3.5. Authentication

Now that you're creating new users and storing their passwords securely, the next step is to allow the user to log in. This involves setting up two new actions in the user controller — login and logout — and setting up partial views to display the login form and logout link.

3.5.1. The Routes

Because you are adding new actions to the RESTful user controller, the place to start is in the routes.rb file. Change the entry for users to this:

map.resources :users, :new => {:login => :post},
    :member => {:logout => :get}

This line adds a new action for login, which operates on a new or unsaved user object, and another action for logout, which operates on a single existing user object. The login action is a POST, because data is being sent to the server, and logout is a GET, which I suppose is arguable but seemed the best choice because no additional data besides the user ID is being sent to the server.

The most commonly used RESTful plugin for authentication, called restful_authentication, does this a bit differently. It creates a Sessions controller where the login method is Sessions#create and logout is Sessions#delete. There's certainly value in maintaining REST consistency, but there's not a whole lot of practical difference between the two designs, unless you have other uses for a Sessions controller.

3.5.2. The Tests

The user tests for password management have already been written. Here are the controller tests for successful login, unsuccessful login, and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required