Write up some notes and ideas on the following:
you need to store a user in a database table; what do we need to know about them (ie, email, password)
>>>email and password that match the one saved in the system, other nice to know info might be date account was created, full name, adress, phone number.
how can we store a password in a secure way (ie, if our database is compromised, how can we protect their passwords from prying eyes)
>>>Rails form_with has an option for hidden fields so that the password isn't visible as it's being typed. Rails
password_digest is a built in secure password module that can be used for this purpose. It using hashing to encrpt the
password
how would we store the idea of what a user is allowed to do on a web site
>>>Various permissions can be established that are saved in the user data base that can can toggled as desired.
how would we build a safe login page
>>>Authenticate the user with their username and password. Limit the number of times a user can attempt to login during a specified period of time.
how could we tell if a user is logged in since HTTP is “stateless”
>>>You could allow the user to remain logged in for a specified period of time after they log in. You can also give the user the option to stay logged in. This functionality would use cookies to store the user's preference.
how could we allow a user to “stay logged in for 7 days” even if your Rails app is restarted
>>>A cookie with an expiration set at 7 days.
On one piece of paper, write out all of the parts of an example HTTP GET request (Diagram the DNS look-up as well as how a Rails Application would handle the request via MVC) On a separate piece of paper, write out an example 200 response to that request with all of the parts Bonus write your explanation as a metaphor Bring this to class day 1.
How does “params” get built in Rails, and what precedence is given for query parameters (ie ?id=5 in a URL) versus dynamic placeholders (ie /book/:id) versus data sent in the body of a request from a form.
Params are generated by rails by the time the http request hits routes. They are also available in the controller. Routing data or "dynamic placeholders" is generated automatically from the route information including the actiona and the controller, but params can also be as quesry string data and post data. As far as I know, rails does not give any of these preference over one another, atleast not in the controller. In the controller it is up to the dev to use the available params as needed.
Start writing up some notes based on the Rails documentation:
https://guides.rubyonrails.org/action_controller_overview.html#parameters
-
Query String Parameters Sent as part of URL after the ? Can send arrays if desired using the syntax>> ?ids[]=1&ids[]=2&ids[]=3 <<<This returns ["1", "2", "3"]
-
Post Data Usually comes from HTML form Can also send arrays with the following syntax>>
<form accept-charset="UTF-8" action="/clients" method="post"> <input type="text" name="client[name]" value="Acme" /> <input type="text" name="client[phone]" value="12345" /> <input type="text" name="client[address][postcode]" value="12345" /> <input type="text" name="client[address][city]" value="Carrot City" /> </form>
<<<When this form is submitted, the value of params[:client] will be { "name" => "Acme", "phone" => "12345", "address" => { "postcode" => "12345", "city" => "Carrot City" } }. Note the nested hash in params[:client][:address]. Parameters can also be sent in JSON files.
- Routing Parameters The params hash will always contain the :controller and :action keys, but you should use the methods controller_name and action_name instead to access these values.
You can set global default parameters for URL generation by defining a method called default_url_options in your controller. Such a method must return a hash with the desired defaults, whose keys must be symbols:
```
class ApplicationController < ActionController::Base
def default_url_options
{ locale: I18n.locale }
end
end
```