w4d4 - rails auth

Question 1

How do you set up a transaction? Where would you set up one up?

Answer 1

transaction do … end

Set one up anywhere where you are making multiple database queries that must all succeed.

Question 2

What is a member route?

Answer 2

A route that applies to a single model

ex: /cats/5/pet_the_cat

Question 3

What’s the definition of being logged in?

Answer 3

We’re able to find a user in the database that has a .session_token equal to the session[:session_token] cookie value

Question 4

How do you set encrypted cookies?

Answer 4

session[:some_key]

Question 5

What does session[:some_key] do?

Answer 5

Set an encrypted cookie.

Question 6

Why do you need an attr_reader for password in the user model?

Answer 6

we overwrite the password= method and so we need to be access @password to validate its length/complexity/etc

Question 7

Diff between BCrypt::Password.new/create ?

Answer 7

#new takes in a password digest
#create takes in a cleartext string

Question 8

Difference between :: and . ?

Answer 8

:: accesses namespace’s objects

. accesses an instance’s objects

Question 9

Why do we allow_nil on our password validator?

Answer 9

Once a password has been set, @password will generally be nil, as there is no password column for the User model

Question 10

What’s the pattern for logging in?

Answer 10

user = User.find_by_credentials(params[:username], params[:password])

user.reset_session_token!
session[:session_token] = user.session_token

Question 11

How do you make controller methods available within a view?

Answer 11

in the controller

use helper_method :method_name

Question 12

Why would you need a button for a logout link?

Answer 12

so you can access session#destroy via:

input type=”hidden” name=”_method”