Create customers, manage authentication and authorization.

Customer account management

In order for a customer to place an order, he/she must create an account first. this allow customers to track their orders, and let the store admin had enough information to deliver the order.

Tradenity API offers the Customer resource which provides all the necessary infrastructure to create and manage user account, login and logout, safely store sensitive information such as password in encrypted format.

In this section we will learn how to integrate Tradenity Customer resource and related services within your application to allow your customers to create and manage their accounts.

Register new customer

camerastore_accounts.rb


get '/register' do
  erb :register, layout: :simple_layout, views: 'views/account', layout_options: { views: 'views' }
end

The registration form looks like this:


<h2>Registration</h2>
<div class="registration-grids">
    <div class="reg-form">
        <div class="reg">
            <p>Welcome, please enter the following details to continue.</p>
            <p>If you have previously registered with us, <a href="/login">click here to login</a></p>
            <form action="/register" method="post" >
                <ul>
                    <li class="text-info">First Name: </li>
                    <li><input type="text" value="" name="firstName"/></li>
                </ul>
                <ul>
                    <li class="text-info">Last Name: </li>
                    <li><input type="text" value="" name="lastName"/></li>
                </ul>
                <ul>
                    <li class="text-info">Email: </li>
                    <li><input type="text" value="" name="email"/></li>
                </ul>
                <ul>
                    <li class="text-info">Username: </li>
                    <li><input type="text" value="" name="username"/></li>
                </ul>
                <ul>
                    <li class="text-info">Password: </li>
                    <li><input type="password" value="" name="password"/></li>
                </ul>
                <ul>
                    <li class="text-info">Re-enter Password:</li>
                    <li><input type="password" value="" name="confirmPassword"/></li>
                </ul>

                <input type="submit" value="REGISTER NOW"/>
                <p class="click">By clicking this button, you are agree to my  <a href="#">Policy Terms and Conditions.</a></p>
            </form>
        </div>
    </div>

To create a new Customer instance, we simply populate the Customer instance with data, then call Customer#create method.

camerastore_accounts.rb


post '/register' do
  customer = Customer.new(firstName: params['firstName'],
                          lastName: params['lastName'],
                          email: params['email'],
                          username: params['username'],
                          password: params['password'])
  customer.create()
  redirect to('/login')
end

Login

Now, the customer created successfully. let’s implement the login functionality. We try to get a customer with the specified ID using Customer#find_by_username method. If it returns valid customer, we check the password.

Please note that the password stored as encrypted text using bcrypt algorithm, so to check for its validity, either use the provided Customer#is_valid_password or implement your own bcrypt matching. plain text comparison will not work.

camerastore_accounts.rb


post '/login' do
  customer = Customer.find_by_username(params['username'])
  if customer != nil && customer.valid_password?(params['password'])
    session[:customer_id] = customer.id
    if session.has_key? :target_url
      target_url = session[:target_url]
      session.delete(:target_url)
    else
      target_url = '/'
    end
    redirect to(target_url)
  else
    erb :login, layout: :simple_layout, views: 'views/account', layout_options: { views: 'views' }
  end
end


Logout

camerastore_account.rb


get '/logout' do
  session.delete(:customer_id)
  redirect to('/')
end