・ Rails tutorial is the 4th edition ・ This study is the 3rd lap (2nd lap after Chapter 9) ・ The author is a beginner who has done all of Progate.
・ If you read it, you will not understand it. ・ Search and summarize terms that you do not understand (at the bottom of the article, glossary). ・ Dive into what you do not understand. ・ Work on all exercises. ・ Do not copy chords as much as possible.
Authentication system development ・ Enter the 6th stage, Chapter 11. From the perspective of enhancing security, we will include steps to activate the account. It's a common one that you receive an email after registration and follow the link to complete the registration. Click here for today's BGM. Tatuki Seksu "Hanazawa EP" I like the fact that I packaged various suspicious things with Shoegazing sound.
2. The named route in Table 11.2 states that \ _url should be used instead of \ _path. Why? Think about it. Tip: We will now use the named route in emails. → path is a relative path (/ or abbreviated form), url is an absolute path (https: ~~ or complete form). I think that the absolute path which is the complete form of url is necessary for the processing outside rails called mail.
In the callback, a specific method can be executed just before the action of before_〇〇, 〇〇. It is called a method reference. This is recommended rather than passing a block. (Review) By defining a method below private, it can be kept private to the outside.
2. Create an instance of the User class from the console and check that NoMethodError occurs when you try to call the create_activation_digest method from that object (because it is a Private method). Also, let's check the value of the digest from that User object. → This kind of feeling
>> user = User.third
User Load (0.1ms) SELECT "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT ? OFFSET ? [["LIMIT", 1], ["OFFSET", 2]]
=> #<User id: 3, name: "Mr. Sage Hartmann", email: "[email protected]", created_at: "2020-09-17 08:34:09", updated_at: "2020-09-17 08:34:09", password_digest: "$2a$10$.HyqPb.DwmFICve62DsYte1alLAVihIdeS2F8Rjndry...", remember_digest: nil, admin: false, activation_digest: "$2a$10$9VKv/p9kYrz84SdMs/7s/uzEV3mqzGMmTubIq7.Vz4b...", activated: true, activated_at: "2020-09-17 08:34:09">
>> user.create_activation_digest
Traceback (most recent call last):
1: from (irb):2
NoMethodError (private method `create_activation_digest' called for #<User:0x000000000426b7a0>)
Did you mean? restore_activation_digest!
>> user.activation_digest
=> "$2a$10$9VKv/p9kYrz84SdMs/7s/uzEV3mqzGMmTubIq7.Vz4bbIb.ZeLDRy"
3. In Listing 6.34, I learned that there is a method called email.downcase! (You don't have to assign it) to lowercase email addresses. Use this method to improve the downcase_email method in Listing 11.3. Also, if you can change it successfully, make sure that the test suite remains successful. → Just change it to email.downcase !.
user.rb
def downcase_email
email.downcase!
end
>> CGI.escape('[email protected]')
=> "foo%40example.com"
>> CGI.escape("Don't panic!")
=> "Don%27t+panic%21"
If you are using AWS cloud9, the tutorial uses the old cloud9, so the content you enter in'example.com' looks quite different, so it's confusing, but the content is the same. Start the Rails server and copy all the URLs below https: // of the screen displayed in another tab.
The assert_match here doesn't quite fit, but I'm aware that I'm testing the contents of the email for the name, activation token, and escaped email address.
2. Let's confirm that the test changes to red when the CGI.escape part used in Listing 11.20 is deleted. → Is it because the email address contains meta characters and is not a regular expression unless it is escaped? See this article.
deliver_now: As the name suggests, the email sending process is executed at that moment.
2. Open the console and check that the user has been created on the database. Also, make sure that this user is on the database, but the activation status is still false. → It was activated: false.
I'm confused about what digest I'm talking about. Then look back at Table 11.1 at the beginning of Chapter 11. I have to keep track of what I'm talking about. So, the title of this section seems to be more generalized than abstracted. The authenticated? method can be used with any of the patterns in Table 11.1.
>> user = User.create(name: "muteki", email: "[email protected]", password: "mutekimuteki", password_confirmation: "mutekimuteki")
(0.1ms) SAVEPOINT active_record_1
User Exists (0.2ms) SELECT 1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER(?) LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
SQL (2.5ms) INSERT INTO "users" ("name", "email", "created_at", "updated_at", "password_digest", "activation_digest") VALUES (?, ?, ?, ?, ?, ?) [["name", "muteki"], ["email", "[email protected]"], ["created_at", "2020-09-17 12:57:50.404544"], ["updated_at", "2020-09-17 12:57:50.404544"], ["password_digest", "$2a$10$eDPAP444JbjJDGucKnoFE.MWFBTAR8dxQ.wXPJfzql9E0TPRVDQfq"], ["activation_digest", "$2a$10$zql927sHRszT.bjitRxBn.slJil.Zvc74AJkztqBZzt7kUiSqBgx."]]
(0.1ms) RELEASE SAVEPOINT active_record_1
=> #<User id: 102, name: "muteki", email: "[email protected]", created_at: "2020-09-17 12:57:50", updated_at: "2020-09-17 12:57:50", password_digest: "$2a$10$eDPAP444JbjJDGucKnoFE.MWFBTAR8dxQ.wXPJfzql9...", remember_digest: nil, admin: false, activation_digest: "$2a$10$zql927sHRszT.bjitRxBn.slJil.Zvc74AJkztqBZzt...", activated: false, activated_at: nil>
So, I purposely create a memory system.
>> remember_token = User.new_token
=> "5dyf7BoW9H3H9SYH6VPRYg"
>> remember_digest = User.digest(remember_token)
=> "$2a$10$1CymqXEPzP.b05TblQ3Zye/ukhNblEpGlDxI4kT2VoiLUJK1EHVy2"
>> user.update_attribute(:remember_token, remember_token)
(0.1ms) SAVEPOINT active_record_1
(0.1ms) RELEASE SAVEPOINT active_record_1
=> true
>> user.update_attribute(:remember_digest, remember_digest)
(0.1ms) SAVEPOINT active_record_1
SQL (0.2ms) UPDATE "users" SET "updated_at" = ?, "remember_digest" = ? WHERE "users"."id" = ? [["updated_at", "2020-09-17 13:45:51.944577"], ["remember_digest", "$2a$10$1CymqXEPzP.b05TblQ3Zye/ukhNblEpGlDxI4kT2VoiLUJK1EHVy2"], ["id", 102]]
(0.0ms) RELEASE SAVEPOINT active_record_1
=> true
So, each token looks like this. The digest is above.
>> user.remember_token
=> "5dyf7BoW9H3H9SYH6VPRYg"
>> user.activation_token
=> "p5rorOE7trfF4L-YJynnxg"
2. Using the authenticated? Method abstracted in Listing 11.26, let's confirm that the authentication is successful with each token / digest combination. → Just check ... What? ?? NameError in activation_token? ?? I found out and solved it. Is it user.activation_token because it is tied to the user to the last?
>> user.authenticated?(:remember, remember_token)
=> true
>> user.authenticated?(:activation, activation_token)
Traceback (most recent call last):
1: from (irb):11
NameError (undefined local variable or method `activation_token' for main:Object)
Therefore, it is true below. When creating remember_token, it was better to link it with user.remember_token instead of defining it newly.
>> user.authenticated?(:activation, user.activation_token)
=> true
2. Paste the URL you found earlier into your browser and check that the user has been successfully authenticated and can be activated. Also, check from the console that the activation status is true. → Authentication was successful and enabled.
-The array deliveries that appears in the test is a variable. So, I cleared it with setup so that it would not interfere with other tests. -Size method: Same as length method. Here, the number of emails (= 1) is confirmed. -Assigns method: You will be able to access the instance variable (@user) in the corresponding action (here we are testing signup, so create action). -Where method: Returns all records that match the given conditions. Here was a comparison with find and find_by.
user.rb
def activate
update_columns(activated: true, activated_at: Time.zone.now)
end
2. Currently, all users are displayed when the user index page of / users is opened, and individual users can be displayed by specifying an ID such as / users /: id. But when you think about it, it doesn't make sense to show users who aren't valid. So let's change this behavior using the template in Listing 11.40 9. The Active Record where method used here will be explained in a little more detail in 13.3.3. → Below
users_controller.rb
def index
@users = User.where(activated: true).paginate(page: params[:page])
end
def show
@user = User.find(params[:id])
redirect_to root_url and return unless @user.activated?
end
3. Let's create an integration test for both / users and / users /: id to test the code modified in the exercises so far. The update method skips without performing any callbacks and validations, so be careful if you need to apply callbacks or validations. → It's difficult here. The idea is that "unenabled users (@non_activated) are not displayed in the index" and that if you try to access the unenabled user's page (user_path (@non_activated)), you will be skipped to home. " I just need to make sure ... I was worried because I didn't understand the former assertion. After all, when I checked it, I should confirm that "the link of user_path (@non_activated) is not displayed (it is 0)". I see. So it is below. I finally added the test name. Also, I added @non_activated to setup after rewriting the third user in uses.yml to activated: false.
users_index_test.rb
def setup
@admin = users(:michael)
@non_admin = users(:archer)
@non_activated = users(:lana)
end
test "index as admin including pagination and delete links,
not to show non activated user" do
log_in_as(@admin)
get users_path
assert_template 'users/index'
assert_select 'div.pagination'
first_page_of_users = User.where(activated: true).paginate(page: 1)
first_page_of_users.each do |user|
assert_select 'a[href=?]', user_path(user), text: user.name
assert_select 'a[href=?]', user_path(@non_activated), count: 0
unless user == @admin
assert_select 'a[href=?]', user_path(user), text: 'delete'
end
end
assert_difference 'User.count', -1 do
delete user_path(@non_admin)
end
get user_path(@non_activated)
assert_redirected_to root_url
end
** Finally came! !! SendGrid! !! ** ** Isn't this terrible? Even if I register, my account will be frozen immediately and I will not be able to skip emails. After taking time for this guy last time, it seems that I have to contact support to solve it after all, so I left it as if I could do it. Don't use it for such a tutorial ... So, I tried various methods to introduce other means, but none of them worked ... I'm dissatisfied, but this time I'll just use sendgrid. This is a topic for the future. ...... After all, it was frozen softly. Yeah.
2. When you receive the email, actually click on the email to activate your account. Also, check the logs on Heroku to see what's happening with the activation logs. Tip: Try running the heroku logs command from your terminal. → I want to do it, but I can't.
・ If the end is bad, everything is bad. I hate SendGrid. ・ In the future, I would like to work purely on sending emails with Action Mailer. -Include the activation token and escaped email address in the URL.
I wanted to solve the SendGrid problem somehow ... It's a waste to spend more time, so I'll move on. I will definitely do something in the future! Now, next is Chapter 12, resetting the password. This is the final chapter of authentication system development!
⇨ Go to Chapter 12! ⇦ Click here for Chapter 10 Click here for premise and author status for learning
-Query parameters A question mark "?" Followed by a key / value pair at the end of the URL. It is possible to analyze where the user came from (passive parameter) and change the content according to the specified variable (active parameter). Including all queries Click here for details.
・ CGI (Common Gateway Interface) A mechanism in which a web server calls an external program in response to a request from the client's web browser, and the execution result is sent to the client's web browser via HTTP. Bulletin boards, access counters, questionnaire forms, etc. can be implemented.
・ Assert_mutch If the given string matches the given regular expression, pass the check.
-SMTP (Simple Mail Transfer Protocol) A protocol for forwarding email over the Internet.
Recommended Posts