Using the request/response cycle as a guide, here’s how authentication fits in:
- When a user visits the signup page, the browser makes an HTTP GET request for the URL
- The Rails router maps the URL
/signupto the Users controller’s
newaction handles the request and passes it on to the view.
- The view displays the signup form.
- When the user fills in and submits the form, the browser sends the data via an HTTP POST request to the app.
- The router maps the request to the Users controller’s
createaction saves the data to the database and redirects to the albums page. The action also creates a new session.
What is a session? A session is a connection between the user’s computer and the server running the Rails app. A session starts when a user logs in, and ends when the user logs out.
Looking at the request/response cycle, we need five parts to add signup machinery to the app: a model, a controller, routes, views, and logic for sessions. Let’s start here by creating a model.
Generate a model named User.
In app/models/user.rb, add a method named
class User < ActiveRecord::Base has_secure_password end
In the Gemfile on line 30, uncomment the
Install the gems.