I have a rails app where I need to add authentication. The problem is that I have a legacy database with custom user and password fields (t_user and t_pass). Plus, t_pass is not encrypted.
What I'm looking for is something like http_basic, but where I can have methods like current_user, and probably with a better user interface. I don't need validation, password reset, anything. Just a way to authenticate my way. I'd use restful_authentication but I'm on rails 3. I saw a fork that works with rails 3 but I was wondering if there is a better way to handle this situation?
It looks to me like you could probably do what you need using Devise and a bit of extra playing around. Specifically, you'll want to:
Make sure you create your user model table using your legacy auth table.
Override valid_password? on this model to check against your t_pass field.
Override self.find_for_database_authentication to find your model based on the t_user field.
If you want to support registration, you'll probably need to write a new encryption strategy as well.
Just a word of warning though: Storing passwords in plain text is very bad practice. If you have any choice at all, I'd seriously consider doing a migration of existing users into Devise's standard structure, with crypted passwords.
If you are looking for alternative gems to use then you can try Devise. You can extend/change the default settings to achieve what you want.
Devise and Authlogic are two potential options. Can't comment on Devise I'm afraid as I've never used it. Seems to be very popular at the moment though.
The following would get you started with Authlogic:
class User < ActiveRecord::Base
acts_as_authentic do |config|
config.login_field = :t_user
config.crypted_password_field = :t_pass
config.crypto_provider = YourCryptoProvider
end
...
end
There's a railscast on the basics of getting authlogic going.
The difficult part of this is that you would need to create your own crypto provider class as described http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/CryptoProviders as authlogic doesn't provide a plain text password check method.
As discussed above, look into migrating your passwords to encrypted versions if that's an option for you, it will stop you from fighting against the auth frameworks so much.
Related
Is there any simple way of adding a required param for registration on Devise?
I added Devise since I thought it should "handle users for me" but as it seems to be going everything I want besides the basics seems to be a hassle...
I already added the parameters, the thing is I can't find how to make it required... Or how to easily override the signup method and make the check myself.
"Out of the box" the Devise gem is very powerful, but when you start to step out of the box there is a significant amount of modification that has to be done to the underlying code.
I was a big user of devise when I first started using Rails. However in the last year I have found it easier to create my own authentication. Do a google search on 'rails authentication from scratch'. There are lots of good blog posts on the topic.
Building your own authentication is not terribly difficult, and gives you the flexibility to add whatever fields and customization you want. Additionally its lightweight (you only build what you need), and you are not exposed to the whims of gem updates and changes. Finally, you get the satisfaction of knowing you built it yourself.
Good luck!
I found the solution, you should add to your model
validates_presence_of :username
(and in my case)
validates_uniqueness_of :username
that should make devise automatically validate and through errors if something goes wrong.
I am creating a Rails app that does not use a database. Instead, the model is managed using a Ruby API that wraps a legacy system.
I have a Ruby call that will allow me to validate a username/password combination. Is it possible to use Devise (or some other off-the-shelf authentication solution) in this case?
My hope is that I can override a few methods in Devise and still get many of the benefits.
Peter.
it is possible.
You may override the default authentication and use a remote service with Devise and Warden.
This blog post gives you details how:
http://4trabes.com/2012/10/31/remote-authentication-with-devise/
Let us know how it goes...
Good luck
If I understood correctly, you want to use Devise in your project to wrap old legacy authentication system.
You might need something like to define legacy_username and legacy_password methods, create a migration to adopt to Devise gem, and I believe you will find your way out.
Maybe this link can help you out: http://www.davidverhasselt.com/2012/05/13/how-to-migrate-passwords-from-legacy-systems-to-devise/
And also, maybe this - how to create custom encryptor in Devise - https://github.com/plataformatec/devise/wiki/How-To:-Create-a-custom-encryptor
I hope it will help.
I am about to build a new site in ruby on rails for residents at my college.
The site will allow residents to change their passwords for the college-firewalls (which means there are certain requirements).
On the site, each resident will have an account with a number of data assigned to it, and for this I need some authentication.
I've been studying Devise for almost the entire day now, but im starting to wonder if I have a too complicated task, to complete it with Devise.
Problem is, I need the passwords to be stored with DES-encryption, something Im not sure if Devise can handle.
Another thing is, users can't make their own profile. Admins will do that (to ensure correct data), which means that user-creation is not the default one. Since there are no controllers for this, is it even possible to do it that way?
I'm not sure if I should keep on going with Devise, or bite the bullet and write it all from scratch instead. Some opinions would be appreciated.
This page on the Devise wiki ( https://github.com/plataformatec/devise/wiki/How-To:-Create-a-custom-encryptor ) tells you how to set up a custom encryptor.
To make it so that admins create a user, remove the :registerable module from the User model. Then add a user resource to your app, example:
scope 'admin' do
resources :users
end
Set up the new/edit pages with your profile fields, etc., normal rails programming.
For an example using CanCan to control access to the users resource, have a look at this post: http://zyphmartin.com/blog/manage-users-with-devise-and-cancan.
If devise does not exactly do what you need, maybe this recent webcast from Ryan Bates will help you.
I'm in need of an authentication method that works with DataMapper. I can see that the authlogic plugin requires the fields
crypted_password, password_salt, persistence_token
in the User model. Is it enough to just add these fields to the User model definition using DataMapper?
It would need to be significantly more sophisticated than that, since the APIs are quite different between DataMapper and ActiveRecord. However, it appears at least one person is on the same wavelength as you. Check out this ticket, which has a link to this pastie that integrates authlogic into a User model using DataMapper.
simplest_auth
is compatible with DataMapper
I starting building my app using nifty-generators for the user authentication because I'm new to Rails and it was the easiest approach. Now, we're looking to launch the app and I want to implement the popular Restful Authentication because we need some of the features it offers.
I've never upgraded an existing model in this way, and I'm wondering what the best approach would be. Should I strip out the user model-related stuff? Or will Restful Authentication just overwrite the commonly name items? Of course, I can go into the app and make tweaks based on any changes.
Generally, how would more experienced Rails coders approach this?
Thanks!
You might want to check out Authlogic instead. There's a good railscast episode where he implements Authlogic with nifty generators.
I would add another model and relate that via an has_one-relation..
f.e. adding a Account-Model (if your user-model already exists)
class Account << AR
belongs_to :user
end
class User << AR
has_one :account
end
If you've got a fair amount of tests, there shouldn't be an issue. Your suite will let you know if you've done something wrong.
Personally I would implement Restful Auth, by hand, on another project. Play around with it until you understand how it affects your user model, then copy over the code and any migrations you need.
A nice tutorial on Restful Auth and some cool extensions is here