Rails authentication tutorial
Ruby on Rails May 15th, 2008To implement authentication for your Rails application I recommend using the restful_authentication plugin created by technoweenie. There are quite a few plugins at his Git repository , so I recommend that you take a look.
There are a number of plugins available to integrate authentication into your Rails app but none as simple and as extensible as the restful_authentication plugin. It uses restful resources (which i’m a big fan of) and creates two restful controllers for us to use. The plugin is basically a generator which you run to produce a number of files. Here is an example of the files the generator creates (using user, and session as parameters for generator):
- Users Controller
- New/Create - Creating a new user
- Show- Show a user
- Activate (optional) - Activates a new user with a unique string sent to them
- Session Controller -
- New/Create - Used to login a user
- Destroy - Used to logout a user
- Migration (optional) - Creates a migration for user object. Name is based on the parameter you use for the user model
- Test Cases - Test cases for both controllers, and tests on the user model
- Helpers - Don’t contain anything, just creates the files.
- Views - Creates basic forms for login (sessions/new.rhtml) and signup (users/new.rhtml)
- Lib files- The core functions for the authentication system. lib/authentication_system.rb is very well documented and contains methods which are used for authentication.
Installation
Install the plugin:
ruby script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication |
The generator uses the following required arguments:
ruby script/generate authenticated
Optional:
- –include-activation : Used to generate activation functionality for users during signup
- –stateful : Used with acts_as_state_machine plugin
- –skip-migration : Don’t generate the migration file
Use the generator with user as a model name, session as our controller name and include activation:
ruby script/generate authenticated user session --include-activation |
If you notice your routes.rb file will have been automatically filled with resources for your users and session controllers. You should add a few more static routes for login, logout etc.
In your config/routes.rb:
map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil map.signup 'signup/', :controller => 'users', :action => 'new' map.login 'login/', :controller => 'session', :action => 'new' map.logout 'logout/', :controller => 'session', :action => 'destroy' |
Usage
After logging into your server via the login_url, you should have access to
@current_user |
which you can use in your controllers/views and will contain the attributes for the User model.
To protect your controller you can add this line at the top of the controller:
class ProtectedController < ApplicationController before_filter :login_required end |
You may use :except, and :only to protect only a few actions:
class ProtectedController < ApplicationController before_filter :login_required, :only => [:edit, :update] end |
I will soon add more complex examples of the plugin such as password reset, password changing, forgetting password etc.
Recent Comments