Using authentication in Rails

Fri, 08 Dec 2006 13:22:30 GMT

The easiest way to authenticate in rails is by using the before_filter in you controller.

Add this code in the top of your controller.

--------------------------------------------------------------------------------------------------------------
# before_filter calls the supplied function
# before calling any other actions in the current controller
# except the actions give in the 'except' hash

before_filter :check_authentication, :except => [:sign_up, :login]

# Authenticating the user
def check_authentication
unless session[:user_id]
    session[:original_uri] = request.request_uri
    flash_error('Please Login first','user','login')
end
end
--------------------------------------------------------------------------------------------------------------

This code checks if there is a variable named user_id in the session.
If such a variable is not present the it redirects the user to the login screen and stores the requested url so that when the user logs in he is redirected to this stored location.

The following variable shows how we check the user's password

--------------------------------------------------------------------------------------------------------------
def login
flash_notice('You are already logged in','user','index') if session[:user_id]
if request.post?
    user = User.find_by_name(params[:user_name])
    if user.authenticate?(params[:password])
      session[:user_id] = user.id
      flash_notice('Successfully logged in','user','index')
    else
      flash_notice('Please check your username and password','user','login')
    end
end
end
--------------------------------------------------------------------------------------------------------------

In the first line of the above given action we check if the user is already logged in.
Then we check for the post request. Then we find the user and authenticate him.
If the user's password is successfully matched the we store the user's id in the session so that it can always pass the check_authentication function.

This is the simplest possible authentication that can be used in rails.

Blog on Rails: Rails

Using authentication in Rails