In my previous post, I showed you how to easily create a simple signup for your Rails app, without needing any external gems. In that post, I showed you how to build a signup form and let the Rails built-in feature of has_secure_password handle account registration and password hashing.
In this post, I'll show you how to let users log in and authenticate them by using the methods that has_secure_password automatically adds to your User-type model.
First of all, let's take a look at my user-type model. In my app samentweeten.nl, it is called Account. This is what it looks like:
To use has_secure_password your model needs the password_digest database field. The password_digest field will contain the hashed and encrypted password. Here's the migration for my Account model:
The previous code is all we need to use Rails' built-in has_secure_password functionality on the model and database end. Let's look at the controller and our login form in the next section.
For logging in the account, I'm using a SessionsController to handle all the sign in logic. This controller has a new, create and destroy method to show the login form, authenticate the user and logs it back out.
Here's my login form:
Here's the code for my SessionsController:
The login form POSTs a form with an email address and a password to the #create method of my controller. In the #create method, the following happens:
Done! The above is all you need for a simple login in your Rails app using the authenticate()method that you get for free when using has_secure_password on your user-type model.
Let's take a quick look at how to destroy the user session.
To destroy the user session, we can point a "Logout" link or button somewhere in the user interface to the #destroy method on my SessionsController and execute the following code:
This #destroy method clears the account_id cookie and redirects to the frontpage of my app.