Blog: Authentication
Mix.install([
{:jason, "~> 1.4"},
{:kino, "~> 0.9", override: true},
{:youtube, github: "brooklinjazz/youtube"},
{:hidden_cell, github: "brooklinjazz/hidden_cell"}
])
Navigation
Home Report An Issue Phoenix AuthenticationMany-To-Many RelationshipsBlog: Authentication
You’re going to add authentication and authorization to your existing Blog project, and modify posts and comments so that they belong to a single user.
Use the mix phx.gen.auth
command to generate the initial authentication system.
mix phx.gen.auth Accounts User users
Requirements
erDiagram
Post {
string title
text content
date published_on
boolean visibility
id user_id
}
Comment {
text content
id post_id
id user_id
}
User {
string username
string email
string password
string hashed_password
naive_datetime confirmed_at
}
User ||--O{ Post : "owns"
User ||--O{ Comment : "owns"
Post ||--O{ Comment : "has many"
Requirements
-
Migration & Schema
-
Add a
username
field to the user that is between4-20
characters. - Associate a user with posts and comments. Enforce that a post or comment must belong to a user. A post or comment cannot exist without an associated user.
-
Add a
-
Functionality
- Associate comments with the currently signed in user upon creation.
- Associate posts with the currently signed in user upon creation.
- Display user’s username on each post.
- Display user’s username on each comment.
-
Authorization
- Ensure Users can only edit and delete their own posts
- Ensure Users can only edit and delete their own comments
- Ensure only signed in users can create posts
- Ensure only signed in users can create comments
-
Tests
- Write Context and Controller tests to ensure posts are created with a user.
- Write Context and Controller tests to ensure comments are created with a user.
- All tests should pass. You may need to modify old tests to ensure they continue to pass.
All users should be able to view all blogs, however only authorized users should be able to create, edit, and update their own blogs.
Authorization Requirements
Ensure you:
- Associate blogs with a user. Blogs should belong to a user.
-
Allow all clients to access the
:index
and:show
actions for blogs. -
Allow only authenticated users to access the
:new
, and:create
actions. -
Allow only authorized users to access the
:edit
,:update
, and:delete
actions only for their own blogs.
Bonus: Authorized Comments
Add the same authorization for comments.
Ensure you:
- Associate comments with a user. Comments should belong to a user and a blog.
- Allow all clients to read all comments.
- Allow only authenticated users to create comments.
- Allow only authorized users to edit and delete their own comments.
Commit Your Progress
DockYard Academy now recommends you use the latest Release rather than forking or cloning our repository.
Run git status
to ensure there are no undesirable changes.
Then run the following in your command line from the curriculum
folder to commit your progress.
$ git add .
$ git commit -m "finish Blog: Authentication exercise"
$ git push
We’re proud to offer our open-source curriculum free of charge for anyone to learn from at their own pace.
We also offer a paid course where you can learn from an instructor alongside a cohort of your peers. We will accept applications for the June-August 2023 cohort soon.