Putting all of the draft:account actions into one controller, ____AuthenticationController (I believe that this is the pattern Devise follows?); to make it easier to see in one place and understand, and skip the :force____sign_inbefore_action for signing up/in a person opts in to that.
I believe the older approach grew organically out of adding authentication to an existing tutorial project while I was recording a video (photogram-gui => photogram-signin) and then we codified it in this gem.
I also replace session.fetch() with session[] temporarily because Rails has added fetch itself; our monkeypatch now has different behavior than the canonical method. After this quarter, we'll go back to .fetch. In preparation for that, I replace ActiveRecord::Relation#at(0) with .first so that the gem will ultimately be able to be used without our monkeypatches.
To review:
Include gem 'draft_generators', github: 'firstdraft/draft_generators', branch: 'rb-spring-2020'
Try to break draft:account in various ways.
skip_forgery_protection if you're using a vanilla Rails app.
Putting all of the
draft:account
actions into one controller,____AuthenticationController
(I believe that this is the pattern Devise follows?); to make it easier to see in one place and understand, and skip the:force____sign_in
before_action
for signing up/in a person opts in to that.I believe the older approach grew organically out of adding authentication to an existing tutorial project while I was recording a video (photogram-gui => photogram-signin) and then we codified it in this gem.
I also replace
session.fetch()
withsession[]
temporarily because Rails has addedfetch
itself; our monkeypatch now has different behavior than the canonical method. After this quarter, we'll go back to.fetch
. In preparation for that, I replaceActiveRecord::Relation#at(0)
with.first
so that the gem will ultimately be able to be used without our monkeypatches.To review:
gem 'draft_generators', github: 'firstdraft/draft_generators', branch: 'rb-spring-2020'
draft:account
in various ways.skip_forgery_protection
if you're using a vanilla Rails app.