good walk-through on authentication and authorization in rails? - ruby-on-rails

Im new to rails and would like to implement authorization and authentication for my app, is there any good walk-through from the installation of the plug in to getting role based authorization implemented?
thanks

I would recomend you to check out the excellent railscasts site, where you can find many authentication/authorization implementation examples. I would choose between:
Authentication:
Authlogic
Devise
Authorization
Cancan
Declarative Authorisation

Try http://railscasts.com
specifically:
http://railscasts.com/episodes/192-authorization-with-cancan
or
http://railscasts.com/episodes/188-declarative-authorization
There are lots of plugins but the above are a good place to start (and railscasts is a great resource)

Related

How to secure Ruby on Rail CRUD actions?

I just got done through the RoR getting started guide and created the blog sample app.
And read the last section on securing CRUD actions via http basic auth: http://guides.rubyonrails.org/getting_started.html#security
How else would one secure their CRUD actions/what are some more secure alternatives to the HTTP basic auth shown in the guide?
Take a look at this starter application from the RailsApps project:
Rails Authorization with Devise and Pundit
Devise provides authentication and user management. Pundit provides authorization and the example app shows how to add access control for each controller method based on roles.
checkout the ruby toolbox for some options on authentication: https://www.ruby-toolbox.com/categories/rails_authentication
Devise is the most popular library: https://github.com/plataformatec/devise/blob/master/README.md

Which one should I use cancan or authlogic to only authenticate the admin folder

I have a rails 2.3.8 application that has an admin folder that if anyone enters
/admin/anything
they need to be prompted for a login...I was looking for a good approach to do this
here the resources I was looking at authorization and authentication
The way I was thinking was to install authlogic or cancan or both or neither....not sure if anyone has a better solution. BTW I dont want authentication anywhere on the site
The best way to do this is to have all controllers under the admin/ namespace inherit from an AdminController with a before_filter that handles authorization
The simplest way to do this is to use http_basic authentication (railscast)
If you want multiple user/passwords, but without the complexity of devise/authlogic, try nifty_authentication (via ryan bates' nifty generators)
As ruby-toolbox indicates, CanCan and Devise are the most popular authorization / authentication solutions for rails. Check out the always excellent railscasts.com episodes to get started:
http://railscasts.com/episodes/192-authorization-with-cancan
http://railscasts.com/episodes/209-introducing-devise
Railscasts is a fantastic resource for quickly getting up to speed on rails topics.

Does restful_authentiation work in rails 3?

does restful authentication work in rails 3?
Is devise the new standard?
I would love for an authentition system to support website registration + twitter and openid, does devise do this?
Devise seems to be the new standard, I think it's a great auth solution and has support for pluggable auth strategies.
Checkout Janrain engage. They offer a free solution that lets you connect through numerous auth portals. It also works seamlessly into devise. There's a great railscast that outlines how to achieve this.

How do I create a Stack Overflow-like registration process?

I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1

Login/Register in Ruby on Rails?

Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.

Resources