This series introduces students to ruby on rails 3 through the book "Agile Web Development with Rails" with accompanying lecture videos found at http://www.thinkbohemian.com/tag/rails-summer-of-code/
1. Rails Summer of Code
Week 5
Richard Schneeman - @ThinkBohemian
2. Rails - Week 5
• Data Flow
• View to Controller
• Routes
• Params
• Authenticating Users
• Cryptographic Hashes (cool huh)
• Authlogic
Richard Schneeman - @ThinkBohemian
3. Data Flow
• How do I get data from Server?
• Controller to View
• Instance Variables - @dog
• How do I get data from browser to server?
• View to Controller
• forms, links, buttons
Richard Schneeman - @ThinkBohemian
4. Data Flow
• Controller to View
• Controller Gets Object saves it in @variable
• View gets @variable renders webpage
Richard Schneeman - @ThinkBohemian
5. Data Flow
• View to Controller (modify @variable)
• View has @variable which has ID and attributes
• Pass @variable.id and new attributes to controller
• Controller finds object by the ID
• modifys attributes and saves data
Richard Schneeman - @ThinkBohemian
6. Data Flow
• How do I get data from browser to server?
• Forms
• form_for
• form_tag
• Links
• Buttons
Richard Schneeman - @ThinkBohemian
7. form_for
• form_for - view_helper
• generates form for object
Controller View
@dog = Dog.new <%= form_for(@dog) do |f| %>
<div class="field">
@dog.fur_color <%= f.label :fur_color %><br />
<%= f.text_field :fur_color %>
</div>
...
<div class="actions">
<%= f.submit %>
</div>
<% end %>
Richard Schneeman - @ThinkBohemian
8. form_for
• form_for - view_helper
• Uses object’s current state for submit
path
Controller View
@dog = Dog.new <%= form_for(@dog) do |f| %>
<div class="field">
@dog.fur_color <%= f.label :fur_color %><br />
<%= f.text_field :fur_color %>
</div>
...
<div class="actions">
@dog is a new Dog, so the form <%= f.submit %>
will default to calling the create </div>
action <% end %>
Richard Schneeman - @ThinkBohemian
9. form_tag
• form_tag - view_helper
• generates form with no object
Routes View
match '/spot/show/' => 'spots#show', :as => :search <% form_tag search_path do %>
Username:
<%= text_field_tag 'username' %>
<%= submit_tag 'Submit'%>
• needs a path <% end %>
• Path is set in routes.rb
Richard Schneeman - @ThinkBohemian
10. form_tag
• Side note - Shorthand Notation
• ClassName#MethodName
class Dogs
def show
...
end
end
• Dogs#show
• Easier than writing “the show method in the dog class”
Richard Schneeman - @ThinkBohemian
11. Routes
• Routes
• Connect controller actions to URLs
• Example: /dogs/show/2
• Will call DogsController#show
• Pass params[:id] = 2
routes.rb
resources :dogs
resources sets up {index, new, create, destroy, edit, update} routes
Richard Schneeman - @ThinkBohemian
12. Urls and Routes
• Pass extra info in url with GET method manually
• /dogs/show/color=brown&name=bob
• params = {:color=> “brown”, :name => “bob”}
• POST methods show no data in the URL
• POST is used for sensitive data
• Password, username, etc.
Richard Schneeman - @ThinkBohemian
14. Routes
• routes.rb
• Specify resources
• forget a route?
routes.rb
• run rake routes
resources :dogs Verb Action, Controller
GET {:action=>"index", :controller=>"dogs"}
dogs POST {:action=>"create", :controller=>"dogs"}
new_dog GET {:action=>"new", :controller=>"dogs"}
GET {:action=>"show", :controller=>"dogs"}
PUT {:action=>"update", :controller=>"dogs"}
dog DELETE {:action=>"destroy", :controller=>"dogs"}
edit_dog GET {:action=>"edit", :controller=>"dogs"}
Richard Schneeman - @ThinkBohemian
15. Routes
• Name that Action
• dog_path(@dog) (PUT)
1.Find the Verb
• dogs_path (GET) 2.Plural or Singular?
• dog_path(@dog) (GET) 3.object.id or no args?
• dog_path(@dog) (DELETE)
• dogs_path (POST)
Richard Schneeman - @ThinkBohemian
16. Routes
• Name that Action
• dog_path(@dog) (PUT) Update
• dogs_path (GET) Index
• dog_path(@dog) (GET) Show
• dog_path(@dog) (DELETE) Destroy
• dogs_path (POST) Create
Richard Schneeman - @ThinkBohemian
17. Controller Methods
• Why create & new?
• New then Create
dogs_controller.rb app/views/dogs/new.html.erb
def new <%= form_for(@dog) do |f| %>
@dog = Dog.new ...
end
dogs_controller.rb app/views/dogs/create.html.erb
def create <%= @dog.name %>
@dog = Dog.create(params[... ...
end
Richard Schneeman - @ThinkBohemian
18. Controller Methods
• What if I want extra actions?
• Use Index for other stuff ( like search)
• Create your own if you have to
def my_crazy_custom_method
puts “This is OK, but not desirable”
end
index, new, create, destroy, edit, & update not enough?
Richard Schneeman - @ThinkBohemian
19. Controller Methods
• What if I run out of methods
• Already used index, new, create, destroy, edit, & update
• Create a new controller !
• DogRacesController
• DogGroomerController
• etc.
multiple controllers per heavily used models is normal
Richard Schneeman - @ThinkBohemian
20. Routes
• Cool - What about that search_path stuff?
• when resources don’t do enough use “match”
• Define custom routes using :as =>
match '/dog/show/' => 'dogs#show', :as => :search
• Use route in view as search_path
Richard Schneeman - @ThinkBohemian
21. Routes
• How do I define http://localhost:3000/ ?
• Root of your application
root :to => "dogs#index"
Richard Schneeman - @ThinkBohemian
22. link_to
• Send data using links
@dog = Dog.find(:id => 2)
<%= link_to 'Some Action', @dog %>
• link_to generates a link
• Calls a Method
• Passes data
Richard Schneeman - @ThinkBohemian
23. link_to
• What Path/Method is called by link_to ?
@dog = Dog.find(:id => 2)
<%= link_to 'Some Action', @dog %>
• Default method is GET
• @dog is a singular dog
Richard Schneeman - @ThinkBohemian
24. link_to
• link_to can take a path directly
@dog = Dog.find(:id => 2)
<%= link_to 'Some Action', @dog %>
• So can form_for, form_tag, button_to ...
Richard Schneeman - @ThinkBohemian
25. link_to
• What data does the controller see ?
@dog = Dog.find(:id => 2)
<%= link_to 'Some Action', @dog %>
def show
• dog_id = params[:id]
Dog.where(:id => dog_id)
...
end
• params returns a hash passed via http
request
• :id is the key passed from @dogs
Richard Schneeman - @ThinkBohemian
26. link_to
• Why only pass ID?
def show
dog_id = params[:id]
Dog.where(:id => dog_id)
•Iend
...
• minimize data sent to and from server
• decouple data sent from object
• security & continuity
• http methods don’t natively accept ruby
objects
Richard Schneeman - @ThinkBohemian
27. link_to
• Can I send other stuff besides ID?
• You betcha!
<%= link_to "Link Text", search_path(:foo => {:bar => 42} )%>
meaning_of_life = params[:foo][:bar]
• pass additional info into view_helper
arguments
• all data is stored in params
Richard Schneeman - @ThinkBohemian
28. button_to
• like link_to except renders as a button
• default HTTP for buttons method is
POST
<%= button_to "button Text", search_path(:foo => {:bar => 42} )
Richard Schneeman - @ThinkBohemian
29. Recap
• This example should make (more) sense now
• Connect controller actions to URLs
• Example: /dogs/show/2
• Will call DogsController#show
• Pass params[:id] = 2
routes.rb
resources :dogs
Richard Schneeman - @ThinkBohemian
30. Recap
• Lots of view helpers take data from view to controller
• Pick the one that best suits your needs
• Run out of Routes to use?
• generate a new controller
• Forget a route
• Run: rake routes
Richard Schneeman - @ThinkBohemian
32. Crypto Hashes
• A function that takes any input and returns a
fixed length string
Passwo
• function is not reversible
• minor changes in input
rds
• major changes in output a12n2
91234
8...
• Examples: MD5, SHA1, SHA256
Richard Schneeman - @ThinkBohemian
33. Crypto Hashes
• Different input
• Different output
Pass
myPass
iff
myD
A12D
P29...
34U...
!= BG123
Richard Schneeman - @ThinkBohemian
34. Crypto Hashes
• Same input
• Same output
ass
myPass
myP
A12D 4U...
34U...
!= A12D3
Richard Schneeman - @ThinkBohemian
35. Crypto Hashes
• How does this help with user authentication?
• passwords shouldn’t be stored in a database
• store crypto-hash instead
• The same input produce the same output
• Compare hashed password to stored hash
Richard Schneeman - @ThinkBohemian
36. Crypto Hashes
• Good for more than just users!
• Comparing large datasets for equality
• Authenticate downloaded files,
•
Richard Schneeman - @ThinkBohemian
37. Crypto Hashes
• Considerations
• Collisions - happen
• Rainbow tables - exist
• Timing Attacks - are not impossible
• Don’t use MD5
• Helpful techniques
• “salt” your hashed data
• hash your Hash
Richard Schneeman - @ThinkBohemian
38. Crypto Hashes
• Are Awesome
• Are Useful
•
Richard Schneeman - @ThinkBohemian
39. Authlogic
• Authentication Gem
• Don’t write your own authentication
• Good for learning, but in production use a library
sudo gem install authlogic
Richard Schneeman - @ThinkBohemian
40. Authlogic
class User < ActiveRecord::Base
acts_as_authentic
end
class UserSession < Authlogic::Session::Base
end
• Very flexible, lightweight, and modular
• Doesn’t generate code, examples are online
Richard Schneeman - @ThinkBohemian
41. Questions?
http://guides.rubyonrails.org
http://stackoverflow.com
http://peepcode.com
Richard Schneeman - @ThinkBohemian