Basically all the guides show you how to use the generator to create a basic authentication system. But in real life there may be a need to add other fields to the user such as first_name, last_name, phone, address, country_id (fk to a countries table...)
Is this even possible with this generator? Or should I look into writing my own system from scratch?
The generator gives you the very basic needed for Authentication. If you need to add more things to your user, you can always modify the class.
Related
I'm fairly new to rails. I'm having problem on designing the model classes. So this app will be used by 5 different users(Students, Teachers, Head and Coordinator). They each are different users to login into the website and have different functionality (example: Head makes an event. Students register for an event. Coordinator sets who can be head etc). I have created all four models with USERNAME and PASSWORD on each models.I don't have user model right now because the users in this app are these 4 models. Now, while making login page, i'm having hard time on implementing the best way to authenticate the users. For example, If a Head puts its login credentials, the app should identify that user that logged in is Head. What approach will be best to encounter this?
Also, after not figuring out the way to approach this. I was thinking of using devise and CanCanCan gem. But the same promblem comes in even if i use this gems.(i maybe wrong)
Do not create multiple models for different kinds of users. This is almost always not what you want. Instead add a column called role of the type enum which contains all of the kinds of roles you want to add like Sergio pointed out. Your comment about having too many attributes on one model is a non issue compared to the one you are planning to create with 5 user models.
It sounds like you are possible putting too much data on the user model if that is your concern
and have different functionality (example: Head makes an event. Students register for an event.
For this you want a permissions system such as cancancan where you can specify which features of the website each role has access to.
I want to build a simple site with various number of landing pages which have different forms
Example with two fields: email and zipcode
Each form has email field and random number of other fields: first_name, city ...
I am wondering about use hstore for completing properties for each email because
I don't want to have multiple records with the same email and other properties.
I have only one concern, How would be good pattern to avoid the situation when other people are being able to override fields if they are know email address which already exist in database?
I don't think that hstore adds any new security issues. The simple answer is to treat it like you would anything else, and check appropriate permissions. For example you could add a password check for updating info relating to the email.
With security like this there are a large number of ways to do things. Your first decision needs to be where to enforce security. In the database? In the web app? etc. From there, the security decisions should be relatively obvious. For example, this determines where to check the password, and where to check that only the appropriate email can be updated. The best answer here will depend on your environment.
If this is a simple web site you probably want to enforce appropriate behavior in the web app level. The specifics will depend on your language of choice, etc.
When is it okay to use multiple devise models?
I have 3 types of users - users, vendors and admin. Vendors have a bunch more fields than users so I want to have separate tables for them. Users can sign up and sign in using facebook (vendors cannot). And users and vendors share the same sign-in page/form.
I started with multiple devise models, got confused how to handle a single sign-in page, and then read a lot here about using polymorphic associations and STI instead of discrete models. I'm still confused as to when each approach should be used and what would work better here... i know its a little vague, any advise would be great though, or any good links..
Users also fill out a bunch of extra fields when they sign up - even through facebook. How can I keep track of those fields for an omniauth login? (and should I use devise for this or something like omniauth identity..?)
Thanks for looking at this! I'm a rails newbie setting up authentication first time, really appreciate the help
Depending on the case it is recommended to separate or use a single model. The alternatives:
Use separate models, override the controllers, so firstly you check if the record match in User, and if it doesn't match try with Vendor
Use a single model for storing User and Vendor, use a boolean (a string if it is a polymorphic association) to check the kind of user, and add related models in order to store the additional fields
I think option #1 is easier but bigger, and option #2 is a little bit difficult but shorter.
Also, it would be a good idea to separate the models because User connects to FB and Vendor no, it represents a lot of differences.
In another way, the searches will be faster using option #2, because it will be only 1 query, and the table will be light because it will not contain the specific fields for users and vendors; you also have to consider this in order to make a decision.
For Admin you can follow a similar criteria.
Check this out: https://github.com/mkdynamic/omniauth-facebook
I am trying a weird thing in devise. Here I have got two types of login.
1) Default devise login using username and password.
2) Login with user id and password.
The password (password2) in second step is different from that (password1) in first step.
I want to login through both using same interface, i.e. there will be one login page where you need to enter email or user id and corresponding password (password1 or password2 respectively).
Is it possible to do the same in devise?
Thanks
Paritosh
Allowing multiple user identifiers is discussed on the Devise wiki which I have linked here.
Update: However, as I now understand, you want two separate sets of credentials (userid/pw1, and email/pw2) for some reason.
I think the answer to your question is that "while it's possible to accomplish with Devise, it's far more effort to change Devise than it is to write yourself". If you look at the link, there's actually a fair amount of work needed to make the simpler change of accepting either userid or email for the same password. It gets even more complicated when implementing your requirements.
Unless you really create your own system from scratch, either Devise or Rails' built-in has_secure_password both make several assumptions about the name of the attribute holding the password (i.e. that it's called password). And while there's an assumption that there's a (single) model containing the authentication information and this attribute, I see no reason why you couldn't have two models, perhaps both belonging to a User model, each of which provide the basic functionality of encrypting, storing, and validating the attributes for the method the user has used, but for which all of the other functionality is provided by the parent User record, and its controllers and views. Some simple logic in the User model determines which method is being used and farms off that functionality to the appropriate sub-model.
So yeah, it can be done, and I would suggest has_secure_password will be simpler in your unusual case.
But perhaps it's worth asking: if I am the first person to encounter this situation, perhaps there's an alternative that could meet my requirements that follows some existing convention or approach. For example, is this a "single sign-on" interface that provides authentication for several unrelated services? If so, that might be the thing to search for.
here is a complete tutorial to login with both username and email. you can replace username with user_id or whatever you required.
I have seen lots of similar questions here but nothing that quite fits my need.
I am a pretty experience rails developer but this new project is my first time using both Rails 3 and Devise (I'm normally on authlogic).
My app has two different models that I want to authenticate via devise.
One, User is just a standard users model
Two, Business is similar to a user, (it has an email address column too) but it has additional info in the database (address, phone number, etc..)
I want to be able to log them both in via the same login form. Then obviously once they are logged in they will be presented with different info depending on what type of Model has logged in.
It may or may not be relevant that I was planning on using OmniAuth to allow Users (though probably not businesses) to sign up/on via facebook.
Thanks!
What's the easiest way to go about doing this?
I think the only way to handle this would be to have your own custom sign in form and controller that determined the type of user and then sign them in correctly. I would recommend an approach like what mark mentioned for simplicity (take a look at something like CanCan to manage roles).
Another potential problem with having multiple user models is that you will have multiple versions of all the devise helper methods. So for current_<resource> and <resource>_signed_in? you would have current_user, current_business_user, user_signed_in? and business_user_signed_in?. Then you would either have to implement your own versions of these methods or you would need to check both versions everywhere you used them.
Can do this in application_controller?
current_user = current_resource_a || current_resource_b