Basic signup in your Rails app with has_secure_password

Michiel Sikkes
on
February 29, 2016

The past week I've been working on a little web app that lets you post to a Twitter account as a group: http://samentweeten.nl. It's a tool for volunteers so they can share a Twitter account for campaigning or communicate from a single organisation or brand.

Usually, I use Devise for registration and authentication. For building samentweeten.nl, I wanted to discover implementing basic registration and authentication with has_secure_password and the Rails bare minimum.

Implementing signup

Schermafbeelding-2016-02-29-om-11-21-55

Here's the view code for my sign up form. It's nothing special. Just a simple form that asks for Email and Password. It uses bootstrap_form_for from the bootstrap-forms gem.

CODE: https://gist.github.com/jansn/bc587c35fcbd6b68eb9679fd0cd3a66d.js

This view is accessible on /signup. The form also posts to /signup so my routes.rb looks like this:

CODE: https://gist.github.com/jansn/a91d4cba9494174bcbf4a474effd3082.js

The controller for these two routes looks as follows:

CODE: https://gist.github.com/jansn/2dce79bc3a87a01e59a262d722930cd4.js

In my Account model I've added has_secure_password like so:

CODE: https://gist.github.com/jansn/d5b6f5cd7b73bb293c4804b8089e4e75.js

In the code for my SignupController, you can see that I set a signed cookie account_id to the id of the Account record that gets created. I'll be using this cookie to verify if the user is logged in on subsequent requests.

Authorizing if a user is logged in

In ApplicationController I've added a few helper methods that let me verify and fetch the logged in account. By adding these methods here, I can use them in all the controllers throughout my app.

CODE: https://gist.github.com/jansn/e80b586619aff464ef74d9be2730235e.js

I use the authenticate_account method as a before_action in all controllers that need a valid account. This method will redirect to the root_url when no account is logged in. As a bonus, the method clears the account_id from the cookies when the requested Account has disappeared. Clearing the cookie is useful for clearing sessions of accounts that were removed.

The current_account method is a quick alias that lets me access the current logged in account from any controller or view. I store the result in the @current_account instance variable, so the database is never queried more than necessary inside a single request when calling the current_account method multiple times.

The third method account_signed_in? is just a syntactic sugar method that I can use in my views, inspired by Devise.

Questions or comments?

If you have any questions or comments, please let me know! You can reach me on Twitter via @michiels or send me an email at mailto:michiel@firmhouse.com.