This is a professional-grade sample application that deals with users, microposts, and a full login and authentication framework with a CSS framework ass well as some custom styles, all of this developed using TestDrivenDevelopment.
It gives users the ability to sign up and create a user profile page. Once users can sign up, they can log in and log out as well. It protect pages from improper access basically developing a full Rails login and authentication system.
It provides User model validations to increase the odds of new users having valid email addresses but it makes sure of validating the email by adding a separate account activation step to the user signup.
This involves associating an activation token and digest with a user, sending the user an email with a link including the token, and activating the user upon clicking the link.
The process used to allow users to reset their passwords if they forget them is also similar.
At the beginning the application used to maintain the logged-in state until the browser was closed by the user.
The resulting authentication system allows to customize the site and implement an authorization model based on login status and identity of the current user. For example, the site header updates with login/logout links and a profile link.
Then, instead of “forgetting” users on browser close, a new more advanced system has been implemented.
It works by automatically remembering users, and can optionally remember users based on the value of a “remember me” checkbox.
As a result, taken together, those systems cover the most common types of login systems on the Web.
There is a security model in which only logged-in users can visit the user index page, only the correct user can access the page for editing their information and only administrative users can delete other users from the database.
Users have the ability to update profiles, but only their own. That also provides a natural opportunity to enforce an authorization model (made possible by the main authentication code already in place).
The identity of a logged-in user is used to create microposts associated with that user, and the current user can follow other users of the application (thereby receiving a feed of their microposts).
There is also a listing of all users (also requiring authentication), which uses sample data and pagination.