Clearance: Simple, complete Ruby web app authentication.
-
Upload
jason-morrison -
Category
Technology
-
view
8.469 -
download
1
description
Transcript of Clearance: Simple, complete Ruby web app authentication.
![Page 2: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/2.jpg)
Clearance$ sudo gem install \thoughtbot- \--source http://gems.github.com
$ curl “http://github.com/thoughtbot/ \clearance/tree/master%2FREADME.textile? \raw=true”
![Page 3: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/3.jpg)
Thank you.
![Page 4: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/4.jpg)
Encore!
![Page 5: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/5.jpg)
![Page 6: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/6.jpg)
“Who goes there?”
![Page 7: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/7.jpg)
email + confirmation +password + forgot= authentication.
No authorization,no roles, no ACLs,no HTTP basic auth,
no OpenID (in core),no admin (in core),
no, no, no!
![Page 8: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/8.jpg)
Keep It Simple, Sucka.
![Page 9: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/9.jpg)
Generator free!^mess
![Page 10: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/10.jpg)
![Page 11: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/11.jpg)
(but it’s small)
# models and controllers[~/dev/clearance/lib/clearance/app] find . | xargs wc -l 434 total
# units and functionals[~/dev/clearance/lib/clearance/test] find . | xargs wc -l 822 total
![Page 12: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/12.jpg)
Let’s see it!
![Page 13: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/13.jpg)
![Page 14: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/14.jpg)
http://github.com/thoughtbot/clearance
![Page 15: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/15.jpg)
Have it your way
class User < ActiveRecord::Base
include Clearance::Model
def encrypt(password) Digest::SHA1.hexdigest "--#{salt}--#{password}--" end
protected
def initialize_salt self.salt = Digest::SHA1.hexdigest( "--#{Time.now.to_s}--#{email}--") if new_record? endend
![Page 16: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/16.jpg)
Have it your way
# similar deal for UsersController, ConfirmationsControllerclass SessionsController < ApplicationController include Clearance::SessionsController
def url_after_create video_url(:awesome_and_exciting_welcome) end
def url_after_destroy video_url(:wistful_farewell) endend
![Page 17: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/17.jpg)
![Page 18: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/18.jpg)
Get goin’
class User < ActiveRecord::Base
include Clearance::Model
acts_as_geocodable :normalize_address => true
# don’t forget this guy! attr_accessible :first_name, :last_name, :street, :locality, :region, :postal_code, :website, :about
end
![Page 19: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/19.jpg)
Get goin’
class UsersController < ApplicationController include Clearance::UsersController
before_filter :authenticate, :except => [:new, :create] before_filter :can_only_edit_self, :only => [:edit, :update]
protected
def can_only_edit_self unless current_user == User.find(params[:id]) flash[:error] = 'Oh, snap! Get outta here.' redirect_to root_url end endend
![Page 20: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/20.jpg)
Future Work
![Page 21: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/21.jpg)
TODO.textile
• Some refactoring& documentation to do
![Page 22: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/22.jpg)
Loot from merb-auth
• Store current_user on the session, not controller
• HTTP fluency
• 401 Unauthorized
• 405 Resource not allowed
• Make a strategy:
• Email confirmation
• Forgot password
• Salted passwords
![Page 23: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/23.jpg)
clearance-admin
<% if current_user.admin? -%>
Admin::UsersController
logged_in_admin_context {}
should_only_allow_admins_on ‘get :index’
![Page 24: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/24.jpg)
clearance-openid
Extract fromhttp://hoptoadapp.com
![Page 25: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/25.jpg)
Always be on the lookoutfor Clearance
http://www.youtube.com/watch?v=sEaqfpqLBK4
![Page 26: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/26.jpg)
Guard Doghttp://headrush.typepad.com/creating_passionate_users /2007/03/seven_blog_virt.html
Kisshttp://flickr.com/photos/andraspfaff/623258079/
Awesome Deloreanhttp://flickr.com/photos/f1rstborn/757609629/
“Shh!”http://flickr.com/photos/cupcake_eater/2721122278/
Personals Adhttp://flickr.com/photos/eggplant/3211654/
Baseball Photosiñatahttp://flickr.com/photos/mcbeth/156411746/
![Page 27: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/27.jpg)
$ tail -n 8 README.textile
h2. Authors
* thoughtbot, inc.* Dan Croak* Jason Morrison* Mike Burns* Josh Nichols* Mike Breen
![Page 28: Clearance: Simple, complete Ruby web app authentication.](https://reader036.fdocuments.net/reader036/viewer/2022062511/54bd18d94a795932448b465a/html5/thumbnails/28.jpg)
github.com/thoughtbot/clearance
github.com/jasonm/talks