Code Monkey home page Code Monkey logo

phase-4-password-protection-lab's Introduction

Password Protection Lab

Learning Goals

  • Implement login and signup with a password
  • Use has_secure_password to hash and salt passwords

Introduction

We're going to make a Rails app that covers a simple authentication flow: users can create accounts, log in, and log out.

There is some starter code in place for a Rails API backend and a React frontend. To get set up, run:

$ bundle install
$ npm install --prefix client

You can work on this lab by running the tests with learn test. It will also be helpful to see what's happening during the request/response cycle by running the app in the browser. You can run the Rails server with:

$ rails s

And you can run React in another terminal with:

$ npm start --prefix client

You don't have to make any changes to the React code to get this lab working.

Setup

Our app has three pages:

  1. A signup page, where the user enters their username, password, and password confirmation.
  2. A login page, where the user submits their username and password and are then logged in.
  3. A user homepage, which says, "Welcome, ${username}!"

Users should not be able to log in if they enter an incorrect password.

Note: we're not covering password validations in this lab, so don't worry about those. Password validation is hard to get right anyway โ€” it's surprisingly easy to produce rules that decrease password security rather than enhance it.

Instructions

To complete the lab and get the tests passing, you will need to:

  • Create a User model, and migrations for a users table with username and password_digest columns. Make sure to use password_digest, not password, in your migration, and to include the has_secure_password macro in your model.

  • Create a UsersController with a create method that responds to a POST /signup request. It should: create a new user; save their hashed password in the database; save the user's ID in the session hash; and return the user object in the JSON response.

  • Add a show method to your UsersController that responds to a GET /me request. If the user is authenticated, return the user object in the JSON response.

  • Create a Sessions controller with a create action for logging in that responds to a POST /login request, and a destroy action for logging out that responds to a DELETE /logout request.

Happy coding!

Resources

phase-4-password-protection-lab's People

Contributors

ihollander avatar lizbur10 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.