Ruby on Rails 4 - What authentication gem to use?
Devise is a full-featured authentication solution which handles all of
the controller logic and form views for you.
First, include the Devise gem in your Gemfile:
gem 'devise' 'version-if-u-want-any specific'
To install the newly-added gem, use:
bundle install
To install Devise, run:
rails g devise:install
and perform some settings manually, which are shown in the output of the command.
(Optional) For customization purposes, we can include the Devise gem's views in our app's views:
rails g devise:views
(Optional) Generate the user model, which will be used by Devise:
rails g devise user
Migrate your database:
rake db:migrate
You can see routes using:
rake routes
For signing up users, visit:
localhost:3000/users/sign_up
Authentication gem to use for Neo4j and Rails 4?
In your Gemfile, use gem 'devise-neo4j', "~> 2.0.0.alpha.1"
. It was updated earlier this year to support Neo4jrb v3.
rails 4 user authentication
I've been using Pundit instead of Cancan for the last few projects I've done. It is lightweight, flexible and easy to use. Here's the link: https://github.com/elabs/pundit
In regards to your question, you will create policies for each model. For each action you define a method. It's super simple and explained on the link I've attached. Here as an example you have update in your model (models/post.rb):
def update
@post = Post.find(params[:id])
authorize @post
if @post.update(post_params)
redirect_to @post
else
render :edit
end
end
Call authorize to define permissions.
In your policies/post.rb:
class PostPolicy < Struct.new(:user, :post)
def update?
user.admin? or not post.published?
end
end
That returns true or false. In your case if you want to check if the user is a owner you can place the following if statement:
if user.admin? || user.owner_of?(post)
You get the idea. You can also define scopes, etc.
Net/LDAP gem and basic auth in Rails 4 app
Have you looked at the Gem devise_ldap_authenticatable.I guess it better suits your requirement.Instead of using your own authentication system, you could use LDAP(Active directory) as an authentication provider.
If you are building applications for use within your organization
which require authentication and you want to use LDAP, this plugin is
for you.Devise LDAP Authenticatable works in replacement of Database
Authenticatable. This devise plugin has not been tested with
DatabaseAuthenticatable enabled at the same time. This is meant as a
drop in replacement for DatabaseAuthenticatable allowing for a semi
single sign on approach.
SAML based single sign on is also popularly renowned way of transmitting authentication and authorization information as an XML
. Service Provider(You) can leverage Identity Provider(Active directory- perhaps ADFS) for authentication purposes. Ruby-SAML by onelogin is well known gem for SAML implementation.
How to create authentication from scratch in rails 4
Don't do it.
You have no idea of the number of ways that you can accidentally leave yourself open to serious compromise.
You are not as smart as the hundreds of developers that have been working for years on devise (none of us are).
Have a look at the Rails Security Guide for a short list of the ways that people can use your app that you probably never even considered.
If you want to play around and have a go to see how it's done, then sure play... but when you come to actually securing a real app... Just Use Devise.
Related Topics
Single Occurrence Event with Ice_Cube Gem Using Start_Time and End_Time
Deleting the Current Session with Rack::Session::Cookie
Cross-Platform Means of Getting User's Home Directory in Ruby
Carrierwave Fog Amazon S3 Images Not Displaying
What Is Purpose of Around_Create Callback in Rails Model
Controlling Tor Client with Ruby
How to Select the Longest String from a Ruby Array
How to Color Unit Tests with Lib Minitest or Test:Unit
How to Set a Cookie with a (Ruby) Rack Middleware Component
How to Tell If I'm Running from Jruby VS. Ruby
Ruby Code Beautification, Split Long Instructions on Multiple Lines
Rspec: How to Write a Test That Expects Certain Output But Doesn't Care About the Method
Rails Change Routing of Submit in Form_For
Devise Nomethoderror 'For' Parametersanitizer
Ruby on Rails - Paperclip and Dynamic Parameters
How to Access the Base Namespace in Ruby
Ruby Gem Listed, But Won't Load (Gem in User Dir, Not Ruby Dir)