I'm making an app with a User model that will use devise for authentication. I'm also seeding it with a lot of data that I already have, and making columns for data that I anticipate having (such as social network profiles and personal information I don't have yet). As the table columns started to add up, it occurred to me that I might create a User table for authentication data, and then some sort of User_Profile table for details about the user that will appear on their profile page. I'm wondering if this would be a better idea or just stick everything in one table and then continue to add more columns related to the user as i think of them.
User.create!(
devise related columns ommitted....
firstname: "Marcy",
middle: "Eve",
lastname: "Bishopf",
sex: "f",
company: "Johnston Windows",
address: "210-3260 North Dr",
city: "Victoria",
province: "BC",
postal: "V9T 1XS",
email: "mb#blahblah",
phone: "(250) 756-3777",
website: ""
twitter: "",
facebook: "",
linkedin: "",
year: "",
school: ""
motto: ""
more columns for personal data that I haven't thought of yet
)
If I understand correctly, you need to have User Authentication as well as User meta data (name and other profile fields) persisted in the database.
You should definitely normalize the database, User Table for Authentication along with a separate User Profile table referenced by user_id from User Table is preferred.
This is important for the following reasons:
When the user needs to log in, you simply have to check the hash of the password against the User Table.
When the user is logged in, you can simply fetch the profile from the User Profile Table by using the user_id of the logged in user.
When a new column is added to User Profile table, your User Table is not impacted.
However when your number of Users are large, altering the table User Profile could be costly operation locking the table.
Related
I have a table of users, this table has two columns: email (unique, index) and new_email (index).
When the user needs to change his email, the new_email saves this new address until confirmation. I need to validate it against the email column so I don't get a uniqueness error when I try and confirm it, updating the email field.
I already tried scope, but it doesn't seem to work in my case.
As this is a legacy project, I can't change this flow/structure. So I'm looking for a "rails way" to do this validation.
I am trying to create "child" accounts for a registered user.
So, after signing up and authenticating the account I would like to give that user the possibility to register further accounts; for other people to use without the need of an additional email or authentication. These child accounts would be linked back to the main user and that main user can delete/update them.
I am not sure if this is possible with Firebase. I have done some research but have not found a simple or any solution.
Thank you in advance.
The answer is yes, you can do that but there are caveats.
The biggest one is an admin/user situation is that when .createUser is called from the admin account (on the device) it will automatically log IN the createdUser and log OUT the admin. There are a number of posts regarding this behavior.
There are a number of options but one that I would suggest is to leverage the Firebase Admin Auth API which allows you to manage users without having to continually utilize the Firebase Console or do one of the workarounds required on the client side. A node.js example of creating a user looks like this
admin
.auth()
.createUser({
email: 'user#example.com',
emailVerified: false,
phoneNumber: '+11234567890',
password: 'secretPassword',
displayName: 'John Doe',
photoURL: 'http://www.example.com/12345678/photo.png',
disabled: false,
})
.then((userRecord) => {
// See the UserRecord reference doc for the contents of userRecord.
console.log('Successfully created new user:', userRecord.uid);
})
.catch((error) => {
console.log('Error creating new user:', error);
});
At my company we're designing a new flow for our user to register. User and Company are very closely tied to each other. Due to several reasons we can't create the user and the company one after the other but we need to create them at the same time.
However as our form is on several steps, we collect all the user input in a separate Registration model in a jsonb attribute and then create the user and company at the end of the process from this intermediate model.
One of the problem is that we collect the user password. However as we're storing the registration in our database, the password is exposed.
How would you try to protect this?
EDIT: We're using Bcrypt to encrypt password
I have not tried this but I guess this will work. You can use the following code to encrypt the password before storing it as intermediate json.
my_password = BCrypt::Password.create("my password")
If you have designed the User model properly, there will be a password_digest field in your table. So while saving encrypted password, use:
#user.password_digest = my_password
instead of
#user.password = my_password
where you expect encryption to take place in the background.
I'm making my first app with rails and this app would be accessible only if user are logged and only admin can create user, so when my app would be online I need at least one admin to create the other right ?
I tried with seed to create an user, the user is well created but I can't connect to my app with it, I think it's a prob with the encrypted password, here is what I have done :
UserManager::User.create({ name: 'a', surname: 'a', email: 'a', active: true, id: 1, password_hash: 'a', password_salt: 'a'})
Is that possible and it is right to create user with seed ? and if it is how can I do to encrypt the password in seed ?
I'm making my first app with rails and this app would be accessible only if user are logged and only admin can create user, so when my app would be online I need at least one admin to create the other right ? Yes
Is that possible and it is right to create user with seed ? This is probably a debatable point, but as long as you secure your seed file, it may be a reasonable approach. You probably want to change the password as soon as possible and/or use an environment variable for your password. Whatever you do, don't use plaintext, add your admin password to your git repository and then leave it unchanged in production.
and if it is how can I do to encrypt the password in seed ? You probably shouldn't be loading attributes like password_hash and password_salt explicitly. Instead, just set password (and password_confirmation if you have it).
You should be Running:
UserManager::User.create(name: 'a', surname: 'a', email: 'a', password: 'foobar123', password_confirmation: 'foobar123')
Other answer by Steve answers the remaining issues.
I have User table and Employee table, but I have only one login form for user(Admin). I want to login Employee also from same login page please help me as soon as possible? In MVC.
First check if username exits in the User table, if it does then match the password and return accordingly. If doesn't exist then check username in employee table and match password. If not found in both tables, return user doesn't exist.
I prefer having all my users in one table, then assigning them the Admin role if required.
But if that is not an option, check if the user exists in the admin table, if not, check the users table. If still not, don't log him in. Otherwise do the rest of the login process.
My preference is:
All users should be into a single table. And user table needs to contain a column "isAdmin[bool]".
when user press on the login button with correct username and password, system will check the role. if isAdmin == true then the user should log into the system with admin functionalists as well as the regular employee functionalists. Because a admin is also an employee.
when isAdmin==false the the user should log into the system with only employee functionalists.
Try to learn more about role based authentication.
Thanks