hi people i m new to ruby on rails i m looking for authentication solution for my app and i came across Devise and Authlogic so my question is which one to choose?
my requirements
1.save time
2.highly customziable
3.easy to understand
4.easy to debug
Please Help
Please visit the link below and understand authentication from scratch.
http://railscasts.com/episodes/250-authentication-from-scratch
Pros:
1. Very easy to understand, as a beginner.
2. Highly customizable.
3. Get an extreme handle of what is going on.
4. Good riddance from complex code.
5. Its written by you.
Cons:
1. Its written by you.
Thanks.
Related
I am new to Rails and I tried the following tutorial Railscast 270 Basic Authentication.
However, somehow I get an error because rails does not find the 'session'. Somewhere I read I dont have to manually generate a model/table for it?
So now I read that active record sessionstore has been deprecated and/or gemified? What I want is a simple registration/login/logout mechanism to start with but I wanna do it 'the right way' avoiding old and deprecated stuff.
Can someone guide me or link me to a tutorial which is still valid?
Thank you
There are loads here you can watch: http://railscasts.com/episodes?utf8=%E2%9C%93&search=authentication
I'd personally recommend following this specific one, although it may require a paid account:
http://railscasts.com/episodes/250-authentication-from-scratch-revised
If you aren't willing to pay a little money, then starting with this one wouldn't be too bad either:
http://railscasts.com/episodes/270-authentication-in-rails-3-1
It says it's for Rails 3.1, but it'll work in 4 without much (if any) additional effort.
Hartl's Rails Tutorial (updated for Rails 4) has a very clear explanation of setting up your own authentication system from scratch: http://ruby.railstutorial.org/chapters/sign-in-sign-out#sec-signin_failure
If you're new to Rails, it's definitely not a conceptual walk in the park. I urge you to sit down and really think about what every single line of code is doing - you could get away with copy/pasting huge parts of code to implement your authentication system, but at that point you might as well use a gem like Devise to do it for you.
I got started building an app which 20-30 people are currently using. I used devise, and I'm now wishing I had not... for reasons such as ease of adding a guest user, etc.
I think I want to remove devise, and follow the Hartl tutorial to create my own authorization.
Has anyone done this before? Do you have any advice?
Thanks!
Yes. Definitely start with Michael Hartl's tutorial. It is really comprehensive, detailed and very well written. More importantly, he always places an emphasis in security. So yeah, his tutorial is surely the way to go.
Good luck!
After finishing with Rails Tutorial by Michael Hartl, which parts of the sample app proposed in tutorial should I upgrade first? Authentication method comes to mind first..
Given the huge popularity of that tutorial, I suppose there is something like a list of steps to be taken for that app to become more up-to-date in this ever changing world of web dev etc. etc. etc.
Overall is it a good idea to use that app as a foundation for building something more advanced?
Thanks in advance!
I learned Rails with that book :)
However, even the authentication algorithm used there is great to learn, in practice you can use other alternatives. For example I use the wonderful Devise gem (Railscasts 209 and 210).
There are some ideas at the end of the book that explain how you can extend the application. However, I think that building your own app from scratch is better now that you know how to do it.
After reading that book, I created some basic projects, and in parallel started reading The Ruby Programming Language and The Rails 3 Way.
Hope it helps! Welcome to the Rails world :)
I have been searching a lot on the net to get facebook-connect integrated with authlogic in rails3. There are a number of solutions based on facebooker, oauth etc. but none of them seem to say anything on whether they work with rails 3 or not. Can anyone guide to me on how to get facebook-connect working with authlogic in "rails3". I see that there are a lot of questions related to this on the site but none seems to have actually answered the question.
I strongly recommend you to use http://www.janrain.com/products/engage with this gem https://github.com/tardate/authlogic_rpx. This combo works amazing with two of my projects and it is free if you only want to use authentication (like in my case).
PS. look at railscast: http://railscasts.com/episodes/233-engage-with-devise. I know that, this podcast show how to use Janrain with Devise, but it helped me with Authlogic so it also can help you.
Does anyone know of a good guide on building your own authentication system in ruby on rails?
I want to roll my own system to use with my community im building :)
Thanks!
I'd recommend starting with Warden - it'll handle the very basics of sessions for you, and give you a good foundation to build your logic on top of. The Rails Warden plugin is a rather small library that helps integrate it into Rails. Both of these projects are fairly mature and well-constructed yet still under active development - they're good choices all around.
You should be aware of Devise, another authentication framework (like Authlogic or Restful Authentication) that is based on Warden. It may not be a good fit for your project (it wasn't for mine), but looking through the source might give you a few ideas on how best to use Warden.
The other thing I'll note is that, in terms of hashing passwords, you should absolutely use bcrypt.
michael hartl has a good book coming out soon and the first 8 chapters are available in pdf format for free here: http://www.railstutorial.org/ - they cover the entire process of creating a very solid rspec-driven authentication system - can't recommend it highly enough
Well, it came out a while after you asked your question but the best answer if you're keen to build your own authentication system rather than use something like Devise would probably have to be Ryan Bates' Authentication from Scratch Screencast.
Since authentication is a common problem that has been solved many times already, I would start by investigating the solutions already out there.
For example, have a look at Restful Authentication which provides a good foundation for authentication in Rails. Even if you'd rather roll your own system, playing around with Restful Authentication and understanding how it works should give you a good understanding of the components needed when you start building your own system.
Check out this article:
http://www.aidanf.net/rails_user_authentication_tutorial
The author goes, step by step, through an entire authentication framework, with suggestions on further improvements. Even tests are discussed.
I agree with Ritchie... Devise has some very nice features but it doesn't play nice with others. For many use-cases, the way it hijacks the routing can make your job more difficult. In many situations you may be better off rolling your own.
Devise has caused circular references in my Rails asset pipeline, and the settings in the initializer as installed (in the latest version as of yesterday) conflicted with the defaults in the migration it generated.
I have built enterprise-level authentication systems, including email verification, password recovery, etc. And none of it required the routing shenanigans that Devise uses. If you really need all the features, it may be for you. But there are lots of reasons to not use it, too.