Strong yet simple Rails authentication? - ruby-on-rails

My authentication system will be at the heart of my application and the revenue model for my business. I want a strong, but yet simple authentication option for Rails.
What are your suggestions?

You have many different authentification options for Rails.
I personaly prefer Devise, it's really complete, with a lot of features and simple to use.
You can have a look at a Railscast :
http://railscasts.com/episodes/209-introducing-devise

Use facebook for websites to authenticate use. There is one one gem which lets you use facebook auth via devise (devise_facebook_connectable)
https://github.com/grimen/devise_facebook_connectable

Related

Rails existing app adding user sign up

I have an existing rails app with Mongo DB.Currently the app can be accessed by anyone that is every method in Portfolio controller and customer controller. Now I want that Portfolio controller should only be accessed by sign in user. How can I do that. I tried using active_admin but was unsuccessful.
You're looking for User Authentication. Try any authentication plugin like Devise or Clearance to sign in and distinguish individual users (more options here) or, even better at first, try building your own authentication solution alongside some of these excellent RailsCasts on User authentication (the paid episodes are totally worth it!). You'll learn how the different moving parts fit together real quick.
You might also want to consider using the Sorcery (https://github.com/NoamB/sorcery) gem as another option. It has links to the railscasts on the github repo there which helped a lot, and myself as a beginner found the wiki to be incredibly in-depth. Super easy to use.

API in Ruby in Rails like Twitter or Facebook

I've read multiple blogposts and watched the railscasts episodes to APIs. But I still got one problem, I'd like to use the API in a way Facebook or twitter does. It should be possible to register an API client. The client should become an id and an secret (should be the same like username or password, right?).
Somehow I think devise could do everything for me but I'm not sure cause I'm kinda new to rails.
Is there a best practice or is the devise solution a good and common one?
Thank you guys! <3
You should use the Doorkeeper gem. Here is a demo app using rails, devise and mongoid.
Booth that services use OAuth so if you want to implement similar functionality you can use this technology also.

Adding Facebook Authentication to Rails Custom Authentication

I am currently creating a rails application that requires authentication. Currently, I'm doing custom authentication like that shown in in the following railscast episode:
http://railscasts.com/episodes/250-authentication-from-scratch-revised
I would, however, like to add the option to also Log-in through facebook. After doing some research, I found that the easiest way to add Facebook login involves using Devise/Omniauth for authentication. Would it be worth it to try and switch my authentication system to Devise/Omniauth, or is there an easier way to add facebook authentication? I have also looked at the Facebooker plugin, but it seems very outdated. Any suggestions? I am relatively new to Rails, so I appreciate any help I can get!
I've used Authlogic and Devise in conjunction with Omniauth (+ facebook/google/twitter/etc). I found that Devise is the better solution for me with all it's built in functionality. Getting it to work with Omniauth was a breeze. There's a great Railscast here: http://railscasts.com/episodes/235-devise-and-omniauth-revised
I would definitely recommend going that route. Every piece of the pie is updated often and has great documentation so it should be easy to use for people still learning Rails.
Facebook authentication with Devise/Omniauth is mature, widely used, and well-documented. It would make sense to go with that.

Rails: Roles/admin

Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?
I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.

Authentication in Rails, where to start?

Im learning Rails by building apps.
I want to make my first authenticated app: users signup, login, do some changes in models they have access to and logout.
I did the Google search but it is quite confusing: many plugins, many tutorials. Don't know where to start.
Is there a state-of-the-art authentication method for Rails? What do you use in Production to authenticate your users?
Any help in this will be helpful. Thanks
I've used authlogic in the past and have been quite happy with it. Ryan has a railscast (video tutorial) for authlogic here.
+1 to Jason, -1 to NSD and sparky. Authentication system is not the thing you want to build yourself, at least if you're aiming for production use. It's like inventing your own encryption algorithm - it's a lot more safe to use something extensively tested and well-developed.
I've also been using authlogic, but there are some alternatives over there - like the good old restful authentication, and devise, which I guess is more modern so to speak. BTW the two latest railscasts are devoted to devise.
If your application is simple and just want a simple and secure user login page you might want to look into the Restful Authentication plugin. Its very easy to use and if you don't have much authentication requirements this should do fine.
script/plugin install git://github.com/technoweenie/restful-authentication.git
script/generate authenticated user sessions
rake db:migrate
You can find out more by checking out this excellent railscast.
As A beginner I would recommend Restful Authentication as its simple to set up and will get you up and running with no time
following is a step by step guid
http://avnetlabs.com/rails/restful-authentication-with-rails-2
and authlogic - (http://github.com/binarylogic/authlogic) is another great plug in which is more flexible but requires some work to implement user registration and stuff
cheers,
sameera
One man's state-of-the-art authentication system is another man's worthless pile of garbage. You're almost always better off rolling your own in the long run. O'Reilly's Ruby Cookbook has some extremely basic examples that will set you off in the right general direction, then you can decide whether or not other people's solutions are right for you.
I would agree with NSD. Figuring out the plugins & how they should mesh with your application to me longer than creating an auth system in my latest application.
My tips - create a user_sessions controller and use normal CRUD methods to handle creating/destroying (ie logging in & out). Create another model for the user - it can handle create accounts & updating (ie changing passwords). Stick a :before_filter on each controller which needs protection.

Resources