Forum: Ruby on Rails How to develop an authentication/authorization plugin that I can use for multiple projects

12e780ad64388493188e66ccd2f90248?d=identicon&s=25 Mati M. (mati_m)
on 2013-05-21 21:08
I am a newbie for RoR but I liked it so far. For the current project I
already developed an authenticaion page where the user will be
authenticated before and after login. I know that I will be doing more
projects on RoR in the coming weeks as well and I don't want to copy
paste my codes to enable authentication in my projects. How can I create
an authentication system where I can use it in multiple projects. Are
there any plugins already been developed?

 You should also consider that, the authentication system also be on
call (it should be listening everytime the user goes from one page to
another page by checking if s/he is authorized and also the session
haven't expired yet and so on.). That means I still need the
authentication/authorization system to be there even after login. And
how do I integrate it with other ruby projects I will be working on.  I
hope it makes sense.

The database where users will be authorized might be the same or
different based on the projects.

Thank you
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2013-05-21 21:21
Mati M. wrote in post #1109763:
> I am a newbie for RoR but I liked it so far. For the current project I
> already developed an authenticaion page where the user will be
> authenticated before and after login. I know that I will be doing more
> projects on RoR in the coming weeks as well and I don't want to copy
> paste my codes to enable authentication in my projects. How can I create
> an authentication system where I can use it in multiple projects. Are
> there any plugins already been developed?

http://guides.rubygems.org/make-your-own-gem/

FYI: Most newcomers, and veterans alike, don't typically reinvent the
authentication wheel. They instead use one of the excellent
authentication gems that already exist.

https://github.com/plataformatec/devise
https://github.com/intridea/omniauth

>  You should also consider that, the authentication system also be on
> call (it should be listening everytime the user goes from one page to
> another page by checking if s/he is authorized and also the session
> haven't expired yet and so on.). That means I still need the
> authentication/authorization system to be there even after login. And
> how do I integrate it with other ruby projects I will be working on.  I
> hope it makes sense.
>
> The database where users will be authorized might be the same or
> different based on the projects.

You're really talking about two separate things here. Authentication and
Authorization. I personally use OmniAuth for authentication and CanCan
for authorization. To me this is an excellent combination for most of my
needs.

https://github.com/ryanb/cancan
12e780ad64388493188e66ccd2f90248?d=identicon&s=25 Mati M. (mati_m)
on 2013-05-21 21:38
Thanks Robert.

 So can I use https://github.com/ryanb/cancan for both authentication
and authorization ? Or do I have to use 2 gems?

Thanks
12e780ad64388493188e66ccd2f90248?d=identicon&s=25 Mati M. (mati_m)
on 2013-05-21 21:38
>
> You're really talking about two separate things here. Authentication and
> Authorization. I personally use OmniAuth for authentication and CanCan
> for authorization. To me this is an excellent combination for most of my
> needs.
>
> https://github.com/ryanb/cancan

Thanks Robert.

 So can I use https://github.com/ryanb/cancan for both authentication
and authorization ? Or do I have to use 2 gems?

Thanks
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2013-05-21 22:35
Mati M. wrote in post #1109768:
>>
>> You're really talking about two separate things here. Authentication and
>> Authorization. I personally use OmniAuth for authentication and CanCan
>> for authorization. To me this is an excellent combination for most of my
>> needs.
>>
>> https://github.com/ryanb/cancan
>
> Thanks Robert.
>
>  So can I use https://github.com/ryanb/cancan for both authentication
> and authorization ? Or do I have to use 2 gems?

CanCan is agnostic about authentication. It assumes you have a
current_user method by default (the name can be customized to whatever
your authentication system provides).

This is actually a good thing. It's just good programming practice, in
general, to separate concerns this way.
1ac774797c9e79861840599b23653c3c?d=identicon&s=25 Wins Lin (zvooq)
on 2013-05-22 21:37
Cancan has 166 open issues on Github
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2013-05-22 22:08
Wins Lin wrote in post #1109864:
> Cancan has 166 open issues on Github

The Linux Kernel currently has 1789 open issues. So what's you point?
Are you saying CanCan is broken?
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2013-05-22 22:24
Robert Walker wrote in post #1109869:
> Wins Lin wrote in post #1109864:
>> Cancan has 166 open issues on Github
>
> The Linux Kernel currently has 1789 open issues. So what's you point?
> Are you saying CanCan is broken?

BTW that was a serious question. Might have sounded like I was being a
smart ass, but I'm using CanCan and I really need to know if the current
1.6.10 version is really broken.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.