I just got done through the RoR getting started guide and created the blog sample app.
And read the last section on securing CRUD actions via http basic auth: http://guides.rubyonrails.org/getting_started.html#security
How else would one secure their CRUD actions/what are some more secure alternatives to the HTTP basic auth shown in the guide?
Take a look at this starter application from the RailsApps project:
Rails Authorization with Devise and Pundit
Devise provides authentication and user management. Pundit provides authorization and the example app shows how to add access control for each controller method based on roles.
checkout the ruby toolbox for some options on authentication: https://www.ruby-toolbox.com/categories/rails_authentication
Devise is the most popular library: https://github.com/plataformatec/devise/blob/master/README.md
Related
I'm working on eCommerce for my internship project. But I don't know how to create the user authentication using rails and ember
First I assume the following things:
You are using ember to develop your frontend and will consume APIs from the backend.
You are using rails to create the necessary API.
If you want to authenticate users before using your API, check out the doorkeeper and devise gem. Devise takes care of things like storing your user details in the database, resetting the password, etc. The Doorkeeper gem is used to provide authentication and authorization to APIs.
Doorkeeper Link: https://github.com/doorkeeper-gem/doorkeeper
Devise Link: https://github.com/heartcombo/devise
Are there any good tutorial to create an auth system from scraths with form and api authentication?
I found a lot of tutorial but unfortunately they implement only form based or only api based authentication.
But I would like to build a form and api based.
Because for the SEO the server side rendering is important so I can create a registration and login form too. But API based important for a mobile app application.
Here are some resources, that you might find useful. I have used the first one frequently in the past.
http://railscasts.com/episodes/250-authentication-from-scratch
https://gist.github.com/thebucknerlife/10090014
https://rubyplus.com/articles/4171-Authentication-from-Scratch-in-Rails-5
https://www.sitepoint.com/rails-userpassword-authentication-from-scratch-part-i/
How to create authentication from scratch in rails 4
I hope this gives you some inspiration.
I have integrated Devise and OmniAuth with my Mongoid ORM setup using the following examples:
https://github.com/plataformatec/devise/wiki/Example-Applications
My client code is mostly JavaScript (ExtJS) and relies on JSON for all of the communication. I use no Rails templates. I am looking to build a multi-provider authentication model, primarily using user/pass, Facebook, and Twitter. I am having difficulty putting together the full User authentication flow with respect to my application stack.
I am looking for an example that uses JSON responses to the standard authentication actions, instead of redirects, and provides an integration with OmniAuth that uses Mongoid. In addition to the above examples, I have gone through Ryan Bates' Railscasts on Devise and OmniAuth. Every example I have worked through so far have either been ActiveRecord, or Rails template oriented. Any pointers are appreciated!
This (https://github.com/fertapric/rails3-mongoid-devise-omniauth) is a good example app for getting set up with rails 3, devise, omniauth and mongoid, and a tutorial to go along with it here: https://github.com/fortuity/rails3-mongoid-devise/wiki/Tutorial-(Walkthrough)
Then you'll need to override the user sessions controller to provide the correct json responses for your app, there is a good example here: https://gist.github.com/733647 and here: http://groups.google.com/group/plataformatec-devise/browse_thread/thread/daa3332b3c4a1b4b
Hope this helps
I would suggest that you roll your own authentication mechanism using Rails 3.1 ActiveModel::SecurePassword instead of using Devise. You will get a cleaner solution that way than trying to tweak Devise to provide JSON responses.
If you can't use Rails 3.1, I would still suggest that you roll your own instead of overriding an internal Devise method (which the gist that Nesbitt links to does).
does restful authentication work in rails 3?
Is devise the new standard?
I would love for an authentition system to support website registration + twitter and openid, does devise do this?
Devise seems to be the new standard, I think it's a great auth solution and has support for pluggable auth strategies.
Checkout Janrain engage. They offer a free solution that lets you connect through numerous auth portals. It also works seamlessly into devise. There's a great railscast that outlines how to achieve this.
Im new to rails and would like to implement authorization and authentication for my app, is there any good walk-through from the installation of the plug in to getting role based authorization implemented?
thanks
I would recomend you to check out the excellent railscasts site, where you can find many authentication/authorization implementation examples. I would choose between:
Authentication:
Authlogic
Devise
Authorization
Cancan
Declarative Authorisation
Try http://railscasts.com
specifically:
http://railscasts.com/episodes/192-authorization-with-cancan
or
http://railscasts.com/episodes/188-declarative-authorization
There are lots of plugins but the above are a good place to start (and railscasts is a great resource)