I've been battling at how to accomplish this for a while and even started working on different solutions only to notice it's not very practical or could lead to problems.
Scenario: A user can create an Admin account and invite (mail invite) another user as a Client. I was thinking of using the devise_invitable gem to handle the invitation process. I'm not sure if I should have 2 models (Admin/Client).
Gems I've been considering:
devise
devise_invitable
cancancan
pundit
rollify
The thing is that whatever setup I use for authentication and authorization must comply with devise_invitable gem given that its a load of my mind to build that functionality myself.
Devise and Oauth 2.0. If you need an admin panel you can use rails_admin or there are a variety of admin gems as well, Or you can make your own.
Related
I've been using Devise's LDAP_authenticable gem for weeks now with a Rails 4 application and it works great for authenticating and finding a users LDAP information when I have someone's samaccountname.
Is there no way to use this gem to simply view all users in a LDAP Active Directory?
This seems pretty common, I was hoping that someone has already discovered how to do this?
I currently have a simple, hand-coded login system in my rails app. Now, I'm looking to integrate Facebook login via OmniAuth (seems to be the best way to do so)
However, I keep seeing Devise come up as a popular way to handle logins, with OmniAuth implemented in conjunction with it.
If I'm pretty happy with my login system now, is there any reason to use Devise? Does it give OmniAuth any extra functionality/extensibility or make it easier to use?
If you are a railscasts subscriber check out http://railscasts.com/episodes/235-devise-and-omniauth-revised
Devise does have some convenient hooks for omniauth, so that is a plus to using devise. That being said if you are happy with your authentication then you can simply build omniauth as a separate authentication method, and handle any overlap yourself. Also check out http://railscasts.com/episodes/241-simple-omniauth.
Good luck!
I am creating a social networking site for my university and I'm wondering which gem I should use for the login process, or if there is any other more secure way to implement a login process. Is there document or sample code which can guide me?
I've heard about the Devise gem but I am not sure that it will be work for us, or how to use it.
Definitely recommend devise. It's written by one of the top contributors to rails Jose Valim. It's pretty easy to use, especially if you just stick with the defaults which are very reasonable. And it's kept up to date - currently only has 7 outstanding issues. For a project with 6.4k watchers that's pretty amazing.
There's a getting started guide with everything you need to get started.
There's also a devise wiki with a lot of examples. Here's just a few:
How To: Disallow previously used passwords
How To: Display a custom sign_in form anywhere in your app
How To: Do not redirect to login page after session timeout
It largely depends on what features you're looking for. If you require a full-featured authentication solution (Registration, Forgot Password, Remember Me, Login) then either devise or Authlogic is recommended.
If you're just looking for a simple way to authenticate users (via login and password for example), you can just use the Rails built-in authentication via has_secure_password. Ryan Bates did a RailsCast on it not too long ago.
Whatever method you decide to go with just remember that without SSL its not secure.
Devise is very nice. However, I'm partial to using NoamB's Sorcery gem. Its like a balance between rolling your own and Authlogic.
Check it out here:
https://github.com/NoamB/sorcery
Also nice railscast on it:
http://railscasts.com/episodes/283-authentication-with-sorcery
I need an authentication/authorization functionality where there will be an admin for the system. There are three different kinds of users with different privileges. When the user signs up, he can choose the role he desires.
The admin need to login, review and authorize the users before they can login.
Is there any gem that does this.
You could use Devise for authentication, together with CanCan for handling different roles. Both are wildly used and well documented gems.
You can use only cancan and it will serve the purpose which you are looking for as suggested by jlundqvist.
i'm currently buidling my own blog using rails 3. and use devise gem for authentication. the problem is , i want only one user out here --- the admin user, and prehibits others from signing up, how can I achive that?
Is there any reason why you can not use Basic Http Authentication? IMHO devise seems to be an overkill for this usecase.