Auth in Theory
Objectives
Utilize sessions to remember users between page loads
Utilize bcrypt to hash passwords
Utilize hooks and validations to hash passwords and verify data
Utilize class/instance methods to authenticate users
Utilize middleware to authorize users on each page request
Authentication is a complex concept that involves using many of the concepts you've already learned and several new concepts. An authentication system allows the registration / signup of new users and allows those users to sign in.
Authentication vs. Authorization
Authentication: Proving that a user is valid
Providing a username and password is a method of proving user validity
Authorization: The rules that allow a user to perform actions
Admins may be authorized to delete users, while regular users cannot delete other users
Creating Authentication
To facilitate creating an authentication system, we need to create the following:
GET /auth/signup
- form where the user can registerPOST /auth/signup
- route to create a user in the databaseGET /auth/login
- form where users can loginPOST /auth/login
- validate the users e-mail and passwordA user model/table to store user data
All of the above we've already learned how to do in the past couple weeks.
Additionally, we need to:
Hash the user's password
Create a session to remember a user between page loads
Create a way to easily check if the user is logged in
Deny the user access to certain pages if they aren't logged in
To do this we need to learn some new concepts.
Last updated