Rails3 Summer of Code 2010- Week 5

Rails Summer of Code
Week 5

Richard Schneeman - @ThinkBohemian

Rails - Week 5
• Data Flow
• View to Controller
• Routes
• Params
• Authenticating Users
• Cryptographic Hashes (cool huh)
• Authlogic

Data Flow
• How do I get data from Server?
• Controller to View
• Instance Variables - @dog
• How do I get data from browser to server?
• View to Controller
• forms, links, buttons


Data Flow
• Controller to View
• Controller Gets Object saves it in @variable
• View gets @variable renders webpage


Data Flow
• View to Controller (modify @variable)
• View has @variable which has ID and attributes
• Pass @variable.id and new attributes to controller
• Controller ﬁnds object by the ID
• modifys attributes and saves data


Data Flow
• How do I get data from browser to server?
• Forms
• form_for
• form_tag
• Links
• Buttons


form_for
• form_for - view_helper
• generates form for object
Controller View
@dog = Dog.new <%= form_for(@dog) do |f| %>
<div class="ﬁeld">
@dog.fur_color <%= f.label :fur_color %><br />
<%= f.text_ﬁeld :fur_color %>
</div>
...
<div class="actions">
<%= f.submit %>
</div>
<% end %>


form_for
• form_for - view_helper
• Uses object’s current state for submit
path
Controller View
@dog = Dog.new <%= form_for(@dog) do |f| %>
<div class="ﬁeld">
@dog.fur_color <%= f.label :fur_color %><br />
<%= f.text_ﬁeld :fur_color %>
</div>
...
<div class="actions">
@dog is a new Dog, so the form <%= f.submit %>
will default to calling the create </div>
action <% end %>


form_tag
• form_tag - view_helper
• generates form with no object
Routes View
match '/spot/show/' => 'spots#show', :as => :search <% form_tag search_path do %>
Username:
<%= text_ﬁeld_tag 'username' %>
<%= submit_tag 'Submit'%>

• needs a path <% end %>

• Path is set in routes.rb

form_tag
• Side note - Shorthand Notation
• ClassName#MethodName
class Dogs
def show
...
end
end

• Dogs#show
• Easier than writing “the show method in the dog class”


Routes
• Routes
• Connect controller actions to URLs
• Example: /dogs/show/2
• Will call DogsController#show
• Pass params[:id] = 2
routes.rb
resources :dogs

resources sets up {index, new, create, destroy, edit, update} routes

Urls and Routes
• Pass extra info in url with GET method manually
• /dogs/show/color=brown&name=bob
• params = {:color=> “brown”, :name => “bob”}

• POST methods show no data in the URL
• POST is used for sensitive data
• Password, username, etc.


Routes
• Resources ?
• RESTful Resources

Source: http://peepcode.com


Routes
• routes.rb
• Specify resources
• forget a route?
routes.rb
• run rake routes
resources :dogs Verb Action, Controller
GET {:action=>"index", :controller=>"dogs"}
dogs POST {:action=>"create", :controller=>"dogs"}
new_dog GET {:action=>"new", :controller=>"dogs"}
GET {:action=>"show", :controller=>"dogs"}
PUT {:action=>"update", :controller=>"dogs"}
dog DELETE {:action=>"destroy", :controller=>"dogs"}
edit_dog GET {:action=>"edit", :controller=>"dogs"}


Routes
• Name that Action
• dog_path(@dog) (PUT)
1.Find the Verb
• dogs_path (GET) 2.Plural or Singular?
• dog_path(@dog) (GET) 3.object.id or no args?
• dog_path(@dog) (DELETE)

• dogs_path (POST)


Routes
• Name that Action
• dog_path(@dog) (PUT) Update

• dogs_path (GET) Index

• dog_path(@dog) (GET) Show

• dog_path(@dog) (DELETE) Destroy

• dogs_path (POST) Create


Controller Methods
• Why create & new?
• New then Create
dogs_controller.rb app/views/dogs/new.html.erb
def new <%= form_for(@dog) do |f| %>
@dog = Dog.new ...
end

dogs_controller.rb app/views/dogs/create.html.erb
def create <%= @dog.name %>
@dog = Dog.create(params[... ...
end


Controller Methods
• What if I want extra actions?
• Use Index for other stuff ( like search)
• Create your own if you have to
def my_crazy_custom_method
puts “This is OK, but not desirable”
end

index, new, create, destroy, edit, & update not enough?


Controller Methods
• What if I run out of methods
• Already used index, new, create, destroy, edit, & update
• Create a new controller !
• DogRacesController
• DogGroomerController
• etc.
multiple controllers per heavily used models is normal

Routes
• Cool - What about that search_path stuff?
• when resources don’t do enough use “match”

• Deﬁne custom routes using :as =>
match '/dog/show/' => 'dogs#show', :as => :search

• Use route in view as search_path


Routes
• How do I deﬁne http://localhost:3000/ ?

• Root of your application

root :to => "dogs#index"


link_to
• Send data using links
@dog = Dog.ﬁnd(:id => 2)

<%= link_to 'Some Action', @dog %>

• link_to generates a link
• Calls a Method
• Passes data


link_to
• What Path/Method is called by link_to ?


• Default method is GET
• @dog is a singular dog


link_to
• link_to can take a path directly


• So can form_for, form_tag, button_to ...


link_to
• What data does the controller see ?


def show

• dog_id = params[:id]
Dog.where(:id => dog_id)
...
end

• params returns a hash passed via http
request
• :id is the key passed from @dogs

link_to
• Why only pass ID?
def show
dog_id = params[:id]
Dog.where(:id => dog_id)

•Iend
...

• minimize data sent to and from server
• decouple data sent from object
• security & continuity
• http methods don’t natively accept ruby
objects

link_to
• Can I send other stuff besides ID?
• You betcha!
<%= link_to "Link Text", search_path(:foo => {:bar => 42} )%>

meaning_of_life = params[:foo][:bar]

• pass additional info into view_helper
arguments
• all data is stored in params

button_to
• like link_to except renders as a button
• default HTTP for buttons method is
POST
<%= button_to "button Text", search_path(:foo => {:bar => 42} )


Recap
• This example should make (more) sense now
• Connect controller actions to URLs
• Example: /dogs/show/2
• Will call DogsController#show
• Pass params[:id] = 2
routes.rb
resources :dogs


Recap
• Lots of view helpers take data from view to controller
• Pick the one that best suits your needs
• Run out of Routes to use?
• generate a new controller
• Forget a route
• Run: rake routes

Authenticating Users
• Cryptographic Hashes
• Authlogic


Crypto Hashes
• A function that takes any input and returns a
ﬁxed length string

Passwo
• function is not reversible
• minor changes in input

rds
• major changes in output a12n2
91234
8...

• Examples: MD5, SHA1, SHA256

Crypto Hashes
• Different input
• Different output

Pass
myPass

iff
myD
A12D
P29...
34U...
!= BG123


Crypto Hashes
• Same input
• Same output

ass
myPass

myP
A12D 4U...
34U...
!= A12D3


Crypto Hashes
• How does this help with user authentication?
• passwords shouldn’t be stored in a database
• store crypto-hash instead
• The same input produce the same output
• Compare hashed password to stored hash


Crypto Hashes
• Good for more than just users!
• Comparing large datasets for equality
• Authenticate downloaded ﬁles,
•


Crypto Hashes
• Considerations
• Collisions - happen

• Rainbow tables - exist

• Timing Attacks - are not impossible

• Don’t use MD5

• Helpful techniques

• “salt” your hashed data

• hash your Hash

Crypto Hashes
• Are Awesome
• Are Useful
•


Authlogic
• Authentication Gem

• Don’t write your own authentication
• Good for learning, but in production use a library

sudo gem install authlogic


Authlogic
class User < ActiveRecord::Base
acts_as_authentic
end

class UserSession < Authlogic::Session::Base

end

• Very ﬂexible, lightweight, and modular

• Doesn’t generate code, examples are online

Questions?
http://guides.rubyonrails.org
http://stackoverﬂow.com
http://peepcode.com


Rails3 Summer of Code 2010- Week 5

More Related Content

Similar to Rails3 Summer of Code 2010- Week 5 (20)

More from Richard Schneeman (9)

Recently uploaded (20)

Rails3 Summer of Code 2010- Week 5