Ruby Authetication exercise: News stand...new stan

ngwolfhare · June 7, 2021, 4:43pm

If there’s anyone frustrated with the News Stand project … Let me make you a new stan:

User.create step, there’s a bit a correction step you need to implement. I’ve reported the bug but until it’s patched here’s a work around:

In the step 9: When your adding all the columns in your db: migrate you need to add a password column:
t.string :password

otherwise the password_digest becomes the password field and then the bcrypt hashing of the password doesn’t work properly…

And most of all when you try the User.create bit in step 13 will give you an unknown attribute error because low and behold you do not have a password column in yo’ table but you do now because you like reading forums and found this very simple work around. Good for you Stan on.

ngwolfhare · June 8, 2021, 4:40pm

Also after getting a little further in the exercise I kept on encountering the authenticity token error that I have encountered previously in the other intermediate Ruby course and looking for a work around by reading old posts on here and else where:

When you are setting up the user controller I forget which step it is but certainly by step 24 when you are filling it out with functionality goodness:

skip_before_action :verify_authenticity_token

put that in before any of the user and user redirects and that should clear up the authenticity token error

Though I have seen on StackOverflow and other such sites DO NOT do this in production code because that makes your authenticate less than robust. So learning to get the exercise done : yes Real Life: NO.

erikwestrup · February 23, 2022, 2:57pm

We should not add a password column to the Users table/model. The purpose of this setup is to not save the password but instead the digest of the password.

I had the same issue on step 9 User.create(...) in the rails console, that the argument password: was not recognized. My problem was that I defined a method has_secure_password in the user model, instead of calling the has_secure_password class method.

That is,

don’t do this:

class User < ActiveRecord::Base
  def has_secure_password
  end
end

do this:

class User < ActiveRecord::Base
  has_secure_password
end

micro0385088917 · March 10, 2022, 9:42am

thanks for the awesome information.

marian_d_dev · February 27, 2023, 1:17pm

I called the method from the beginning, didn’t define it as a method in User model but the issue is still there

marian_d_dev · February 27, 2023, 1:21pm

for POST and PUT actions think is safer to use protect_from_forgery instead of skip_before_action :verify_authenticity_token

Topic		Replies	Views
FAQ: Authentication - Users Ruby FAQ	2	1127	December 21, 2022
FAQ: Authentication - User migration Uncategorized	0	198	January 20, 2023
FAQ: Authentication - Signup I Ruby FAQ	7	1366	December 29, 2022
FAQ: Authentication - User migration Ruby FAQ	1	1013	May 13, 2021
FAQ: Authentication - User model Uncategorized	0	274	January 20, 2023

Ruby Authetication exercise: News stand...new stan

Related topics