I have implemented authentication systems for webapps several times over the years, but before I do it once more, I thought I'd ask if there's a canned solution I should know about.
Last time I checked, there was no built-in Rails authentication system and the standard solution was the restful-authentication plugin. Is that still the case? Or perhaps it's been folded into Rails itself by now? I've seen that happen.
I'd now suggest AuthLogic instead of restful-auth, it is far less intrusive but less supported (restful-auth is included in things like bort).
Restful-authentication is still the standard. If you haven't look at the plugin for a while, the source has moved to Github
Related
Are there any updated tutorials for using OpenID with Authlogic? I'd heard good things about Authlogic, and the documentation makes it seem much better than Restful Authentication... but in trying to implement OpenID, 100% of the tutorials and information I've come across have been outdated (including Railscast #170). They depend on gems that either no longer work or no longer exist. And to add to the frustration, Github has been down for hours today.
Does anyone know of a simple updated guide to get OpenID working with Authlogic? Thanks!
The solution (if you're on Rails 2.3.8 like I am) is to use older versions of pretty much everything. I fond this app and simply copied the versions of the gems they were using: https://github.com/holden/authlogic_openid_selector_example. That meant using the authlogic_openid plugin rather than the gem form.
Things worked well after that.
I'm introducing comments into a Rails application, and, being exceptionally lazy, I'm looking for a plugin to do it for me. I came across acts-as-commentable, but I didn't find much else. Acts-as-commentable seems fine, but it doesn't have support for threading.
Of course, it wouldn't be too hard just to home-brew the entire thing, but I think that surely commenting is such a common feature that there should be a canonical plugin to handle it. Can somebody with perhaps more Google Fu than me point me in the right direction?
This is acts_as_commentable_with_threading plugin which help you for threaded comment.
Link::
http://github.com/elight/acts_as_commentable_with_threading
The most lazy approach would be to use third-party commenting system like DISQUS : just copypaste a couple of javascripts and you're done.
Surely, it can't be used if your app has an authentication system of its own.
If you do not want to integrate a third-party service like Disqus, you have Juvia The Comments and Commontator. Also you can count with opinio as alternative. but only with Rails 3 and at the moment and as notice the development seems stalled.
Does anyone know of a good guide on building your own authentication system in ruby on rails?
I want to roll my own system to use with my community im building :)
Thanks!
I'd recommend starting with Warden - it'll handle the very basics of sessions for you, and give you a good foundation to build your logic on top of. The Rails Warden plugin is a rather small library that helps integrate it into Rails. Both of these projects are fairly mature and well-constructed yet still under active development - they're good choices all around.
You should be aware of Devise, another authentication framework (like Authlogic or Restful Authentication) that is based on Warden. It may not be a good fit for your project (it wasn't for mine), but looking through the source might give you a few ideas on how best to use Warden.
The other thing I'll note is that, in terms of hashing passwords, you should absolutely use bcrypt.
michael hartl has a good book coming out soon and the first 8 chapters are available in pdf format for free here: http://www.railstutorial.org/ - they cover the entire process of creating a very solid rspec-driven authentication system - can't recommend it highly enough
Well, it came out a while after you asked your question but the best answer if you're keen to build your own authentication system rather than use something like Devise would probably have to be Ryan Bates' Authentication from Scratch Screencast.
Since authentication is a common problem that has been solved many times already, I would start by investigating the solutions already out there.
For example, have a look at Restful Authentication which provides a good foundation for authentication in Rails. Even if you'd rather roll your own system, playing around with Restful Authentication and understanding how it works should give you a good understanding of the components needed when you start building your own system.
Check out this article:
http://www.aidanf.net/rails_user_authentication_tutorial
The author goes, step by step, through an entire authentication framework, with suggestions on further improvements. Even tests are discussed.
I agree with Ritchie... Devise has some very nice features but it doesn't play nice with others. For many use-cases, the way it hijacks the routing can make your job more difficult. In many situations you may be better off rolling your own.
Devise has caused circular references in my Rails asset pipeline, and the settings in the initializer as installed (in the latest version as of yesterday) conflicted with the defaults in the migration it generated.
I have built enterprise-level authentication systems, including email verification, password recovery, etc. And none of it required the routing shenanigans that Devise uses. If you really need all the features, it may be for you. But there are lots of reasons to not use it, too.
I am currently investigating possible applications of CouchDB on my current project (written in Rails) and would like to get some feedback from people who have actually used these APIs. Which would you recommend and why?
ActiveCouch
CouchFoo
CouchRest
CouchRest-Rails
CouchPotato
The basic layer of CouchRest is probably the best to get started, CouchPotato is the most active for Rails integration, SimplyStored adds some nicities on top of CouchPotato
With Rails 3 use (or at least seriously consider using) CouchRest Model. It appears to be well maintained, since as of this update on 2013/12/19 I see several changes that are only 2 weeks old.
Before considering SimplyStored, you should note that they give this warning on Github:
Development work as stopped as we don't use SimplyStored anymore. Please do not expect any future commits and fixes.
Perhaps someone will pick it up, as it looks very useful.
I am going through the same process. You might find SimplyStored interesting if you haven't already given it a look.
http://github.com/peritor/simply_stored
Anyone have a list of rails plugins that are both stable and give you enough functionality to be worth the extra effort of supporting?
Edit:
I am mostly interested in the best, most complete list of plugins so I can use it the next I'm starting a rails app. I don't currently need a particular plugin.
You can use bort as reference
Plugins Installed
Bort comes with a few commonly used
plugins installed and already setup.
RESTful Authentication
RESTful Authentication is already
setup. The routes are setup, along
with the mailers and observers.
Forgotten password comes setup, so you
don’t have to mess around setting it
up with every project.
The AASM plugin comes pre-installed.
RESTful Authentication is also setup
to use user activation.
User Roles
Bort now comes with Role Requirement
by Tim Harper. A default admin role is
predefined along with a default admin
user. See the migrations for the admin
login details.
Open ID Authentication
Bort, as of 0.3, has Open ID
integrated with RESTful
Authentication. Rejoice!
Will Paginate
We use will_paginate in pretty much
every project we use, so Bort comes
with it pre-installed.
Rspec & Rspec-rails
You should be testing your code, so
Bort comes with Rspec and Rspec-rails
already installed so you’re ready to
roll.
Exception Notifier
You don’t want your applications to
crash and burn so Exception Notifier
is already installed to let you know
when everything goes to shit.
Asset Packager
Packages up your css/javascript so
you’re not sending 143 files down to
the user at the same time. Reduces
load times and saves you bandwidth.
p/s: agree with #eric, specifics
restful_authentication for sign in, sign out, sign up.
paperclip for file uploads.
rspec and shoulda for testing.
Could you be more specific in what you are looking for? There are so many great plugins for so many different tasks, it's hard to guess the right ones for you.
Try resource_controller. http://jamesgolick.com/2007/10/19/introducing-resource_controller-focus-on-what-makes-your-controller-special
It seriously dries up your RESTful controllers. And is the only plausible way of implementing polymorphic actions that I've come across.
Loads of other good stuff too. Give it a try.
I can imagine why you are asking that. I used to work in a project with more than 20 plugins in use. Sure, it speeded up the development early on, but later debugging became difficult. Also, updating to a new version of Rails was a lengthy process.
My advice is that don't start using a plugin before have a reasonable understanding of how it works and of the trade-offs involved. For small plugins you should probably read the source code. For larger ones, see what other people are saying about them, when the plugin was updated the last time, etc.
For scanning popular plugins, see the most popular github projects. Quite a few of them are Rails plugins.
For me, Haml is excellent. It's not for everyone but if it clicks with you you'll love it. Set aside 30 min and give it a shot. It reduces the clutter in my views by about 50%.
It's easy to install using Rails 2.1+'s gem dependencies :
# environment.rb
config.gem 'haml'
Then:
rake gems:install
Ruby Trends is a good place to check what the most popular plugins/gems/books/practices are. It's like StackOverflow (i.e., voting plugins up/down) but is more fine-grained and has the ability to search/filter.
I my rails time I used http://github.com/mbleigh/acts-as-taggable-on/tree/master with success.