I am creating a Rails app that does not use a database. Instead, the model is managed using a Ruby API that wraps a legacy system.
I have a Ruby call that will allow me to validate a username/password combination. Is it possible to use Devise (or some other off-the-shelf authentication solution) in this case?
My hope is that I can override a few methods in Devise and still get many of the benefits.
Peter.
it is possible.
You may override the default authentication and use a remote service with Devise and Warden.
This blog post gives you details how:
http://4trabes.com/2012/10/31/remote-authentication-with-devise/
Let us know how it goes...
Good luck
If I understood correctly, you want to use Devise in your project to wrap old legacy authentication system.
You might need something like to define legacy_username and legacy_password methods, create a migration to adopt to Devise gem, and I believe you will find your way out.
Maybe this link can help you out: http://www.davidverhasselt.com/2012/05/13/how-to-migrate-passwords-from-legacy-systems-to-devise/
And also, maybe this - how to create custom encryptor in Devise - https://github.com/plataformatec/devise/wiki/How-To:-Create-a-custom-encryptor
I hope it will help.
Related
I've been using rails for a while and have used restful_authentication for user logins for the past few years. However this doesnt seem to be getting maintained any more, so was thiking it is time to move to another plugin.
Does anyone have any suggestiosn on what I should be using / is the most popular these days.
Only requirments I have are
It needs to work with rails 3
It needs to work with a model called Client instead of the standard User model.
Thanks,
Jon
Checkout Devise, it's still maintained and there are a lot of support resources out there. It also has extendable plugins, so you can authenticate with Twitter, Facebook, or really any OAuth2 solution
Here are a few:
http://railscasts.com/episodes/209-introducing-devise
http://railscasts.com/episodes/210-customizing-devise
http://www.kiwiluv.com/techblog/?p=397
Have a look at Devise:
http://github.com/plataformatec/devise
Jon,
If you decide to go with Devise, note that you can manually override the default user class during installation. (The default is "User".) IMHO you're correct in that Devise seems to generally be maintained more, especially compared to restful_authentication. If you're torn between the two for your Rails 3 app, I'd recommend giving Devise a shot first.
I have a rails app where I need to add authentication. The problem is that I have a legacy database with custom user and password fields (t_user and t_pass). Plus, t_pass is not encrypted.
What I'm looking for is something like http_basic, but where I can have methods like current_user, and probably with a better user interface. I don't need validation, password reset, anything. Just a way to authenticate my way. I'd use restful_authentication but I'm on rails 3. I saw a fork that works with rails 3 but I was wondering if there is a better way to handle this situation?
It looks to me like you could probably do what you need using Devise and a bit of extra playing around. Specifically, you'll want to:
Make sure you create your user model table using your legacy auth table.
Override valid_password? on this model to check against your t_pass field.
Override self.find_for_database_authentication to find your model based on the t_user field.
If you want to support registration, you'll probably need to write a new encryption strategy as well.
Just a word of warning though: Storing passwords in plain text is very bad practice. If you have any choice at all, I'd seriously consider doing a migration of existing users into Devise's standard structure, with crypted passwords.
If you are looking for alternative gems to use then you can try Devise. You can extend/change the default settings to achieve what you want.
Devise and Authlogic are two potential options. Can't comment on Devise I'm afraid as I've never used it. Seems to be very popular at the moment though.
The following would get you started with Authlogic:
class User < ActiveRecord::Base
acts_as_authentic do |config|
config.login_field = :t_user
config.crypted_password_field = :t_pass
config.crypto_provider = YourCryptoProvider
end
...
end
There's a railscast on the basics of getting authlogic going.
The difficult part of this is that you would need to create your own crypto provider class as described http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/CryptoProviders as authlogic doesn't provide a plain text password check method.
As discussed above, look into migrating your passwords to encrypted versions if that's an option for you, it will stop you from fighting against the auth frameworks so much.
I wonder if it can be done in 10 to 15 minutes?
Is there a quickest method?
Is the most elegant and robust solution possibly a different one?
Devise is the way to go. The README should get you started in 10 minutes. It shouldn't be really hard to use it in your Rails3 app.
If you are writing your code from the scratch, I would also suggest giving prologue or railswizard a try. Otherwise my vote goes for using devise :)
For a Rails3 App definitely Devise ;). But one limitation killing me on devise is that I'm yet to find a way to customize the devise's controllers. I have raised a question this and yet to get some answers I want to customise devise gem's controllers, is it possible and how to do? . If your requirement is as simple as user registration and complete authentication throughout M , V and C stacks then Devise is the best solution for now :)
Im learning Rails by building apps.
I want to make my first authenticated app: users signup, login, do some changes in models they have access to and logout.
I did the Google search but it is quite confusing: many plugins, many tutorials. Don't know where to start.
Is there a state-of-the-art authentication method for Rails? What do you use in Production to authenticate your users?
Any help in this will be helpful. Thanks
I've used authlogic in the past and have been quite happy with it. Ryan has a railscast (video tutorial) for authlogic here.
+1 to Jason, -1 to NSD and sparky. Authentication system is not the thing you want to build yourself, at least if you're aiming for production use. It's like inventing your own encryption algorithm - it's a lot more safe to use something extensively tested and well-developed.
I've also been using authlogic, but there are some alternatives over there - like the good old restful authentication, and devise, which I guess is more modern so to speak. BTW the two latest railscasts are devoted to devise.
If your application is simple and just want a simple and secure user login page you might want to look into the Restful Authentication plugin. Its very easy to use and if you don't have much authentication requirements this should do fine.
script/plugin install git://github.com/technoweenie/restful-authentication.git
script/generate authenticated user sessions
rake db:migrate
You can find out more by checking out this excellent railscast.
As A beginner I would recommend Restful Authentication as its simple to set up and will get you up and running with no time
following is a step by step guid
http://avnetlabs.com/rails/restful-authentication-with-rails-2
and authlogic - (http://github.com/binarylogic/authlogic) is another great plug in which is more flexible but requires some work to implement user registration and stuff
cheers,
sameera
One man's state-of-the-art authentication system is another man's worthless pile of garbage. You're almost always better off rolling your own in the long run. O'Reilly's Ruby Cookbook has some extremely basic examples that will set you off in the right general direction, then you can decide whether or not other people's solutions are right for you.
I would agree with NSD. Figuring out the plugins & how they should mesh with your application to me longer than creating an auth system in my latest application.
My tips - create a user_sessions controller and use normal CRUD methods to handle creating/destroying (ie logging in & out). Create another model for the user - it can handle create accounts & updating (ie changing passwords). Stick a :before_filter on each controller which needs protection.
Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best!
I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might you guys can tell me what is good and what is bad..?
You need to split authentication from authorization.
Authentication covers the login/logout process. Authorization is directly linked to permission to see/use resources.
Authlogic is a very good authentication gem.
For authorization you can check CanCan from Ryan Bates, which is very simple to integrate with authlogic (just a single file in the models folder called ability.rb in which you configure all the app authorizations).
EDIT: You can also go with a simpler solution but you will lose flexibility
I used Devise and it worked quite well, however it did not met my needs...
What you might need however looks like something super simple, something like this: http://railscasts.com/episodes/21-super-simple-authentication
I use Authlogic for authentication and DocSavage's Rails Authorisation plug-in for authorisation needs. Its a simple yet powerful plug-in.
Rails authorisation plug-in: http://github.com/DocSavage/rails-authorization-plugin