I have a PostgreSQL database that I access from various locations, and would like to add an interface with Ruby on Rails 3. For authentication I need to login users with the same credentials used to create them directly in the database; is there a way to make Rails connect to the database each time with different username/password, based on the current user?
Thanks for any hints!
Yes.
Use a custom authentication on devise that makes a query to the underlying postgresql database.
See:
Custom authentication strategy for devise
I would certainly add some kind of filter to reduce the list of users that can authenticate this way.
Related
I'm in the process of trying to set up a server for a personal project. I'm using ServiceStack.Core with a Neo4j graph database as my persistence layer.
I would like to set up user authentication using my graph database as the user auth repository. There is no existing implementation of IUserAuthRepository for Neo4j as far as I can tell, meaning that I will have to create my own. Unfortunately, I have found very little documentation on this interface and how to correctly implement it.
So, I have a few questions:
Does there exist any kind of tutorial or other documentation on how to correctly implement my own IUserAuthRepository?
The CreateUserAuth method is supposed to take a password. What if a user logged in using Facebook or some other service and does not have a password?
Would it make more sense to just use Redis for authentication (with RedisAuthRepository), using the userAuthId to look up users in my graph db? Are there any major pitfalls to doing something like this? If I do go this route, how do I hook into the registration process to ensure that I create a user in the graph DB whenever a new user is registered?
There aren't any docs on implementing IUserAuthRepository, it's an interface with a lot of reference implementations. Easiest way would be to follow the implementation that works similar to neo4j.
The IUserAuthRepository stores 2 tables, UserAuth master table and UserAuthDetails child table which is where all OAuth providers like Facebook maintain info received when authenticating with them. The password field is used for CredentialsAuthProvider.
You can handle different events during registration and authentication with the Session and Auth Events.
In a Ruby on Rails application, I implemented as authentication OmniAuth with multiple providers(facebook and twitter for now), and I followed the steps from this github page: Managing Multiple Providers. Everything worked fine, I have a User class, in which a user is able to have many Identity objects.
Now I want to add a login with username and password, using OmniAuth Identity. My plan is to use the same Identity table, making this gem to store the password_digest field into the existing oauth_token, username into uid and use 'omniauth' as provider.
I am having difficulties in implementing this, trying to use the same model both for the externals auth(like facebook) and for this user/password, and I am wondering:
Is this a recommended way to do this?
Am I reinventing the wheel and such thing already exists?
Should I use a new Model just for this type of login(OmniAuth Identity)?
At the moment, I have different problems, such as not being able to tell the Identity gem that provider should have only one value, or my SessionsController doesn't work now good when I register for the first time.
I am interested in deploying a Node.js along side my Rails application server. Just as a reference, I plan on using socket.IO to create a chat server, so users will be able to chat inside of my web application.
My current application uses Authlogic to authenticate users. I would like to ensure that only a user cannot read other users' messages, so I will need to authenticate the user session somehow. My Node.js will have access to my database, and I know Rails can store the sessions inside of the database, so I would like to use this feature to authenticate chat users. The problem is, I have no idea how to go about doing that. I'm not even sure what information is present in the session, and I do not know how I can use this information to authenticate a user.
Thanks in advance!
The rails session is tricky to use from other languages: it's just a serialised ruby object and pretty much the only documentation for the marshal format is the implementation/rubyspec.
However authlogic doesn't actually store anything in the session: it has a separate cookie (user_credentials by default, assuming your model is User)
The data in that cookie is "#{user.persistence_token}::#{user.id}", so you should be able to easily verify this from your js code
I have two applications that use same database. Let's call them Site and API. I'm using Restful Authentication for user management.
If I create a user from "Site" this user doesn't work when try to login from API and vise versa. I can see the records are being saved in the same table.
Am I missing something? It should work?
I'm using Rails 3.
In your initializers/site_keys.rb REST_AUTH_SITE_KEY should be the same in your both applications then authentication will work properly in your both applications.
I want to add authentication to my Ruby on Rails 3 app, but I only need users to be able to authenticate using their Google accounts, because I'm making it a hosted app for the Chrome Webstore, so I think OpenID would work well for this. I want to have some custom fields in the user database to store user-specific data. What should I use for this? I want users to be able to sign up only with OpenID.
Thanks.
You should try omniauth gem, it uses not only Google OpenID. Omniauth takes user's data from provider and pass to your application which is you can amplify
I've been using authlogic and authlogic-oid add-on to handle this.
You could try the devise_openid_authenticatable gem. I haven't used it myself but it looks like it would do what you want using the Devise authentication gem, which is what I use on all of my Rails projects.