I am using cancan gem with rails3. Here I have same log in form for all roles. I have a admin section. Normal authentication check user log in or not but not check his role admin or not.
So normal user can see admin pages using admin url (myapp/com/admin/users), how to authenticate ?
Thanks
Prasad
As far as I know CanCan is not for authentication but for authorization
Use something like Devise gem for authentication. And CanCan's ability class to enforce authorization.
You can also manually check if a user is permitted to perform an action using a before_filter hook.
Related
In our application, we allow the user to access their data at different providers (Google Calendar, Microsoft Outlook, Facebook timeline, etc.) through the available API's, using Omniauth. For this we have an omniauth.rb with all the necessary configs, like:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], scope: 'email,user_posts,user_status,public_profile,manage_pages,instagram_basic'
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'],
name: 'google',
scope: 'email, profile, calendar.readonly',
access_type: 'offline',
prompt: 'select_account consent'
# etc...
end
Now we like to add login with Google as an alternative way to log in. Since we use Devise for our user session management, we'd like to use Devise's Omniauth features to implement login with an OAuth provider like Google. However, as soon as we make our model "omniauthable", the existing Omniauth functionality stops working throwing an No route matches [GET] "/auth/facebook" when trying to add an oauth account to access an API.
What is the correct way of combining the use of Omniauth in both Devise and in our own plain vanilla OAuth flow?
I found the answer myself: it's a matter of not using the thin wrapper of functionality that Devise adds to OmniAuth, but instead taking care of the OmniAuth routing yourself. I have described this approach here in the Devise Wiki.
I have the following scenario:
Rails app with User and Admin devise models, so I have two scopes.
Created on ember app on router:
Router.map(function() {
this.route('panel', function() {
this.route('login');
this.route('logout');
});
this.route('admin', function() {
this.route('login');
this.route('logout');
});
});
I'm using jj-abrams branch once my app is Ember 2.0
Both authenticating on /users/sign_in and /admins/sign_in
I followed steps on https://github.com/simplabs/ember-simple-auth/tree/master/packages/ember-simple-auth-devise#server-side-setup and authentication is working.
Ember is hitting the right urls after creating authenticators and adapters, but the problem is that ESA just have one session service. Once user or admin is logged in session.isAuthenticated is true and I don't know which scopes are logged in.
Which is the best way to proceed:
Add a role on user reply and set on session
Create a new session for admin user
I solved this problema creating 3 authenticators for each scope, and I handle each one.
It is a particular solution once I don't use other authenticators (OAuth2), but now I can check if authenticator:user, authenticator:admin, authenticator:manager was used on to login.
I have created checks on routes, so user can only access his panel, admin can access user and admin panel, and manager can access the whole system.
I've posted the ember and the API on github:
https://github.com/fernandes/ember-auth-web for the ember
https://github.com/fernandes/ember-auth-api for the devise api
ps: I think would be better to create sessions for each scope, but I don't know how to do it (and if its better or not), in this solution you can login one scope at once (not like devise on rails you can log with many scopes at once).
I am using active admin and devise in rails 4. When i am logging out to the active admin user it will automatically logging out to the devise user also.
Any help would be appreciated....
Thanks
You could set a custom logout path in your active_admin.rb file. Look for the line with config.logout_link_path
Does anyone know how to integrate Active Admin with Authlogic (I'm using authlogic_ldap_authenticatable gem to authenticate to AD)? I know Active Admin uses Devise, so what changes should I make to Active Admin for it to work with Authlogic? Thanks in advance.
Note: I used Rails 3.2.8 and Active Admin 0.5.0 when I did this.
Here's one way to do it:
First, update Gemfile by adding gem activeadmin, and run the rails generate active_admin:install. These are as instructed in the Active Admin README.
Typically there's already a User model that uses Authlogic, and if you plan to use that, remove all files for the new Admin User that Active Admin has generated by default:
db/migrate/*_create_admin_users.rb (migration file)
app/models/admin_user.rb
spec/models/admin_user_spec.rb
Remove Devise-specific files:
config/locales/devise.en.yml
config/initializers/devise.rb
Remove the Devise reference in config/routes.rb.
There's a generated file app/admin/admin_user.rb. You can reuse it by renaming the file to user.rb, register User in it instead of AdminUser, and remove indices on columns specific to Devise. Or, you can just delete the file altogether, and just create your own from scratch.
Update the following in your Active Admin config (see config/initializers/active_admin.rb):
config.authentication_method
config.current_user_method
config.logout_link_path
The default config.authentication_method is :authenticate_admin_user. Set it to whatever before filter method you use for requiring an admin user, e.g. :require_admin. The default config.current_user_method is :current_admin_user. A typical Rails app that uses Authlogic might have a :current_user method for this. And config.logout_link_path should be set to your path for logging out, e.g. :logout_path.
You may need to modify these instructions according to your case.
I've built a RESTful API with Ruby On Rails, and now I good like to know whether the user's credentials received by POST are valid or not, using Devise.
Any ideas?
Devise - getting started should set you up.
EDIT:
Devise, by default, validates users by their email and password. If you want to add validation by username, refer this wiki
Basically, you need to add username to the model and make it 'attr-accessible'
Devise sets up paths for user sign-up, sign-in and sign-out, etc.
Refer devise asciicast for these path helpers.
To write controller tests, refer to this wiki for details.
EDIT:
Sorry for not understanding your requirements. Here is how to find user from credentials. This you can use from your service to validate user.