0
0
Ruby on Railsframework~20 mins

Why authentication secures applications in Ruby on Rails - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Authentication Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user tries to access a protected page without logging in?
Consider a Rails app with a before_action that requires authentication for certain pages. What will the user see if they try to visit a protected page without being logged in?
Ruby on Rails
class DashboardController < ApplicationController
  before_action :authenticate_user!

  def index
    render plain: "Welcome to your dashboard"
  end
end
AThe user gets a 404 Not Found error.
BThe user is redirected to the login page before seeing the dashboard.
CThe user sees the dashboard content but with limited features.
DThe user sees a blank page with no content.
Attempts:
2 left
💡 Hint
Think about what authenticate_user! does before the action runs.
state_output
intermediate
2:00remaining
What is the value of current_user after a successful login?
In a Rails app using Devise, after a user logs in successfully, what does the helper method current_user return?
Ruby on Rails
user = User.create(email: "test@example.com", password: "password")
# After logging in with these credentials
current_user
AAn instance of the User model representing the logged-in user.
Bnil, because current_user is only set during signup.
CA boolean true indicating the user is logged in.
DAn error because current_user is undefined.
Attempts:
2 left
💡 Hint
current_user is a helper method provided by Devise.
📝 Syntax
advanced
2:30remaining
Which code snippet correctly restricts access to admin users only?
You want to allow only admin users to access the admin dashboard. Which before_action code correctly enforces this?
A
before_action :authenticate_user!, only: [:admin]
if !current_user.admin?
  redirect_to root_path
end
B
before_action :authenticate_user!, only: [:admin]
redirect_to root_path unless current_user.admin?
C
before_action :authenticate_user!, only: [:admin]
before_action :check_admin, only: [:admin]

def check_admin
  redirect_to root_path unless current_user.admin?
end
D
before_action :authenticate_user!, only: [:admin]
return redirect_to root_path unless current_user.admin?
Attempts:
2 left
💡 Hint
Think about where to put the admin check and how to use before_action properly.
🔧 Debug
advanced
2:30remaining
Why does this authentication code raise an error?
This code is meant to authenticate users but raises an error. What is the cause?
Ruby on Rails
class ApplicationController < ActionController::Base
  before_action :authenticate_user

  def authenticate_user
    unless current_user
      redirect_to login_path
      return
    end
  end
end
Abefore_action should call :authenticate_user! instead of :authenticate_user.
BThe method name should be authenticate_user! with an exclamation mark.
Ccurrent_user is not defined in ApplicationController.
Dredirect_to must be followed by return to stop execution.
Attempts:
2 left
💡 Hint
Think about what happens after redirect_to is called.
🧠 Conceptual
expert
2:00remaining
Why is authentication critical for application security?
Which statement best explains why authentication is essential to secure a web application?
AIt verifies the identity of users to prevent unauthorized access to sensitive data and actions.
BIt encrypts all data sent between the user and server to protect privacy.
CIt automatically fixes security bugs in the application code.
DIt speeds up the application by caching user sessions.
Attempts:
2 left
💡 Hint
Think about what authentication does before allowing access.