i have a simple record system in rails, it has customers, appointments and visits as models.
with visits and appointments belonging to customer.
i want a simple authentication plug-in for the owner of the application, to be able to log in and edit and create new data in the system (administrator user) and be able to add new admin users to be able to log in to the system.
a plus would be if the plug-in allowed the admin user to also create customer accounts for customers to be able to go on line check their own customer profile, appointments and visits details.
so basically a authentication plug-in for a super user and a limited user (to view their own profiles).
i don't want anything too fancy to be honest like sending a verification e mail etc.
thanks
Checkout Devise:
http://github.com/plataformatec/devise
There's a couple railscasts on it:
http://railscasts.com/episodes/209-introducing-devise
For role-based auth you can combine Devise with Cacan:
http://railscasts.com/episodes/192-authorization-with-cancan
http://gist.github.com/389299
http://railscasts.com/episodes/210-customizing-devise
I have a plugin for doing simple Role-based Access Control:
http://github.com/heavysixer/rolesystem
If you need simple
Check out: http://code.google.com/p/rolerequirement/
Use that with the restful-authentication plugin
I use it in 2-3 projects and it works great, I even did some hacking to enable ldap authentication too.
Related
I'm looking for guidance as to how I should introduce authentication and authorization into my Rails application. I apologize if this gets long, but I'm trying to provide the context necessary to help me understand what roads I should go down to achieve this.
First off, my technologies:
Rails API BE
React FE
Business Requirements:
Invite only (Invite from root admin user)
Multiple types of users
Root Admin (invite users and assign types)
Users
Attorney, Paralegal, Client (each has different roles / capabilities)
Walkthrough
Root Admin User creates accounts for attorneys and paralegals. These accounts go out via an invitation to join.
Paralegals can create clients. When created, an invite goes out to the client to join the application. Paralegal assigns attorneys to be responsible for the clients.
Different Roles
Clients manage their own data
Paralegals can 'validate' client data
Attorneys can 'Approve' Paralegal changes
Bottom line:
We need each type of user to log into the application
Each user gets a role specific to their capabilities
These capabilities will involve different UI capabilities in React
React will need to know that
The user is authenticated
The user is authorized only for certain actions
These capabilities will involve REST calls to Rails
Rails will need to validate that
The user is authenticated
The user is authorized only for certain actions
I've done this in the past using Devise but am looking to move authentication and authorization to the cloud to allow for future app development ideas. That's where I'm not sure what to do. I've been reading a lot of different possibilities and at this point I'm just not sure which path I should choose. So I'm looking for advice how to pull authn/authz out of Rails and into the cloud.
After all this, I think my question is just -- could someone point me down which road I should go? AWS Cognito? Auth0? Stick with Devise? How does Rails work with cloud auth providers?
Really, just anything helps.
Any advice would be appreciated.
We have ASP.NET MVC applications. We have our own IdP for SSO, The IdP issues authentication ticket using OpenID Connect Protocol. Users can access all our applications by singing once.
We want to use JIRA ticketing system for users to create ticket.
We can create account for every user and provide link on UI to JIRA to create ticket. However that is not convenient if we have large number of users, and keep growing.
We can also create a form in our applications and then submit the form to JIRA using their API. However I am trying to avoid this option because then I have create form in every application and maintain it.
Ideal optional would be, when user clicks on the create ticket link, it should get redirected to JIRA ticketing system, MUST get authenticated implicitly (maybe using access token) and be able to create ticket using JIRA's ticketing system.
Is this possible? Can someone please provide guidelines
You should consider using JIRA's built-in IssueCollector.
This is super simple to set up, and you can find more info here
Unless you need to do something really custom, then this should work out of the box.
I'm implementing a rails application that manage some objects let's call it project.
Every project has a:
category
region
company
I have to implement an authorization mechanism that allows me to assign user permission like that:
A User can edit all the project with region ASIA and can read all the project with category Information technology.
I found multiple gems that deal with authorization.
Which is the best one for you in relation to configurability and easy to use?
I like to use the Devise gem to authentication and user management, and Pundit to access authorization and scope policies. With Devise you can create users models easily and attach to oAuth services like Google, Github, Facebook... Also with Pundit is easy to create access policies to each resource in your app. Hope it helps!
I am trying to get Sitefinity to work with MVC and JQuery Mobile and am having many issues....
The current issue is that I need to have users authenticate to access parts of the application. This authentication needs to be with an external service, the users logging into the front end will not be in the Sitefinity user base. I also need to have users who can log into the back-end to update the content, these users will be managed by Sitefinity.
To secure pages in MVC I add a authorize attribute on the controller. This needs to confirm the users on the front end have been authenticated by the external service, but still allow users logged into the back end to be able to updated content.
This is not working, when I hit the page with the authorize attribute on the front-end it is trying to take me to the sitefinity login. Has anyone found a way to make this work?
Well, I have a way to do it now, but I'm not all that excited with it...
I heard back from Sitefinity support and was given a few different ways to do this.
1) Create my own custom AuthorizeUser attribute, save the values when I authenticate to the session of a cookie, check for that value on the attribute...basically rewrite all the Authenticate functionality myself. - I'd really like to keep the Authenticate functionality as much as possible so I don't think I will do this.
2) Create a Custom Membership Provider, add this to the Sitefinity backend as a valid membership provider. This would be a good solution if I was wanting to store my users in a database and validate/update them. But, I am only validating against a service.
3) Create a dummy user in the Sitefinity backend with no access and definitely no backend access or admin access. After authenticating to my service if all is good then log into this user from the code. After this the [Authenticate] attribute finds that this user is logged in so all is good. As I do not need to check roles or claims in my app, just that user is logged in, this may work. It seems pretty ugly to me but I am assured that as long as the user does not have backend access or admin access it will not count to co-current users and many many users can be logged in as the same user.
I will go forward with option 3 and see how it goes and if I can get it past the architecture team.
here is the link where I found option 3 with some more info...
http://www.sitefinity.com/developer-network/forums/sitefinity-sdk/custom-authentication
James!
Not sure but I think your 3rd party service should use the Sitefintiy Single Sign On.
Maybe the following help topic on how to setup Sitefinity single sign on will be helpful:
http://www.sitefinity.com/documentation/documentationarticles/authentication-models-overview
I am pretty new to RoR development and newer to LocomotiveCMS...that said, I am trying to build a relatively simple site with LocomotiveCMS. Ideally, I would like to restrict the entire site from anonymous users, and then extend the roles as read-only, contribute, admin, etc. I see that Locomotive uses devise for authentication for /admin. Is there a way to restrict access to only authenticated users?
The easiest way to do this would be to make every page unpublished. Users would then have to be logged into the CMS to be able to see any of the pages.
This PR adds switch in page settings for restriction of anonymous users.