tags:

views:

5227

answers:

12
+17  Q: 

Best Solution For Authentication in Ruby on Rails

I'm looking for a pre-built solution I can use in my RoR application. I'm ideally looking for something similar to the ASP.NET Forms authentication that provides email validation, sign-up controls, and allows users to reset their passwords. Oh yeah, and easily allows me to pull the user that is currently logged into the application.

I've started to look into the already written pieces, but I've found it to be really confusing. I've looked at LoginGenerator, RestfulAuthentication, SaltedLoginGenerator, but there doesn't seem to be one place that has great tutorials or provide a comparison of them. If there's a site I just haven't discovered yet, or if there is a de-facto standard that most people use, I'd appreciate the helping hand.

+16  A: 

I would really recommend Restful Authentication. I think it's pretty much the de-facto standard.

John Topley  2008-08-23 15:33:44
I would second this. I recently had to implement a pretty complex multi-site authentication system, which I based on top of the RestfulAuth design, providing the same API to the rest of the application as RA would, Definatly a nice clear easy to work with API with easy to read code :-)
Laurie Young  2008-09-20 16:03:42
+3  A: 

There's also RestfulOpenIDAuthentication if you want OpenID support in addition to password support.

James A. Rosen  2008-08-23 16:46:52
+3  A: 

Just a note, LoginGenerator and SaltedLoginGenerator have been superseded by Restful Authentication and are unsupported on newer Rails releases -- dont waste any time on them, though they were great at the time.

pantulis  2008-09-01 06:02:50
+3  A: 

I'd also like to point out an excellent tutorial/discussion on extending the core functionality of Restful Authentication, in case you're looking for something a bit more robust.

Bryan M.  2008-09-05 01:59:58
Please don't think me terribly rude, but I think that forum entry is an example of the worst part of Restful Authentication. There are a multitude of missing features and here is a super long (and contradictory) set of steps for adding those features in one at a time.Whatever the opposite of DRY is, I'm pretty sure that's it. Only you're not repeating yourself, you're repeating hundreds of other developers to include stuff that should have been included or optional for RA from the start.
John Munsch  2009-12-06 05:49:10
+2  A: 

restful_authentication is a powerful tool which is very flexible and provides most of what you are looking for out of the box. However, a couple of caveats:

  1. Don't think in terms of 'controls'. In Rails the Model, View and Controller are much more independent than in 'Webforms-style' ASP.NET. Work out what you want from each layer independently, write tests/specs to match and make sure each layer is doing what you expect.
  2. Even if you are using a plugin there is no substitute for reading (at least some) of the code generated. If you have a big-picture idea of what is going on under the hood, you will find debugging and customising much easier.
domgblackwell  2008-09-19 21:54:02
+2  A: 

The plugin restful_authentication and other plugins that extend it, answer your needs perfectly. A quick search on github.com will reveal a lot of tutorials, examples, and extensitons. Just go here:
- http://github.com/search?q=restful_authentication

There are several projects that use restful_authentication just to provide examples of a bare-bones Rails app with just the authentication parts.

  1. http://github.com/fudgestudios/bort -- A base rails app featuring: RESTful Authentication
  2. http://github.com/mrflip/restful_authentication_example -- Another project with a great examlpe of how to use restful_authentication
  3. http://github.com/activefx/restful_authentication_tutorial -- Same as above, with some other plugins bundled.
  4. http://railscasts.com/episodes/67-restful-authentication -- a great screencast explaining restful_authentication

This information should be enough to get you started finding heads and tails ... good luck.

Evgeny  2008-09-20 01:13:38
+23  A: 

AuthLogic appears to be the new kid on the block and seems to be the next evolution of restful_authentication, easier to use, etc

http://github.com/binarylogic/authlogic/tree/master

Brian Armstrong  2009-04-12 02:08:57
I would really consider using authlogic as well. its a lot cleaner than restful_auth. Authlogic learned from all the previous solutions and repackaged them in a cleaner, more customizable solution
taelor  2009-05-17 21:57:31
I took your advice and went with Authlogic, and I am really pleased. Might take a little bit longer to setup, what it is very clean and easy to understand. There is no scary piles of generated code.
Guy C  2009-07-17 15:23:58
Yeah, it def takes longer to setup. I wish he had removed a little of the abstraction there and had it ship with things everyone needs like forgotten password, and email confirmations included. But overall, it's still pretty good.
Brian Armstrong  2009-07-17 21:46:43
I was able to combine it with OpenID and RPXNow too, which turned out awesome, example here: http://buyersvote.com/user_session/new
Brian Armstrong  2009-07-17 21:47:30
I am a RoR newbie and I just set this up. Very handy and comes with a tutorial which is always nice.
GreenRails  2010-02-24 22:53:12
The example project makes it super easy to get up and running. Just git clone the repository, copy in a database.yml file and you've got a fully authenticated site ready.
Casey Watson  2010-10-22 05:27:23
+2  A: 

AuthLogic seems to be what you want for this. It's very configurable, and although it doesn't generate the code for you, it's quite easy to use. For email validation and password recovery you probably want to use the :perishable_token column. AuthLogic takes care of it, you only need to reset it when it's used. For information on how to set up a basic app, you can take a look at Ryan Bates' Railscast on AuthLogic, and the "official" example app. Ben Johnson, the creator of AuthLogic has also written a blog post on how to RESTfully reset passwords.

Unfortunately I can't post more than one link, but the links to the railscast, the password reset blog post and the example app are all in the README (see the AuthLogic repo for the README)

Update: Now I can post more links, so I linked some more. Thank you marinatime for adding the link in the meanwhile

dvyjones  2009-12-14 13:44:40
Railscast link - http://railscasts.com/episodes/160-authlogic
martinatime  2010-05-30 16:11:01
+2  A: 

I'm really liking thoughtbot's clearance. Very simple and has a few good hooks and is testable.

sam  2010-02-08 17:59:52
A: 

Another vote for Clearance - perhaps not as customisable or as 'in' as authlogic, but in terms of just being able to drop it in place and go, it's definitely worth having a look at.

Dave Smylie  2010-05-22 05:52:09
+4  A: 

For a really simple solution go with Clearance(http://github.com/thoughtbot/clearance).

If you are looking for more options Devise(http://github.com/plataformatec/devise) is a great solution. It uses Warden which is a rack based authentication system.

Nick Hammond  2010-06-03 04:31:34
I can vouch for Devise. I set it up in my app, and can says that it's easy to use, at least for me as a relative newbie. I blogged about my experience with it here: http://therealmattslay.blogspot.com/2010/06/devise-authentication-for-rails.html
MattSlay  2010-06-16 17:03:17

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?