Ruby on Rails Crash Course: Authentication and Authorization

10 Chapters
54 Lessons
Created 02/2021
Last updated 03/2022
All levels
Certificate of Completion
Access to Member-Only Q&A
Access to Member-Only Resources
Full Lifetime Access & Updates
When creating a Web application, you usually have to start with the two key elements:
  • Authentication - User log in, user account management.
  • Authorization - User roles and permissions.
Code-Along and build a Web App MVP covering all aspects of Log-In, User Management, and Role-Management functionality.

Core topics covered:
  • Basic authorization via email (Devise)
  • Social log in via Google
  • Social log in via Facebook
  • Social log in via Twitter
  • Social log in via Github
  • Devise confirmable
  • Devise trackable
  • Devise lockable
  • Devise invitable - Inviting users to join the app via email
  • Banning users
  • Deleting users
  • Editing user profile
  • Managing user roles (admin, teacher, student) without any gems
  • Role-based access to different features (example: only admin can ban a user) without any gems
  • Blocking bot registrations
  • Sending transactional emails in production (Amazon SES)
By the end of the course you will have created a boilerplate, based on which you can build any business application of your dream.
This course can be interesting for Ruby on Rails developers of all levels: for beginners and for veterans.
As a beginner, you will get the whole experience of thinking and building the core lifesystem of any modern Web Application.
As a veteran, you will get acquainted with some exquisite approaches for problem-solving, and features that you could have not encountered in the past.
We are not going to cover the fundamentals of what Ruby and Rails are: there are other, more basic courses for that.
Instead, we will dive straight into coding along and building our application step-by-step, feature-by-feature.
As well all enrolled students will have access to the source code, support materials and discussion groups.

Looking forward to seeing you inside!

10 chapters
54 lessons

Chapter 1. Hello World. Install Ruby on Rails. Git.
8 lessons
1. Preview of the final application
2. create development environment, install ruby on rails 6, create app
3. push application to github
4. PRO TIP - ssh connection - push to github without re-entering password
5. hello world - generate a static page
6. connect heroku - run application in production
7. PRO TIP - delete changes, undo commits
8. AWS - no space left on device - add 20 gb storage
Chapter 2. Basic styling. Bootstrap. Fontawesome.
4 lessons
1. Install bootstrap with yarn and webpacker
2. Bootstrap basic usage
3. Install and use Fontawesome icons
4. Responsive screen width
Chapter 3. Advanced User Authentication (log in functionality)
11 lessons
1. gem devise basic installation
2. bootstrap navigation for devise
3. customize devise views with bootstrap
4. devise confirmable
5. users index and user show pages
6. devise trackable
7. create fake users with seeds.rb
8. redirect user to specific page after sign in
9. users can be deleted
10. devise lockable
11. users can be banned and unbanned
Chapter 4. Log in with social accounts
8 lessons
1. gem omniauth-google-oauth2 - social log in with google
2. social log in with github
3. social log in with twitter
4. log in with facebook
5. display user data from social log in
6. Social login in production
7. Credentials and encryption
8. Make credentials work in production (heroku)
Chapter 5. User Roles and Authorization (without gems!)
3 lessons
1. Create and edit User roles
2. assign default role to user after creation
3. Authorization - only admin user can edit user roles
Chapter 6. Styling the app
6 lessons
1. responsive tables with bootstrap
2. disappearing flash messages with toastr
3. footer at the end of page
4. styling for true false values
5. styling user views
6. 3 ways to change background color for the app
Chapter 7. Inviting users via email to join our app
6 lessons
1. gem devise-invitable - create and invite users to the app
2. devise invitable docs and views - going deeper
3. button to Resend confirmation instructions to unconfirmed users
4. button to Resend invitation to unconfirmed users
5. Authorization for resend_confirmation_instructions
6. Authorization for resend_invitation
Chapter 8. Preparing for production
4 lessons
1. gem invisible_captcha - no bot sign ups
2. sending emails in production with Amazon SES
3. gem exception_notification - receive emails if errors in production
4. rename app from ruby-gems-bootcamp to superauth
Chapter 9. PRO FEATURE - Strong params authorization
3 lessons
1. user name can be edited
2. strong params - only admin can edit roles, any user can edit names
3. strong params authorization - user can edit his own profile
Chapter 10. Bonus features, Adjustments and Improvements
1 lesson
1. user can not ban himself