i'm currently buidling my own blog using rails 3. and use devise gem for authentication. the problem is , i want only one user out here --- the admin user, and prehibits others from signing up, how can I achive that?
Is there any reason why you can not use Basic Http Authentication? IMHO devise seems to be an overkill for this usecase.
Related
I've been battling at how to accomplish this for a while and even started working on different solutions only to notice it's not very practical or could lead to problems.
Scenario: A user can create an Admin account and invite (mail invite) another user as a Client. I was thinking of using the devise_invitable gem to handle the invitation process. I'm not sure if I should have 2 models (Admin/Client).
Gems I've been considering:
devise
devise_invitable
cancancan
pundit
rollify
The thing is that whatever setup I use for authentication and authorization must comply with devise_invitable gem given that its a load of my mind to build that functionality myself.
Devise and Oauth 2.0. If you need an admin panel you can use rails_admin or there are a variety of admin gems as well, Or you can make your own.
I am creating a social networking site for my university and I'm wondering which gem I should use for the login process, or if there is any other more secure way to implement a login process. Is there document or sample code which can guide me?
I've heard about the Devise gem but I am not sure that it will be work for us, or how to use it.
Definitely recommend devise. It's written by one of the top contributors to rails Jose Valim. It's pretty easy to use, especially if you just stick with the defaults which are very reasonable. And it's kept up to date - currently only has 7 outstanding issues. For a project with 6.4k watchers that's pretty amazing.
There's a getting started guide with everything you need to get started.
There's also a devise wiki with a lot of examples. Here's just a few:
How To: Disallow previously used passwords
How To: Display a custom sign_in form anywhere in your app
How To: Do not redirect to login page after session timeout
It largely depends on what features you're looking for. If you require a full-featured authentication solution (Registration, Forgot Password, Remember Me, Login) then either devise or Authlogic is recommended.
If you're just looking for a simple way to authenticate users (via login and password for example), you can just use the Rails built-in authentication via has_secure_password. Ryan Bates did a RailsCast on it not too long ago.
Whatever method you decide to go with just remember that without SSL its not secure.
Devise is very nice. However, I'm partial to using NoamB's Sorcery gem. Its like a balance between rolling your own and Authlogic.
Check it out here:
https://github.com/NoamB/sorcery
Also nice railscast on it:
http://railscasts.com/episodes/283-authentication-with-sorcery
I have integrated Devise and OmniAuth with my Mongoid ORM setup using the following examples:
https://github.com/plataformatec/devise/wiki/Example-Applications
My client code is mostly JavaScript (ExtJS) and relies on JSON for all of the communication. I use no Rails templates. I am looking to build a multi-provider authentication model, primarily using user/pass, Facebook, and Twitter. I am having difficulty putting together the full User authentication flow with respect to my application stack.
I am looking for an example that uses JSON responses to the standard authentication actions, instead of redirects, and provides an integration with OmniAuth that uses Mongoid. In addition to the above examples, I have gone through Ryan Bates' Railscasts on Devise and OmniAuth. Every example I have worked through so far have either been ActiveRecord, or Rails template oriented. Any pointers are appreciated!
This (https://github.com/fertapric/rails3-mongoid-devise-omniauth) is a good example app for getting set up with rails 3, devise, omniauth and mongoid, and a tutorial to go along with it here: https://github.com/fortuity/rails3-mongoid-devise/wiki/Tutorial-(Walkthrough)
Then you'll need to override the user sessions controller to provide the correct json responses for your app, there is a good example here: https://gist.github.com/733647 and here: http://groups.google.com/group/plataformatec-devise/browse_thread/thread/daa3332b3c4a1b4b
Hope this helps
I would suggest that you roll your own authentication mechanism using Rails 3.1 ActiveModel::SecurePassword instead of using Devise. You will get a cleaner solution that way than trying to tweak Devise to provide JSON responses.
If you can't use Rails 3.1, I would still suggest that you roll your own instead of overriding an internal Devise method (which the gist that Nesbitt links to does).
does restful authentication work in rails 3?
Is devise the new standard?
I would love for an authentition system to support website registration + twitter and openid, does devise do this?
Devise seems to be the new standard, I think it's a great auth solution and has support for pluggable auth strategies.
Checkout Janrain engage. They offer a free solution that lets you connect through numerous auth portals. It also works seamlessly into devise. There's a great railscast that outlines how to achieve this.
I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1