"To Do
Get the tests to pass. You'll need to use 'bcrypt' to salt your password and make sure that it is encrypted. You'll also need to create a users table. A user should have a username and password."

Above is the ReadMe To Do. The user according to the test should have username and password_digest not password.

Update solution code to use session[:user_id] and memoization.

Link in curriculum leads to broken repo link

1. App Logging In displays the user's account page if username and password is given
   Failure/Error: expect(page.current_path).to eq('/account')

   expected: "/account"
   got: "/login"

   (compared using ==)

   ./spec/secure_password_spec.rb:73:in `block (3 levels) in <top (required)>'

the starter code on this lab comes with an '/success' controller that redirects to success.erb when it's supposed to be a '/account' controller going to account.erb.

My guess is that it was simply copied from the previous lab (sinatra-password-security-v-000) and wasn't updated accordingly.

The post '/login' route, doesn't require a user.authenticate.

It should have 'user.authenticate(params[:password])' in there since that seems to be an important part of the lecture preceding this, password security. Currently, that route's spec only checks to see if the inputs aren't empty but doesn't ask to see if the password has been authenticated.

Just explain how they are magical methods that will show up

Tests can pass where the User can access the Login page from signup without a valid password if they leave the field blank.

if (@user.username != "" ? true : false ) && (@user.password != "" ? true : false ) @user.save redirect to '/login' end redirect to '/failure'

Will pass the tests even if the field is blank because it will evaluate as true.

Ready for review, issues addressed cc @vicfriedman

Bundler loads version 5.2 which raises the following error:

config.ru:3:in block in

Update gemfile (as follows) to resolve the error-
gem "activerecord", '<= 5.1'

When running learn and shotgun, you can't hit pry unless you move it up in the gemfile as shown:

gem 'shotgun'
gem 'pry'

group :development do
  gem 'sqlite3'
  gem 'rspec'
  gem 'tux'
end

Thank you.

Hi. Currently, one of the tests for the "/login" route looks like this:

describe "Logging In" do
...
it "displays the failure page if no password is given" do
      visit '/login'
      fill_in "username", with: "sophie"
      fill_in "password", with: ""
      click_button "Log In"
      expect(page.body).to include('Flatiron Bank Error')
      expect(page.current_path).to eq("/failure")
      expect{page.get_rack_session_key("user_id")}.to raise_error(KeyError)
    end
...
end

As I discovered, though, this test passes even if I don't call the authenticate method on the password. In other words, this code passes the above test (as well as all of the other tests):

post "/login" do
    user = User.find_by(username: params[:username])
    
    if user
      session[:user_id] = user.id
      redirect "/account"
    else
      redirect "/failure"
    end
  end

The reason for this, is that in the test above, the User with the username of "sophie" is never saved into the "users" database. This means that when params[:username] is set to "sophie", user = User.find_by(username: params[:username]) returns nil; thus, the "/login" route redirects to the "/failure" route because of a nil user instead of a blank password. This then leads to the test passing with a false positive.

There are at least two solutions to this problem:

1. Change fill_in "username", with: "sophie" to fill_in "username", with: "avi" (since one of the earlier tests saved "avi" into the "users" database)

or

2. Add this line of code to the start of the test (before visit '/login'): @user = User.create(:username => "sophie", :password => "random_password")

I tried out both solutions, and the test failed correctly each time.

I know that this is probably an edge case, but thanks for looking into it!

---Sdcrouse

The commits were made into master.

Need to change: gem 'activerecord'
to: gem 'activerecord', '4.2', :require => 'active_record'

https://github.com/learn-co-curriculum/sinatra-secure-password-lab/blob/master/app/controllers/application_controller.rb and all the other files

Hey there,

This lab has outdated gems. I deleted the Gemfile.lock on the lab and it seems to work for now.

Best,
Amanda

The tests want the user's id to be stored in session[:id], but the pre-written code uses session[:user_id].

The only command I did was rake db:migrate, and the tests all passed. Makes for an easy lab, but not the best learning tool.

In the solution to this lab, it passes the test but doesn't actually save the users info so you can login with the new sign up info that was created.

Code Snippet of solution provided:

  post "/signup" do
    if params[:username] == "" || params[:password] == ""
      redirect '/failure'
    else
      User.create(username: params[:username], password: params[:password])
      redirect '/login'
    end

  end