Does anyone know of a good guide on building your own authentication system in ruby on rails? I want to roll my own system to use with my community im building :)
Thanks!
+1
A:
Since authentication is a common problem that has been solved many times already, I would start by investigating the solutions already out there.
For example, have a look at Restful Authentication which provides a good foundation for authentication in Rails. Even if you'd rather roll your own system, playing around with Restful Authentication and understanding how it works should give you a good understanding of the components needed when you start building your own system.
Pär Wieslander
2010-03-31 13:59:25
i've tried both Restful Authentication and Authlogic and i don't think they fit me. thats why i want to roll my own
Micke
2010-03-31 14:36:14
I was thinking more along the lines of dissecting one of these solutions to understand how they work under the hood. Not only is it a good code-reading exercise, but once you've understood one of these systems it will be fairly easy to build your own solution, borrowing the ideas you like and changing the stuff you don't like.
Pär Wieslander
2010-03-31 15:45:09
that's true! Will do :) thanks.Jag missförstog dig lite, min engelska är inte den bästa
Micke
2010-03-31 18:20:53
A:
Check out this article:
http://www.aidanf.net/rails_user_authentication_tutorial
The author goes, step by step, through an entire authentication framework, with suggestions on further improvements. Even tests are discussed.
G. Martin
2010-03-31 14:03:06
That article is almost four years old and doesn't conform to current best practices. I'd avoid it and look for more up-to-date resources.
Pär Wieslander
2010-03-31 14:15:43
Really? could you maybe tell me where to look for "best-practice" info? I've been looking for a good place to find that kind of info. I had no idea the article was breaking conventions.
G. Martin
2010-03-31 16:31:26
@G. Martin: The guides at http://guides.rubyonrails.com/ are great for reading up on the recommended ways of doing things nowadays. For example, the article you mentioned doesn't use RESTful routing. And `start_form_tag` and `end_form_tag` which are used for form generation in the article were deprecated in Rails 1.2 and removed in Rails 2.0 -- nowadays `form_for` or `form_tag` should be used.
Pär Wieslander
2010-03-31 17:35:50
@Par Wieslander Ok. I've used these before, and they can be pretty helpful. However, they oftentimes feel a little impersonal. Out of curiosity, are thos issues you mentioned the only things wrong with the guide I linked to? I guess I'm wondering if there are any deeper problems with it. I mean you could easily change the form routing stuff and the ideas the article presents would still be good right?
G. Martin
2010-03-31 17:43:00
@G. Martin: I haven't checked all the details in the article, but yes, the overall ideas seem ok. So as long as you're aware of current Rails idioms and can adapt the deprecated parts to modern best practices I guess the article could still be somewhat useful. But for people still learning the basics it'll probably hurt more than it helps.
Pär Wieslander
2010-03-31 18:37:59
+2
A:
I'd recommend starting with Warden - it'll handle the very basics of sessions for you, and give you a good foundation to build your logic on top of. The Rails Warden plugin is a rather small library that helps integrate it into Rails. Both of these projects are fairly mature and well-constructed yet still under active development - they're good choices all around.
You should be aware of Devise, another authentication framework (like Authlogic or Restful Authentication) that is based on Warden. It may not be a good fit for your project (it wasn't for mine), but looking through the source might give you a few ideas on how best to use Warden.
The other thing I'll note is that, in terms of hashing passwords, you should absolutely use bcrypt.
PreciousBodilyFluids
2010-03-31 15:48:42
Devise seem to be created by the same guy who made Warden? is this right, I like Warden. But warden must go through this "Rack"? And what is this rack? if you could explain realy simple. Is it good? should i use it?
Micke
2010-03-31 17:30:40
Warden and Devise share some developers, yes.Rack is an interface between Ruby web frameworks and the servers they run on. Rails is built on top of Rack, so you're already using it. And, if you use Warden and Rails Warden, you don't have to worry about interacting with Rack directly - they'll take care of it for you.There's a video explaining more about Rack here, if you're curious, but it's probably not something you need to worry about:http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal
PreciousBodilyFluids
2010-03-31 20:04:44
+2
A:
michael hartl has a good book coming out soon and the first 8 chapters are available in pdf format for free here: http://www.railstutorial.org/ - they cover the entire process of creating a very solid rspec-driven authentication system - can't recommend it highly enough
stephenmurdoch
2010-03-31 15:52:01