Validate, Authenticate and Secure — Oh my!

Topic: Validation, authentication and securing a password. These seemingly all sound similar but different and why am I using them in my project?

When studying them, they seemed easy and obvious but once I saw it in my code, I found myself getting confused at the fact that has_secure_password(located in my user model) and then “validates :email, presence: true” do the same thing.

What these methods do is adds methods to set and authenticate against a BCrypt password. This mechanism requires you to have a XXX_digest attribute (in this case password_digest is located in my CreateUser class). Or in other words BCrypt will store a salted, hashed version of the users’ passwords in the database in a column called password_digest. Once a password is salted and hashed, there is no way for anyone to decode it.

Lets get on with this has_secure_password. To start, has_secure_password is a macro. A macro is a method that when called, creates methods for you. The macro has_secure_password is being called just like any other ruby method. It works in conjunction with a gem called BCrypt and it allows us to store passwords in a secure way that isn’t a plain text password. has_secure_password is also a method called authenticate. You don’t see this method because it’s “invisible.”

Well, what are validations? Validations are used to ensure that only valid data is saved into your database.
Also in the validation, you’ll see “uniqueness.” Uniqueness is a validation helper that I am using in my project to make sure that an email is not used more than once.

In conclusion, I wanted to give a layout of these different attributes when validating, securing a password and authenticating the users. These words can seem easily jumbled up and I wanted to go in depth to explain what they mean. They do mean very similar things but can be used in different contexts.

Kindly your Software Engineer,

Alicia