Activity 1

Modify the user update function to require and validate the current password before allowing a user’s password to be changed.

Hint: you can add markup specific to a particular action in _form.html.erb by adding an if check ensuring that params[:action] is the one you want.

Hint: you can simultaneously retrieve and remove the non-database field from the params hash by using the delete method.

Discuss

Activity 2

When the system is freshly installed on a new machine, there are no administrators defined in the database, and hence no administrator can log on. But, if no administrator can log on, then no one can create an administrative user. Change the code so that if no administrator is defined in the database, any username works to log on (allowing you to quickly create a real administrator).

Hint: User.count.zero? can be used to determine if there are any existing users.

Discuss

Activity 3

Experiment with rails console. Try creating products, orders, and line items. Watch for the return value when you save a model object—when validation fails, you’ll see false returned. Find out why by examining the errors.

Hint: check out the documentation for full_messages

Discuss

Activity 4

Look up the authenticate_or_request_with_http_basic() method and utilize it in your :authorize filter if the request.format is not Mime::HTML. Test that it works by accessing an Atom feed.

Hint: check out the documentation for authenticate_or_request_with_http_basic

Discuss

Activity 5

While we have gotten our tests working by performing a login, we haven’t yet written tests that verify that access to sensitive data requires login. Write at least one test that verifies this by calling logout() and then attempting to fetch or update some data which requires authentication.

Hint: authentication errors result in redirections to login_path.

Discuss