Creating a login page is an essential part of any web application that requires user authentication. In this article, I will guide you through the process of making a login page using Ruby on Rails. As a developer who has worked extensively with Ruby on Rails, I can assure you that it is a powerful and effective framework for building web applications.
Setting up the Project
Firstly, we need to make sure that we have Ruby and Rails installed on our system. If you haven’t already, head over to the official Ruby website at https://www.ruby-lang.org/ and install the latest version of Ruby. Once that is done, open your terminal and install Rails by running the following command:
gem install rails
Once Rails is successfully installed, let’s create a new Rails project. Open your terminal and navigate to the directory where you want to create the project. Run the following command:
rails new login_page
This will create a new Rails project named “login_page”. Navigate into the project directory:
cd login_page
Creating the User Model and Migration
In order to create a login page, we need to have a user model to store user information. Let’s generate a new User model along with a migration file to create the necessary table in the database. Run the following command:
rails generate model User username:string password_digest:string
This will generate a new User model with two attributes: username and password_digest. The password_digest attribute is used to securely store the user’s password using bcrypt encryption.
Next, let’s run the migration to create the users table in the database. Run the following command:
rails db:migrate
Creating the Sessions Controller
Now that we have our User model set up, let’s create a Sessions controller to handle the login functionality. Run the following command to generate the controller:
rails generate controller Sessions new create destroy
This will generate a new Sessions controller with four actions: new, create, destroy, and index. We are mainly interested in the new, create, and destroy actions for our login page.
Implementing the Login Page
In the Sessions controller, open the new action and add the following code:
def new
end
This action is responsible for rendering the login page. Now, open the new.html.erb file located in the views/sessions directory and add the following code:
Login
<%= form_tag sessions_path do %>
<%= label_tag :username %>
<%= text_field_tag :username %>
<%= label_tag :password %>
<%= password_field_tag :password %>
<%= submit_tag "Login" %>
<% end %>
Here, we have a simple login form with fields for username and password. The form is submitted to the sessions_path, which will map to the create action in the Sessions controller.
In the create action of the Sessions controller, add the following code:
def create
user = User.find_by(username: params[:username])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
redirect_to root_path, notice: "Logged in successfully"
else
flash.now[:alert] = "Invalid username or password"
render :new
end
end
This code checks if the username and password entered by the user match a user record in the database. If the credentials are valid, we store the user’s ID in the session and redirect them to the root page. Otherwise, an error message is displayed and the login page is rendered again.
Adding Logout Functionality
In order to allow users to log out, let’s add a destroy action to the Sessions controller. Add the following code:
def destroy
session[:user_id] = nil
redirect_to root_path, notice: "Logged out successfully"
end
This action simply clears the user’s ID from the session and redirects them to the root page with a logout notice.
Protecting Pages with Authentication
Now that we have our login and logout functionality in place, you can easily restrict access to certain pages or actions by adding a before_action in your controllers. For example, let’s say you have a PostsController and you want to only allow logged-in users to create a new post. Open the PostsController and add the following code:
before_action :authenticate_user!, only: [:new, :create]
This code adds a before_action that calls a method called “authenticate_user!” before the new and create actions. The authenticate_user! method can be implemented in your ApplicationController to check if the user is logged in. If not, you can redirect them to the login page.
Conclusion
In this article, we have learned how to create a login page using Ruby on Rails. We started by setting up the project and creating the User model and migration. Then, we created a Sessions controller to handle the login functionality. We implemented the login page with a simple form and added the necessary actions to authenticate the user and store their session. We also added logout functionality and learned how to protect certain pages with authentication. By following these steps, you can create a secure login page for your Ruby on Rails application.
