Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best!
I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might you guys can tell me what is good and what is bad..?
You need to split authentication from authorization.
Authentication covers the login/logout process. Authorization is directly linked to permission to see/use resources.
Authlogic is a very good authentication gem.
For authorization you can check CanCan from Ryan Bates, which is very simple to integrate with authlogic (just a single file in the models folder called ability.rb in which you configure all the app authorizations).
EDIT: You can also go with a simpler solution but you will lose flexibility
I used Devise and it worked quite well, however it did not met my needs...
What you might need however looks like something super simple, something like this: http://railscasts.com/episodes/21-super-simple-authentication
I use Authlogic for authentication and DocSavage's Rails Authorisation plug-in for authorisation needs. Its a simple yet powerful plug-in.
Rails authorisation plug-in: http://github.com/DocSavage/rails-authorization-plugin
Related
Im learning Rails by building apps.
I want to make my first authenticated app: users signup, login, do some changes in models they have access to and logout.
I did the Google search but it is quite confusing: many plugins, many tutorials. Don't know where to start.
Is there a state-of-the-art authentication method for Rails? What do you use in Production to authenticate your users?
Any help in this will be helpful. Thanks
I've used authlogic in the past and have been quite happy with it. Ryan has a railscast (video tutorial) for authlogic here.
+1 to Jason, -1 to NSD and sparky. Authentication system is not the thing you want to build yourself, at least if you're aiming for production use. It's like inventing your own encryption algorithm - it's a lot more safe to use something extensively tested and well-developed.
I've also been using authlogic, but there are some alternatives over there - like the good old restful authentication, and devise, which I guess is more modern so to speak. BTW the two latest railscasts are devoted to devise.
If your application is simple and just want a simple and secure user login page you might want to look into the Restful Authentication plugin. Its very easy to use and if you don't have much authentication requirements this should do fine.
script/plugin install git://github.com/technoweenie/restful-authentication.git
script/generate authenticated user sessions
rake db:migrate
You can find out more by checking out this excellent railscast.
As A beginner I would recommend Restful Authentication as its simple to set up and will get you up and running with no time
following is a step by step guid
http://avnetlabs.com/rails/restful-authentication-with-rails-2
and authlogic - (http://github.com/binarylogic/authlogic) is another great plug in which is more flexible but requires some work to implement user registration and stuff
cheers,
sameera
One man's state-of-the-art authentication system is another man's worthless pile of garbage. You're almost always better off rolling your own in the long run. O'Reilly's Ruby Cookbook has some extremely basic examples that will set you off in the right general direction, then you can decide whether or not other people's solutions are right for you.
I would agree with NSD. Figuring out the plugins & how they should mesh with your application to me longer than creating an auth system in my latest application.
My tips - create a user_sessions controller and use normal CRUD methods to handle creating/destroying (ie logging in & out). Create another model for the user - it can handle create accounts & updating (ie changing passwords). Stick a :before_filter on each controller which needs protection.
We are evaluating plugins for Authorization in Rails. The two at the top of our list are
cancan and declarative_authorization.
I would like to get some feedback from anyone currently using either of these plugins.
The problem we are going to face with any authorization plugin is that we have a
database per customer model and will need to modify the plugin to work within that
model. Because of this fact I'm interested in hearing from anyone who has had to tweak the
plugins at all as well.
I'm just starting to look around at the code. It seems like cancan might be a little easier to customize.
Any thoughts?
Cancan is a lighter weight plugin for smaller sites. You can see a video on railscasts.
http://railscasts.com/episodes/192-authorization-with-cancan
I've used declarative_authorization with authlogic/restful_auth for several projects. It has everything you would need. 1) Model security. 2) Controller security 3) methods available to the view to check auth.
The only frustrating thing I've run into with declarative_authorization is me not reading the rdocs.
http://railscasts.com/episodes/188-declarative-authorization
Authority
I'd suggest you also check out my new gem, Authority. Because you do the actual logic in plain Ruby classes and methods, you can check any data source you need to: different databases, static files, phases of the moon via a web request, you name it. :)
I ended up using declarative_authorization. Now it seems that auth_logic is where the community is headed.
declarative_auth would have been really simple if it wasn't for our apps multi-tennant db
model. I had to modify the source a bit to make it all work, but it wasn't too tough to do, and
I was pretty green when I started this project.
It seems like you really can't go wrong with any of the solutions. cancan seemed cool too
but it would have needed more mods for what I was doing so I decided against it.
Its written by Ryan Bates though which is cool. Love rails casts! :)
I know this post is old but I figured I'll update any because you never know.
I am using Authlogic for my user authentication, and would like yo add roles to my users - Need security check from model's and controller's
current_user.has_role?('admin') etc
There is a lot of role based plugins out there, but I not sure which when to use with Authlogic. Does anyone what works best with Authlogic? (if any..)
Best regards.
Asbjørn Morell.
Check out the acl9 plugin. It's a really powerful solution and the author himself suggests Authlogic as underlying Authentication system.
Acl9 is a authorization solution, so
you will need to implement
authentication by other means. I
recommend Authlogic for that purpose,
as it’s simple, clean and at the same
time very configurable.
I would like to add authentication to my Rails app. I came across few plugins that do this: acts_as_authenticated, restful_authentication, Authlogic...etc
I haven't seen an article that describes differences, advantages and disadvantages of using each.
Can you help with that? which one do you use and why?
Thanks,
Tam
I recently switched from restful_authentication to AuthLogic. The main reason was because I found restful_authentication a bit too bloated for what I was trying to achieve. Check out Ryan Bates' brilliant screencast:
http://railscasts.com/episodes/160-authlogic
I've switched from restful_authentication to Authlogic, because Authlogic is a plugin/gem as opposed to a generator. This makes it infinitely easier to upgrade.
Authlogic is also geared around being extensible, so you can fairly easily use it with OAuth or Facebook Connect (there are Authlogic modules that implement this, but I'm not using them; it's super easy to create an Authlogic user session manually).
Stay away from acts_as_authenticated. It's ancient and unmaintained. As noted, restful_authentication is its successor.
I'm a bit late to this party, but Devise looks pretty good. I'm using it on a project after trying AuthLogic. There's a couple of railscasts on it as well. I like it so far...definitely worth a look.
http://github.com/plataformatec/devise
I personally tend to use restful_authentication out of habit, but I've made use of AuthLogic a few times. AuthLogic is a lot leaner and cleaner code and tends to be much easier to setup and integrate into a project. It is also is newer and more popular (or feels like it as of late), so it should be easier to find resources or help if you need it. I'd definitely go AuthLogic.
If you'd like to know more about restful_authentication and see how it varies from AuthLogic in practice, there is also a railscast for it.
http://railscasts.com/episodes/67-restful-authentication
If you are looking for alternatives to the standard username/password scheme and using only external identity providers, there is a new plugin called OmniAuth that works at the rack level (so it's independent from Ruby on rails) and supports multiple external identity providers like OAuth, Facebook Connect, Google and LDAP.
There are also two Railscast episodes on how to use it: Episode 1 and Episode 2
If I am correct, restful_authentication is the succesor of acts_as_authenticated. I would therefore strongly disrecommend using acts_as_authenticated.
I personally use restful_authentication. It just works the way I expect it to work...
There's also thoughtbot's clearance. Though I chose Authlogic because of the authlogic-oid open id "add-on" gem.
I'm looking for a quality Administrative plugin for Rails. It seems that most of the existing plugins/gems (e.g. "restful_authentication", "acts_as_authenticated") revolve around self-signup, etc. However, I'm looking for a full-featured Administrative/Management role-based type of solution -- but not one that's simply tacked on to another non-role-based solution.
If I can't find one, I suppose I'll roll my own...just wasn't looking to re-invent the wheel.
Ryan Bates has recently made two railscasts on authorization (note the difference between authentication and authorization; authentication checks if a user is who she says she is, authorization checks if the user has access to a resource). Episode #188 is on declarative_authorization, which is a really powerful authorization plugin. Episode #192 (sorry, I don't have enough reputation to link to it) is about Ryan Bates' own CanCan plugin, which is a much simpler plugin, but it would still work for most apps.
There are a few out there. I have used:
http://github.com/DocSavage/rails-authorization-plugin/ for applications before in conjunction with restufl_authentication, but I believe it will work with any authentication that gives you a current_user method. On github there is also http://github.com/mdarby/restful_acl/ and http://github.com/danryan/role_model/, they are just role based stuff though I'd say not authentication as well.
The authentication and the access control role based stuff are all available as seperate plugins/gems to the best of my knowledge, and that's a good thing as they are different beasts. Not all apps that have authentication need to have ACL type stuff and even some that do only need a really simple am I an admin kind of thing rather than a full blown user roles thing. So I'd say if you want one that does it all you'll have to write, if you don't want to do that than I'd say a combination of either Authlogic or restful_authentication with on of the authorization plugins will do the trick quite nicely.
You might check out the links in "Which Rails plug in is best for role based permission?".
None of the solutions listed there seem very appealing to me. The top contender, role_requirement apparently requires restful_authentication, but I find AuthLogic much better designed and less intrusive. The others listed seem to not be very actively maintained.