When you build an web app using Ruby on Rails, you will likely need to implement a user authentication for a user to sign in and sign out. If you look for examples of the authentication, you will find a column called ‘password_digest’ in users migration table, instead of ‘password’ for User model’s attribute. But in the sign_up and log_in forms, the input name is ‘password’, not ‘password_digest’. So, where does this password_digest come from? To avoid passwords from being stolen, the password is encrypted before stored in your database. This is done by bcrypt Ruby gem. The bcypt Ruby gem provides you with has_secure_password method. The has_secure_password method encrypts passwords by hashing and salting the passwords and generate ‘password_digest’. Please read Wikepedia on how bcrypt works.
The has_secure_password method in turn gives you, #authenticate method, which you can use to authenticate passwords.
Here’s the summary of the authentication using bcrypt Ruby gem.
- Include bcrypt gem in your Gemfile.
2. Add password_digest column in your users table.
3. Add has_secure_password method in your User model file.
4. Build sign up and login form for User model.
5. Add #create method in your UsersController for sign up and #create method in your SessionsController for log in, and include #authenticate method in #create method in SessionsController to authenticate user’s password.
