I'm trying to create a webapp using Backbone.js 0.9.2 + Rails 3.2.0. I'm having trouble figuring how to link authentication & authorization (role management) with the app. I'd like to use as much off-the-shelf product as possible.
After some research, I think Devise is pretty nice for user management, but I don't see any tutorials on Devise + Backbone.js. Does anyone have suggestions?
Also, I keep hearing about CanCan. Do I need it if I'm going to use Devise? Are there other options?
Cheers,
Dean
Devise handles authentication and CanCan handles authorization. I'm not sure how backbone.js plays into things since I've never used it before.
Just in case you're wondering, authentication has to do with logging in and logging out. And authorization is seeing if a logged in user or guest has access to utilize particular resources of your application. That's the nutshell from what I've read about it. Of course, I could be mistaken as I'm no expert with these things.
There are other options, but Devise and CanCan has been well established in the Rails community:
https://www.ruby-toolbox.com/categories/rails_authorization
https://www.ruby-toolbox.com/categories/rails_authentication
Good luck!
Related
I currently have a simple, hand-coded login system in my rails app. Now, I'm looking to integrate Facebook login via OmniAuth (seems to be the best way to do so)
However, I keep seeing Devise come up as a popular way to handle logins, with OmniAuth implemented in conjunction with it.
If I'm pretty happy with my login system now, is there any reason to use Devise? Does it give OmniAuth any extra functionality/extensibility or make it easier to use?
If you are a railscasts subscriber check out http://railscasts.com/episodes/235-devise-and-omniauth-revised
Devise does have some convenient hooks for omniauth, so that is a plus to using devise. That being said if you are happy with your authentication then you can simply build omniauth as a separate authentication method, and handle any overlap yourself. Also check out http://railscasts.com/episodes/241-simple-omniauth.
Good luck!
I am creating a social networking site for my university and I'm wondering which gem I should use for the login process, or if there is any other more secure way to implement a login process. Is there document or sample code which can guide me?
I've heard about the Devise gem but I am not sure that it will be work for us, or how to use it.
Definitely recommend devise. It's written by one of the top contributors to rails Jose Valim. It's pretty easy to use, especially if you just stick with the defaults which are very reasonable. And it's kept up to date - currently only has 7 outstanding issues. For a project with 6.4k watchers that's pretty amazing.
There's a getting started guide with everything you need to get started.
There's also a devise wiki with a lot of examples. Here's just a few:
How To: Disallow previously used passwords
How To: Display a custom sign_in form anywhere in your app
How To: Do not redirect to login page after session timeout
It largely depends on what features you're looking for. If you require a full-featured authentication solution (Registration, Forgot Password, Remember Me, Login) then either devise or Authlogic is recommended.
If you're just looking for a simple way to authenticate users (via login and password for example), you can just use the Rails built-in authentication via has_secure_password. Ryan Bates did a RailsCast on it not too long ago.
Whatever method you decide to go with just remember that without SSL its not secure.
Devise is very nice. However, I'm partial to using NoamB's Sorcery gem. Its like a balance between rolling your own and Authlogic.
Check it out here:
https://github.com/NoamB/sorcery
Also nice railscast on it:
http://railscasts.com/episodes/283-authentication-with-sorcery
I'm developing a rails 3 application using inherited_resources and devise.
I tried to use cancan as my authorization plugin and it wasn't enough (i need more complex conditions for my authorization rules).
I also tried using declarative_authorization but my rules didn't work for the "index" method of my controllers.
Is there a RELIABLE rails plugin to handle authorization ?!
Thanks !
You can see a list of authorization gems in here. My advice to you is you should give cancan a second chance. It handles almost everything about authorization.
I have a rails 2.3.8 application that has an admin folder that if anyone enters
/admin/anything
they need to be prompted for a login...I was looking for a good approach to do this
here the resources I was looking at authorization and authentication
The way I was thinking was to install authlogic or cancan or both or neither....not sure if anyone has a better solution. BTW I dont want authentication anywhere on the site
The best way to do this is to have all controllers under the admin/ namespace inherit from an AdminController with a before_filter that handles authorization
The simplest way to do this is to use http_basic authentication (railscast)
If you want multiple user/passwords, but without the complexity of devise/authlogic, try nifty_authentication (via ryan bates' nifty generators)
As ruby-toolbox indicates, CanCan and Devise are the most popular authorization / authentication solutions for rails. Check out the always excellent railscasts.com episodes to get started:
http://railscasts.com/episodes/192-authorization-with-cancan
http://railscasts.com/episodes/209-introducing-devise
Railscasts is a fantastic resource for quickly getting up to speed on rails topics.
does restful authentication work in rails 3?
Is devise the new standard?
I would love for an authentition system to support website registration + twitter and openid, does devise do this?
Devise seems to be the new standard, I think it's a great auth solution and has support for pluggable auth strategies.
Checkout Janrain engage. They offer a free solution that lets you connect through numerous auth portals. It also works seamlessly into devise. There's a great railscast that outlines how to achieve this.