I'm in need of an authentication method that works with DataMapper. I can see that the authlogic plugin requires the fields
crypted_password, password_salt, persistence_token
in the User model. Is it enough to just add these fields to the User model definition using DataMapper?
It would need to be significantly more sophisticated than that, since the APIs are quite different between DataMapper and ActiveRecord. However, it appears at least one person is on the same wavelength as you. Check out this ticket, which has a link to this pastie that integrates authlogic into a User model using DataMapper.
simplest_auth
is compatible with DataMapper
Related
I am new to Ruby on Rails. The rails application that I have developed has several models including one for user that stores user name, passwords and other user related information.
Now the problem is that a few columns of a table corresponding to a model has modified erratically. Now I want to know if Ralis has any feature so that I can know the user who has done this or this is because of some other reasons.
You can try installing Userstamp and maybe Paper Trail to track changes to records. If you've implemented the User model yourself (as opposed to a framework like devise), you'll need to read the docs carefully to see what properties are expected of your User models to get the full benefit.
Using devise
It adds other columns(yours) in migrate, before generate views
https://github.com/collectiveidea/audited might provide the auditing you require.
I use restful_authentication plugin in rails 2.3.5. application.
In this application, I want to permit to login with a single session for a single account at the same time.
In other words, I don't want the users to login with single account using several computers.
Does the restful_authentication plugin support this function?
If not, how can I realize this function?
Please give me some advise.
Thank you very much in advance.
Out of the box, no. You could track the session ID in a table with the user ID and then check that the same session ID is being used. However, this is clunky and you're going to cause problems for the user when he forgets to log out. You'll need to implement some kind of timeout for the sessions as well, so that you don't end up with sessions locking a user out forever.
The alternative would be to switch to authlogic. It also does not support this out of the box, but it should be easier to implement. One likely solution has been posted here. I haven't tested what was written there, but the approach looks a lot like what I would attempt to do in this situation.
Having used both restful_authentication and authlogic in many apps, authlogic wins hands-down. There's also Devise, which many people have had success with. (I'm not one of them, but maybe my needs didn't align with what this gem was offering.) You should definitely explore Devise and authlogic before hacking something into your existing setup, because the more modular designs of the newer gems should yield cleaner code when it's over.
Also: Update your Rails to the latest 2.3.*. There have been many security fixes since 2.3.5.
I have a rails app where I need to add authentication. The problem is that I have a legacy database with custom user and password fields (t_user and t_pass). Plus, t_pass is not encrypted.
What I'm looking for is something like http_basic, but where I can have methods like current_user, and probably with a better user interface. I don't need validation, password reset, anything. Just a way to authenticate my way. I'd use restful_authentication but I'm on rails 3. I saw a fork that works with rails 3 but I was wondering if there is a better way to handle this situation?
It looks to me like you could probably do what you need using Devise and a bit of extra playing around. Specifically, you'll want to:
Make sure you create your user model table using your legacy auth table.
Override valid_password? on this model to check against your t_pass field.
Override self.find_for_database_authentication to find your model based on the t_user field.
If you want to support registration, you'll probably need to write a new encryption strategy as well.
Just a word of warning though: Storing passwords in plain text is very bad practice. If you have any choice at all, I'd seriously consider doing a migration of existing users into Devise's standard structure, with crypted passwords.
If you are looking for alternative gems to use then you can try Devise. You can extend/change the default settings to achieve what you want.
Devise and Authlogic are two potential options. Can't comment on Devise I'm afraid as I've never used it. Seems to be very popular at the moment though.
The following would get you started with Authlogic:
class User < ActiveRecord::Base
acts_as_authentic do |config|
config.login_field = :t_user
config.crypted_password_field = :t_pass
config.crypto_provider = YourCryptoProvider
end
...
end
There's a railscast on the basics of getting authlogic going.
The difficult part of this is that you would need to create your own crypto provider class as described http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/CryptoProviders as authlogic doesn't provide a plain text password check method.
As discussed above, look into migrating your passwords to encrypted versions if that's an option for you, it will stop you from fighting against the auth frameworks so much.
I recently switched to MongoDB and I am wondering if I can continue using any of the popular admin interface solutions, such as ActiveScaffold and Typus?
You can try Rails Admin:
a Rails engine that provides an easy-to-use interface for managing your data.
Features
CRUD any data with ease
Custom actions
Automatic form validation
Search and filtering
Export data to CSV/JSON/XML
Authentication (via Devise or other)
Authorization (via CanCanCan or Pundit)
User action history (via PaperTrail)
Supported ORMs
ActiveRecord
Mongoid
ActiveAdmin https://github.com/gregbell/active_admin is a great tool for the admin interface creation. And I believe sooner or later they add mongoid support.
Right now there's some patch for it: https://github.com/ebeigarts/mongoid_active_admin_app
I didn't try it myself though.
if your using Mongoid as your ORM, then active_admin should do the job.. apply this patch to get it working
this disables some functionalities (mostly filters because active_admin relies on meta_search and that gem only supports active_record)
Fixes ActiveAdmin sorting
Disables ActiveAdmin Filters/Search
Disables ActiveAdmin Comments
I think you'll find this page on MongoDB's site to be the best help:
http://www.mongodb.org/display/DOCS/Admin+UIs
There are many admin applications available, some in browser, some fat client, etc. that you can use for admin and maintaining your Mongo backend.
I am a .Net programmer so I have used only MongoVUE, but one that caught my eye that I might check out and it should be platform agnostic is JMongoBrowser
I'd bet plenty options will work with a RAILS setup.
I am building a project management app and I am not sure which is the best/correct authorization model to implement given I am new to Rails (and programming in general). Here is what I am trying to do.
I want to be able to add a "client" to the application and then multiple projects to a client. I would like to be able to add users (that are essentially representatives of the client) to view that clients multiple projects but not other clients. I intend on having controllers for time tracking, notes, comments and images all to be associated with both clients and project of that client.
In addition, I would like to set up the account to control who is able to have one. I don't need the user to establish an account on their own.
Does that make sense?
I believe what you are mentioning is called Authorization not Authentication, anyway:
I would suggest acl9 for authorization and authlogic for authentication.
These (free) Railscasts should give you some food for thought. There are lots of great RubyGems/plugins out there for this sort of thing.
The Ruby Toolbox gives you an overview of tools and their popularity in the rails community (rated by watchers and forkers on GitHub). As you can see there, the suggested plugins restful_authentication and authlogic are almost on the same level.
Restful Authentication is still the golden standard for user authentication in ruby on rails.
I have used Authorization plug-in in the past and like it because it gives some nice meta methods such as:
user.is_eligible_for_what --> returns array of authorizable objects for which user has role "eligible"
user.is_moderator_of? group --> returns true/false
user.is_moderator_of group --> sets user to have role "moderator" for object group.
user.is_administrator --> sets user to have role "administrator" not really tied to any object.
There's also a brand new RailsCast on CanCan.
I'd use AuthLogic for authentication (logging in users and making sure they are who they claim to be) and declarative_authorization for authorization (making sure they have access to resources). See Ryan Bates' excellent Railscasts on AuthLogic and restful_authentication for more info.