Cookies, Authorization, and Activation
20 Jun 2016
Reading time ~2 minutes
What I Did
Today I finished several minute features including the following -
- Cookies (on top of sessions) so that users can have the option of being remembered upon signing up for an account.
- Authorization - so that visitors are restricted from protected pages and that users can only access their own protected pages
- Activation - to prevent bots and hackers from creating and using accounts inappropriately.
What I Learned
- Sometimes it’s useful to model something as a resource even though it will not be associated with an Active Record model - e.g. sessions and account_activations
- callbacks (either before or after) can be executed in relation to a save or create action, to ensure the proper manipulation or creation of a record
- private methods are only meant to be used internally by a model, i.e. there is no need to expose their functionality to a user
- Class methods allow for methods to be called independently or in the absence of an existing record.
- Though two users may have the same token (as they may have the same password), it is nonetheless safest for tokens to also be unique.
helper method :some_methodcan be declared in a controller such as application controller, effectively making said method available for use in views in addition to the controllers that extend it.
- if-then branching structures can be converted to ternary operators for conciseness.
- Before filters allow for indicated functions to only be called after evaluating some boolean function that determines if it is truly appropriate to call said function.
- Redirects do not occur until an explicit return statement or the end of a method is reached, so any code appearing after a redirect is still executed.
- Friendly forwarding allows users to be redirected to a page that they attempted to visit when they were not logged in after they’ve actually logged in.
- A query parameter can be observed in the portion of a URL proceeding a “?” mark. Certain characters within a URL must be “escaped out” like the @ symbol of an email address which becomes “%40”
- A virtual attribute (as opposed to an attribute that is a column in a database) can be made available to a given model by declaring
- Meta-programming is writing programs that write programs. Ruby is especially good for this kind of thing, which Rails takes generous advantage of.
What I Still Don’t Understand
I’m still not very confident about the differences between development, test, and production environments.
What I’m Interested in Learning
Now that I’ve successfully modeled Users and taken all of the most important precautions to secure a given user’s data, I would like to look into prepackaged ways of doing just that, so that I never have to do it by hand ever again, hopefully…