Best Solution For Authentication in Ruby on Rails
Ruby on-RailsRubyAuthenticationRuby on-Rails Problem Overview
I'm looking for a pre-built solution I can use in my RoR application. I'm ideally looking for something similar to the ASP.NET Forms authentication that provides email validation, sign-up controls, and allows users to reset their passwords. Oh yeah, and easily allows me to pull the user that is currently logged into the application.
I've started to look into the already written pieces, but I've found it to be really confusing. I've looked at LoginGenerator, RestfulAuthentication, SaltedLoginGenerator, but there doesn't seem to be one place that has great tutorials or provide a comparison of them. If there's a site I just haven't discovered yet, or if there is a de-facto standard that most people use, I'd appreciate the helping hand.
Ruby on-Rails Solutions
Solution 1 - Ruby on-Rails
AuthLogic appears to be the new kid on the block and seems to be the next evolution of restful_authentication, easier to use, etc
http://github.com/binarylogic/authlogic/tree/master
Edit: now that Rails 3 is out, Devise seems to be the new, new kid on the block
https://github.com/plataformatec/devise
or I have been rolling my own authentication now with the has_secure_password
built in to Rails http://railscasts.com/episodes/250-authentication-from-scratch-revised
Side note: Ruby Toolbox is a great site for finding the current best solution in various categories (based on the number of GitHub watchers):
http://ruby-toolbox.com/categories/rails_authentication.html
Solution 2 - Ruby on-Rails
I would really recommend Restful Authentication. I think it's pretty much the de-facto standard.
Solution 3 - Ruby on-Rails
For a really simple solution go with Clearance.
If you are looking for more options Devise is a great solution. It uses Warden which is a rack based authentication system.
Solution 4 - Ruby on-Rails
There's also RestfulOpenIDAuthentication if you want OpenID support in addition to password support.
Solution 5 - Ruby on-Rails
Just a note, LoginGenerator and SaltedLoginGenerator have been superseded by Restful Authentication and are unsupported on newer Rails releases -- dont waste any time on them, though they were great at the time.
Solution 6 - Ruby on-Rails
I'd also like to point out an excellent tutorial/discussion on extending the core functionality of Restful Authentication, in case you're looking for something a bit more robust.
Solution 7 - Ruby on-Rails
AuthLogic seems to be what you want for this. It's very configurable, and although it doesn't generate the code for you, it's quite easy to use. For email validation and password recovery you probably want to use the :perishable_token
column. AuthLogic takes care of it, you only need to reset it when it's used. For information on how to set up a basic app, you can take a look at Ryan Bates' Railscast on AuthLogic, and the "official" example app. Ben Johnson, the creator of AuthLogic has also written a blog post on how to RESTfully reset passwords.
Unfortunately I can't post more than one link, but the links to the railscast, the password reset blog post and the example app are all in the README (see the AuthLogic repo for the README)
Solution 8 - Ruby on-Rails
I'm really liking thoughtbot's clearance. Very simple and has a few good hooks and is testable.
Solution 9 - Ruby on-Rails
restful_authentication is a powerful tool which is very flexible and provides most of what you are looking for out of the box. However, a couple of caveats:
- Don't think in terms of 'controls'. In Rails the Model, View and Controller are much more independent than in 'Webforms-style' ASP.NET. Work out what you want from each layer independently, write tests/specs to match and make sure each layer is doing what you expect.
- Even if you are using a plugin there is no substitute for reading (at least some) of the code generated. If you have a big-picture idea of what is going on under the hood, you will find debugging and customising much easier.
Solution 10 - Ruby on-Rails
The plugin restful_authentication and other plugins that extend it, answer your needs perfectly. A quick search on github.com will reveal a lot of tutorials, examples, and extensitons. Just go here:
There are several projects that use restful_authentication just to provide examples of a bare-bones Rails app with just the authentication parts.
- http://github.com/fudgestudios/bort -- A base rails app featuring: RESTful Authentication
- http://github.com/mrflip/restful_authentication_example -- Another project with a great examlpe of how to use restful_authentication
- http://github.com/activefx/restful_authentication_tutorial -- Same as above, with some other plugins bundled.
- http://railscasts.com/episodes/67-restful-authentication -- a great screencast explaining restful_authentication
This information should be enough to get you started finding heads and tails ... good luck.
Solution 11 - Ruby on-Rails
Just updating this: Ryan Bates' Railscast #250 shows building an authentication system from scratch....
Solution 12 - Ruby on-Rails
Another vote for Clearance - perhaps not as customisable or as 'in' as authlogic, but in terms of just being able to drop it in place and go, it's definitely worth having a look at.