打造自己的用户验证系统

我们知道rails已经有几个成熟的用户验证系统,如devise等,那么我们为什么要自己打造呢?

  • 从实际使用看,用户登录系统有很多需要定制的地方,与其困难的修改成熟gem,不如自己打造
  • 现成的系统是黑匣子,自己写会更了结
  • 现在的rails对自己打造验证系统支持非常好
  • 如果之后需要第三方登录,你会更了解它,更容易修改

一 user model

执行命令
git checkout -b modeling-users
rails g model User name:string email:string
rails db:migrate
修改model app/model/user.rb
class User < ApplicationRecord
  validates :name, presence :true, length: { maximum: 50 }
  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
  validates :email, presence :true, length: { maximum: 255}, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }  
//(验证邮箱是否存在,长度,格式,唯一性,不区分大小写)
end
为email增加索引
rails g migration add_index_to_users_email
修改对应的migrate
  def change
    add_index :users, :email, unique: true
  end
rails db:migrate
修改model,最前面加上如下语句,其中右侧self省略了,而前面的不可以
  before_save { self.email = email.downcase }
 
A hashed password
在model中增加 has_secure_password ,然后增加password_digest列,增加了这个列has_secure_password才能启到作用。
rails g migration add_password_digest_to_users password_digest:string
修改对应migrate
  def change
    add_column :users, :password_digest, :string
  end
rails db:migrate
has_secure_password这个method使用bcrypt这个gem,所以加上它
  gem 'bcrypt',         '3.1.11'
bundle install
model中增加密码验证
  validates :password, presence: true, length: { minimum: 6 }

提交git,合并

git add -A
git commit -m "Make a basic User model (including secure passwords)"
git checkout master
git merge modeling-users
git push

二 Sign up

git checkout -b sign-up
修改config/routes.rb,增加
resources :users
增加页面,touch app/views/users/show.html.erb
<%= @user.name %>, <%= @user.email %>
app/controllers/users_controller.rb
def show
   @user = User.find(params[:id])
end
def new
  @user = User.new
end
def create
  @user = User.new(user_params)
  if @user.save
    flash[:success] = "Welcome to the Sample App!"
    redirect_to @user
  else
    render 'new'
  end
end
private
  def user_params
    params.require(:user).permit(:name, :email, :password, :password_confirmation)
  end
end
app/views/users/new.html.erb
<% provide(:title, 'Sign up') %>

Sign up

<%= form_for(@user) do |f| %> <%= render 'shared/error_messages' %> <%= f.label :name %> <%= f.text_field :name, class: 'form-control' %> <%= f.label :email %> <%= f.email_field :email, class: 'form-control' %> <%= f.label :password %> <%= f.password_field :password, class: 'form-control' %> <%= f.label :password_confirmation, "Confirmation" %> <%= f.password_field :password_confirmation, class: 'form-control' %> <%= f.submit "Create my account", class: "btn btn-primary" %> <% end %>
错误信息提示
mkdir app/views/shared
touch app/views/shared/_error_messages.html.erb
<% if @user.errors.any? %>
  
The form contains <%= pluralize(@user.errors.count, "error") %>.
    <% @user.errors.full_messages.each do |msg| %>
  • <%= msg %>
  • <% end %>
<% end %>
app/assets/stylesheets/custom.scss
/* forms */

input, textarea, select, .uneditable-input {
  border: 1px solid #bbb;
  width: 100%;
  margin-bottom: 15px;
  @include box_sizing;
}

input {
  height: auto !important;
}
#error_explanation {
  color: red;
  ul {
    color: red;
    margin: 0 0 30px 0;
  }
}

.field_with_errors {
  @extend .has-error;
  .form-control {
    color: $state-danger-text;
  }
}

设置flash提醒

git add -A
git commit -m "Finish user signup"
git checkout master
git merge sign-up

SSL in production

basic login

rails generate controller Sessions new
Rails.application.routes.draw do
  root   'static_pages#home'
  get    '/help',    to: 'static_pages#help'
  get    '/about',   to: 'static_pages#about'
  get    '/contact', to: 'static_pages#contact'
  get    '/signup',  to: 'users#new'
  get    '/login',   to: 'sessions#new'
  post   '/login',   to: 'sessions#create'
  delete '/logout',  to: 'sessions#destroy'
  resources :users
end

你可能感兴趣的:(打造自己的用户验证系统)