Authentication is the verification of your identity. That way we can know what user is using the app. To perform authentication in my application, I’m using a gem called shield.

For use shield, you need to install the gem:

$ gem install shield

We will perform the authentication with the sign up.

To use shield should be placed include Shield::Model in your User class.

class User < Ohm::Model
  include Shield::Model

  attribute :name
  attribute :email
  attribute :crypted_password

  collection :inputs,  :Input
  collection :types,   :Type
  collection :outputs, :Output

  unique :email

  def self.fetch(email)
    with(:email, email)
  end
end

Cuba allows you to separate routes in multiple files. Instead of defining everything in app.rb, we create a folder called routes and in this folder we place different routes files, one for users and one for guests.

class Guests < Cuba
  define do
    on("login") do
      on post, param("user") do |params|
        user = User.authenticate(params["email"],  params["password"])

        on user do
          authenticate(user)

          res.redirect("/dashboard")
        end

        on default do
          render("login", title: "Login")
        end
      end

      on default do
        render("login", title: "Login")
      end
    end

    on("signup") do
      on post, param("user") do |params|
        sign_up = SignUp.new(params)

        on sign_up.valid? do
          user = User.create(sign_up.slice(:name, :email, :password))

          authenticate(user)

          res.redirect("/dashboard")
        end

        on default do
          render("signup", title: "Sign Up")
        end
      end

      on default do
        render("signup", title: "Sign Up")
      end

    end

  end
end
end

In this example what I’m doing is defining that for the login to happen there must be a user parameter.
We need to authenticate the parameters email and password.
If the user authenticates she should be redirected to the dashboard page.
But if not authenticated (or not being registered) she must be taken to the login page again.

For the sign up is the same, I need a user parameter.
If sign up is valid (validated with Scrivener) a user will be created (Ohm) and redirect to the dashboard page.
But if the sign up is invalid (for example an incorrect email) you must be taken sign up page again.

To see the changes, you can access to my repository: Migraine App