Rails Authentication Plugin: simplest_auth
Tony Pitale, Former Viget
Article Category:
Posted on
Why?
simplest_auth is a plugin for Rails applications where RESTful Authentication is overkill – it handles authentication and nothing else. By "nothing else" we mean: no password resets, no cookies set to remember a user, etc. We chose to design simplest_auth in this manner because we didn't need those features. However, we did want to use the most secure hash algorithm, provide a familiar API, and we wanted to be able to have an authenticated user wherever one was needed (more on that in a minute). Lastly, we did not want to intrude too much into the decisions of the user of the plugin.
How?
Given the goals, we came up with simplest_auth. There are essentially two files to be mixed in: one for the model, and one for the controller.
Generate the Model
$ ./script/generate model User email:string crypted_password:string Mix Lightly
class User < ActiveRecord::Base include SimplestAuth::Model before_create :hash_password end And the Application Controller
class ApplicationController < ActionController::Base include SimplestAuth::Controller def user_class; User; end end Note: the model skips any validation. Also note: the model could just as easily be Account instead of User, simply change:
def user_class; Account; endCheck out the documentation on github.
More to Come
In the future, we plan to add new features only as they are required and only as long as they fit the original goals. As we work with the plugin, we'll be adding a few things; but, because the plugin is available on Github, we encourage forking and adding as you see fit. If you think you've added something everyone could use, please feel free to send us a pull request.
