I am new to Ruby on Rails 4 and I started with the tutorial http://ruby.railstutorial.org/ruby-on-rails-tutorial-book and in this tutorial fo user's signup 'bcrypt' is used, however for my project I would like to have more options like email confirmation, password reset etc..So my question is, can I achieve all of this using existing rails 4 without any gems or do I need to use the 'devise' as suggested by some others in stack overflow. Also, can I use 'devise' gem along with 'bcrypt'?
Short answer: Devise isn't required. You can write all the authentication / email confirmation / password reset logic yourself. There's nothing inherently 'magical' about Devise, it's just a well-written solution to a common problem.
However...
Writing a complete (and secure) authentication system isn't an easy task. I'd recommend working through the tutorial and letting it guide you through writing your own authentication system there.
Then you'll be in a better position to understand how web app authentication works and whether or not to use Devise.
FYI, Devise already uses bcrypt, as seen on its gemspec:
s.add_dependency("bcrypt-ruby", "~> 3.0")
Related
I have implemented the devise+patreon gem in my Rails application without issues. Now, devise requires an email/password by default when creating a User, but Patreon just uses the oauth integration.
I am wondering, what is the proper strategy to use so that I can migrate the Patreon Oauth users as Devise users, without having to set dummy passwords/emails to allow for validation to go through. I still want to eventually allow users to register via Devise natively, as well as through Patreon.
Is there maybe a known strategy/gem/addition for devise that I may have missed that can easily achieve that?
You can retrieve the user email and a lot of other infos (see here) about the user in the login call to patreon's services, but password will remain unknown, you can't just copy & paste a User.
I've set up a basic rails application to use twitter oauth gem and devise and have been able to log in a user. However, my problem is I've now got my app white-listed and I would like to get a user's email back in the response. I've followed all necessary steps on the twitter side (setting necessary permissions, URLS, and reset keys) and have tried passing both
include_email=true
and
include_email=email
as a params when I initiate the oauth sequence. I feel like I've read and re-read the docs and tried few edge cases I thought might work based off of very little I've found on-line.
Any help with this? Something I'm missing if you've done this before?
I solved my problem. The omniauth gem was not the latest version which would include email. In my gem file I needed to declare '~> 1.2.1' where I had version 1.2.0 - - the new version includes the following changes you can read about here: https://github.com/arunagw/omniauth-twitter/pull/96
I am creating an application where user is going to sign in with username and password. At the back end and also for the website I am using ruby on rails where the authentication is handled by Devise. With the last edition of Devise they have depriciated the Authentication Token. I am lost in terms of how to authenticate from iOS ? Any suggestions ? How am I going to modify the gem files etc.
See this gist from Jose Valim Safe or Unsafe Tokens
Basically you will want to write your own auth token methods. You need to generate tokens and later compare them. You should read all of the comments, the discussion is pretty good.
I want to implement an openid server which could interact with multiple providers to authenticate users. Basically I am looking for something like StackOverflow does for login.
I was looking into ruby-openid but it does not seem to be maintained with last commit 2-3 years back.
Can someone suggest me good gem /plugin or resource for implementing Open-id in Rails 3.2
Requirement :
Should be able to host my own open id server
Allow user to use multiple options like(google/ blogger / yahoo..etc)
Should work well with Rails 3.2 / ruby 1.9.3
There are a few useful gems:
OAuth
OmniAuth
P.S. ruby-openid is actially well maintained - last commit 18 days ago... ;)
You can include it in your application from it's Git Repository by adding this line into your Gemfile:
gem 'ruby-openid', :git => 'https://github.com/openid/ruby-openid.git'
Try OmniAuth
http://www.omniauth.org/
or you can also user RubyCAS Server
http://code.google.com/p/rubycas-server/
Try This OmniAuth and See Video you can easily Understand and implement
Part - 1 : http://railscasts.com/episodes/235-omniauth-part-1
Part - 2 : http://railscasts.com/episodes/236-omniauth-part-2
This question already has answers here:
Closed 10 years ago.
In the .Net world we have the Membership provider, with this we can fully automate user registration and management. Does such a gem exist for the Ruby on Rails community.
I am looking for something that would allow a user to register, retrieve lost password, modify password and login.
See the answers given to this question recently - again, I would highly recommend Devise and the two railscasts on it, http://railscasts.com/episodes/209-introducing-devise and http://railscasts.com/episodes/210-customizing-devise. Devise handles all the things you described above - from the GitHub page:
"Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
Recoverable: resets the user password and sends reset instructions.
Registerable: handles signing up users through a registration process, also allowing them to edit and destroy their account."
Hope that helps!
Take a look at Devise - http://github.com/plataformatec/devise
It's a popular Rails engine for user authentication and should do what you need (and more).
Not sure that it has all of the features you want, but I really like restful-authentication.
http://agilewebdevelopment.com/plugins/restful_authentication
Features per website:
Login / logout
Secure password handling
Account activation by validating email
Account approval / disabling by admin
Rudimentary hooks for authorization and access control.
It also makes an appearance in a screen cast over at http://www.buildingwebapps.com/learningrails
Episode 11 about adding User Authentication. Watch the others if you are 100% new to rails, but if you just want to see them use the gem, skip to that one.
Check railscasts for a number of new options, including OmniAuth, Sorcery (my choice this week), and authentication from scratch, which may be less painful than the options listed before.