This question already has answers here:
Closed 10 years ago.
In the .Net world we have the Membership provider, with this we can fully automate user registration and management. Does such a gem exist for the Ruby on Rails community.
I am looking for something that would allow a user to register, retrieve lost password, modify password and login.
See the answers given to this question recently - again, I would highly recommend Devise and the two railscasts on it, http://railscasts.com/episodes/209-introducing-devise and http://railscasts.com/episodes/210-customizing-devise. Devise handles all the things you described above - from the GitHub page:
"Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
Recoverable: resets the user password and sends reset instructions.
Registerable: handles signing up users through a registration process, also allowing them to edit and destroy their account."
Hope that helps!
Take a look at Devise - http://github.com/plataformatec/devise
It's a popular Rails engine for user authentication and should do what you need (and more).
Not sure that it has all of the features you want, but I really like restful-authentication.
http://agilewebdevelopment.com/plugins/restful_authentication
Features per website:
Login / logout
Secure password handling
Account activation by validating email
Account approval / disabling by admin
Rudimentary hooks for authorization and access control.
It also makes an appearance in a screen cast over at http://www.buildingwebapps.com/learningrails
Episode 11 about adding User Authentication. Watch the others if you are 100% new to rails, but if you just want to see them use the gem, skip to that one.
Check railscasts for a number of new options, including OmniAuth, Sorcery (my choice this week), and authentication from scratch, which may be less painful than the options listed before.
Related
I have implemented the devise+patreon gem in my Rails application without issues. Now, devise requires an email/password by default when creating a User, but Patreon just uses the oauth integration.
I am wondering, what is the proper strategy to use so that I can migrate the Patreon Oauth users as Devise users, without having to set dummy passwords/emails to allow for validation to go through. I still want to eventually allow users to register via Devise natively, as well as through Patreon.
Is there maybe a known strategy/gem/addition for devise that I may have missed that can easily achieve that?
You can retrieve the user email and a lot of other infos (see here) about the user in the login call to patreon's services, but password will remain unknown, you can't just copy & paste a User.
In my Rails app, we use Devise gem for authentication and authorization. But for viewing some of the pages clients want a second password to be entered who will act like super users. This is not an Multi-Factor authentication request, but a kind of One Time Password (OTP) for a given set of pages/resources, just that the OTP will be static.
Devise does not provide this feature. Googling hasn't helped. Any idea how could this be achieved?
This sounds like a bit of an anti-pattern. Why not have an additional field on User that denotes if the user is a super user or not?
This has the benefits that:
there is no password to remember and distribute
super users have one less step to perform
you can easily remove users from this group, if needed
you don't need to build a secondary login form/page
I am using devise for the signin process.
Now my requirement is:
*User will enter some answers to the questions during registration.
When the user signin with his email and password, he will be asked with those security questions.
If the answers are correct, he will be directed to dashboard or else if he fails to answer (2 out of 3), then the account will be locked.*
Is there any easy method to implement this MFA in Rails?
Thanks in advance..
I would recommend using Devise with the security extension. It is a simple setup, and allows a ton of customization.
Follow that up with adding the questions to your sign in page and adding a before_filter in your UserController
before_filter :security_question_answered!
Forcing the user answer this for every login can become tedious. I see security questions more commonly used for reseting a password when someone does not have an email.
Piggy backing off Slicedpan, this is not MFA. Look into two-factor for devise or another gem. Happy coding.
I'm now on level 7 of Hartl's rails tutorial book and I'm starting to think about my application in deployment. It's an app that allows about 12 social workers to communicate collaboratively and privately. Thus, I need to password protect it.
However, it also needs to be easy to use, very easy to use. A few of these people haven't used a computer before, and having logging on and sign-up processes would put them off completely.
Thus I want to create a landing page, where they have to type a password in (the same password for everybody), then it redirects to the 'discussion pages.' My first idea was to use some obfuscated javascript such that upon typing in the password, it redirects them to the discussion pages, but this doesn't sound very secure.
Can anyone recommend me a better way to do this in rails? Ideally they would only have to type it in once, and then it would authenticate them for all the pages automatically (by setting a cookie?) and anyone trying to access a page directly would be redirected to the authentication page.
Cheers in advance
A very simple authentication option is available to you in this situation. I would suggest you watch the Ruby on Railscast episode 270. I think it just maybe what you are looking for.
If you want really simple, you can use authenticate_or_request_with_http_basic
It's not a replacement for a real authentication system, e.g. Devise or AuthLogic however.
I started to use the lockup gem for this purpose:
https://github.com/gblakeman/lockup
It is super easy to setup and almost every user accessing the site should be able to use it.
I have a rails 3 app that is currently using Devise for authentication. I would like to send an email to users from time to time that would contain a link. When they click the link they would...
bypass the login page
go directly to the page i'm directing them to
and authenticate in the process
I tried several Google searches that would shed some light but came up empty. I am interested in the how to's, the risks and how to make it as secure as possible.
Also, are there any other Tags that would be relevant to this question?
Thanks!
I think you're really looking for token authentication.
Take a look at this blog (deleted) which is linked to from the devise wiki here.
It's a bit of a weird example in that UI given is for a user to generate a login link for themselves. Still - it presents the correct approach to login-using-a-link.
Update: Token Authentication has been removed from Devise. This gist and this Stack Overflow post address the issue.