RIRUGhttp://rirug.com

RackFor User Authentication

RIRUGhttp://rirug.com

Common Web App Needs

RIRUGhttp://rirug.com

Common Web App Needs

• A User

RIRUGhttp://rirug.com

Common Web App Needs

• A User

• A way to associate requests with that user

RIRUGhttp://rirug.com

Many Current Auth Solutions

• RESTful Authentication

• AuthLogic

• Clearance

• OpenID

• HTTP Auth

• LDAP

• CAS

• Roll Your Own

RIRUGhttp://rirug.com

Why Another One?

RIRUGhttp://rirug.com

RackRails 2.3 introduced Rack

compatibility.

Rails 3 is Rack dependent.

Rack allows for modular application design.

RIRUGhttp://rirug.com

Default Rails Rack Stack

RIRUGhttp://rirug.com

How Does This Affect Authentication?

• Rack allows for “mountable apps”

• Rails middleware

• Rails metal

RIRUGhttp://rirug.com

How will your authentication cope?

RIRUGhttp://rirug.com

Apps Usually Need a “User”

RIRUGhttp://rirug.com

Current Authentication Systems Will Conflict

Between Apps

RIRUGhttp://rirug.com

RIRUGhttp://rirug.com

Warden

• Injects a lazy proxy into the request

• Proxy follows around the request

• Does nothing until asked

• Authenticates requests for any kind of “user”

• Provides a mechanism for authentication

• Available to all downstream Rack parts

RIRUGhttp://rirug.com

Authenticating(Loggin In)

RIRUGhttp://rirug.com

Accessing the user

RIRUGhttp://rirug.com

Logging Out

RIRUGhttp://rirug.com

Authentication Logic

• Strategy Based

• Packagable

• Sharable between discrete apps

• Simple

RIRUGhttp://rirug.com

Warden Strategy

RIRUGhttp://rirug.com

Strategies

• Multiple Strategies

• Strategies Cascade

RIRUGhttp://rirug.com

Rack Setup

RIRUGhttp://rirug.com

Rails Integration

RIRUGhttp://rirug.com

Warden + Devise

RIRUGhttp://rirug.com

Devise

• Flexible Rails authentication based on Warden

• Rack based

• Complete MVC solution using Rails engines

• Allows for multiple roles (models/scopes)

• Based on modularity

RIRUGhttp://rirug.com

Devise Modules

• Database Authenticatable

• Token Authenticatable

• Confirmable

• Recoverable

• Rememberable

• Registerable

• Trackable

• Timeoutable

• Validatable

• Lockable

RIRUGhttp://rirug.com

Demo

RIRUGhttp://rirug.com

Rack Resources

• http://rack.rubyforge.org/

• http://rack.rubyforge.org/doc/SPEC.html

• http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal

RIRUGhttp://rirug.com

Warden Resources

• http://www.slideshare.net/hassox/warden-introduction

• http://wiki.github.com/hassox/warden/overview

• http://github.com/hassox/rails_warden

RIRUGhttp://rirug.com

Devise Resources

• http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/

• http://github.com/plataformatec/devise

• http://rdoc.info/projects/plataformatec/devise

• http://railscasts.com/episodes/209-introducing-devise

• http://railscasts.com/episodes/210-customizing-devise