Mar 11
You Shall not Pass : Authorizations & Validations in Rails
Now that I am a full stack developer and deploying apps. There has to be a way in this modern era to protect from the such unsavory figures like the Balrog. Our version of Gandalf comes in the form of validations and authorizations.
Validations control the flow of information being sent to our apps. First of all we can make sure that something is being passed in by validating it’s presence: true, and if we only want unique value we can validate an attributes uniqueness. Ever wonder how sites require certain characters and limits in their passwords for users… its validations. Numericality is a useful validation if you want only integers or a range between integers.
Authorization allows access to specific routes on your app. If you want to give access to only users who have signed up you can limit access on your site by adding authorizations. So with the code below authorized user function is being run before actions unless the current user is included in the session.
But how will people even log in if they cant get authorized? There is a useful rails action called skip_before_action which will skip the authorized user function for actions like login or sign up.
In this way we can really control what CRUD functionality that users of our apps have. This can go a level deeper by controlling the type of users who have access to certain CRUD functionality. For instance you may only want a user with admin status to be able Create/Update/Delete certain things.
There are additional protections that are put in place. Bcrypt gem encrypts are password and adds an added layer of security. We due this by adding this line of code into our gemfile and running bundle install. gem ‘bcrypt’, ‘~> 3.1.7’. By including has_secure_password we will get encrypted passwords in our returns.
These are just some of the ways we can protect our users against unsavory netizens. By implementing bcrypt, authorizations, and validations you make a safer environment for you and your users.
