Model Usage
You can make users the normal way. Passwords will automatically be salted and bcrypted.
User.new(
email: 'matt@example.com',
password: '$ushi',
password_confirmation: '$ushi'
)
Resetting passwords has never been easier.
user.reset_password('new_password', 'new_password')
You will also always have a token available when you need to reset passwords.
user.password_reset_token
Controller Usage
In your application controller:
authem_for :user
Which gives you access to:
-
sign_in(user)
-
sign_out_user
-
current_user
-
require_user
-
user_signed_in?
-
redirect_back_or_to(some_awesome_default_path)
-
clear_all_sessions_for(user)
Then require authentication in your controllers with a filter:
before_filter :require_user
For signing in/out users, try a SessionsController like this:
class SessionsController < ApplicationController
def create
user = User.find_by(email: params[:email].downcase)
if user && user.authenticate(params[:password])
sign_in(user)
redirect_back_or_to(root_path)
else
flash.now.alert = "Your email and password do not match"
render :new
end
end
def destroy
sign_out_user
redirect_to :root
end
end
Resetting passwords could look something like this:
class PasswordResetsController < ApplicationController
before_filter :verify_user, only: [:edit, :update]
def create
if user = User.find_by(email: params[:email].downcase)
UserMailer.reset_password_email(user)
end
redirect_to [:new, :password_reset], alert: "Instructions for resetting your password have been sent."
end
def update
if user_by_token.reset_password(params[:password], params[:password_confirmation])
sign_in(user_by_token)
redirect_to :root
else
render :edit
end
end
protected
def user_by_token
@user_by_token ||= User.find_by_reset_password_token(params[:id])
end
def verify_user
unless user_by_token
redirect_to [:new, :password_reset], alert: "We can't find your account with that token."
end
end
end