Authentication system in Rails 3 . Devise / omniauth or self coded? - ruby-on-rails-3

I am a newbie in ROR developement. I am trying to create my own application with the help of Ruby on Rails tutorial 2nd edition. I made many reseaches. I need your comments about devise or any other authentications system or as the book offers us to write our own authentication systems.
What are your ideas? Is it wasting time to write your own authentication system?

i'm quite new to RoR myself but i used Devise so far (and according to the book i'm currently reading it is worth it).
You could use the Railscasts about Devise if you want an introduction to it:
http://railscasts.com/episodes/209-introducing-devise
And as it is quite easy to learn and well featured i'd say it is pretty overkill to write your own.

I am a huge advocate of Devise, and also of not recreating the wheel. My rebuttal question would be why go through the trouble of creating your own authentication solution, when in just a few short bash commands, Devise will be installed and running. The configuration options alone are enough to choose Devise, not to mention that almost every part of the engine has the ability to be overridden with your own code.
There are hundreds of blog posts out there that can easily get you started with running Devise. As always with any gem, I would recommend starting out with browsing the source code, and then turning to the wiki for the answers that you seek. As #krizz mentioned, Ryan Bates' Railscasts are always a great place to turn when you need to see it setup.
And of course, you can always turn back here to the stack when you get stuck.

Related

Is there a workaround for strong parameter hell?

I just inherited a RoR 3.2 app and am trying to get it working on 4.2
I am going to put on my sarcastic hat for a second, just so I can feel better. Instead of having a single line in a single file to protect specific fields from mass-assignment, "Strong" Parameters requires bloating up controllers and heaven help you if a controller uses multiple models or a model is used by multiple controllers or need nested attribute whitelisting. This is the exact opposite of DRY and KISS.
That is better. Okay, so the question is, besides getting rid of mass assignment completely, which is sounding really good right about now, is there a sane way to use it or get around it. From what I understand that gem that brings back attr_accessible won't work in Rails 5 which is where this app is heading.
I understand the Ruby object model and can make a ton of modules that controllers can mixin, but that is just ugly and still error prone.
Any advice or hints would be welcome.
Why is that every new Rails feature involves more boilerplate spread over multiple files? If I wanted Java, I know where to find it. The stupidity of getting rid of the powerful and clean link_to_function in favor of using a tangled mess of callbacks almost made me quit, but adding that function back is trivial. Hopefully when the client wants the inevitable upgrade to Rails 5 I can talk him into something more sane and move things bit by bit to a sane web framework.
What you're after is "form objects". There's a great railscast episode on them. You may also be interested in the reform gem
Edit: looks like there's a free version of that railscast episode on youtube: https://www.youtube.com/watch?v=SvL_aZt3zyU

What can Devise do that Authlogic can't?

The rails community seems to be leaving Authlogic in favor of Devise. I have been using Authlogic for over a year and would like to know what the reasons are. Is it just marketing, or is there a good reason for this? I have used Devise and prefer Authlogic at this point, but if there is a good reason to make the switch I certainly would.
I have read quite a bit on Devise but I don't see where the excitement comes from. The main reason I like the idea of Devise is because of the community support - as of this writing stackoverflow has 605 questions for Authlogic and 2580 for Devise.
Any input is greatly appreciated.
Devise is solid, has a lot of features and has huge community support.
Devise has integrations with and/or is used by lots of other important projects -- such as OmniAuth or ActiveAdmin.
JOSE VALIM!
I mean seriously, how many people do you know have over 1500 github followers? He's a core rails contributor, basically wrote devise, and is one of the most influential people in the ruby and rails communities.

Helper Gem for Rest on Rails 3

I know that Rails has some tools on board to create a REST API. However, concepts like HATEOS aren't supported out of the box.
I googled around for Gems that are filling the gap. The most complete Gem I found is Restfulie (https://github.com/caelum/restfulie). But I am not complete convinced about Restfulie and the project looks abandoned. Hence, I am looking for good alternatives to Restfulie.
What's the best Gem to create a REST API for Rails?
Popular choices are RABL and Roar / roar-rails.
I personally like Roar better because it allows you to consume your representations which is a bit harder with RABL. On the other hand, it's concepts are still in flux so things still tend to change.
Grape is worth a try.

What is the security like behind Authlogic and/or Devise in Rails?

With all this talk of Authlogic or Devise, which ones easier to install and useful etc. (Can't decide which one I like more so far.)
I've just been blindly using then and assuming they both have rock-solid security.
So my question is, what is the security like behind these plugins and which offers the best protection to the user? Or they the same?
Is one better than the other, and are there any security issues?
If using Rails 3, I suggest Devise.
When I moved from rails 2 to 3, I made the switch from Authlogic to devise. Comparing Devise to Authlogic isn't exactly apples to apples, although used without any customization they do offer the same key functionality. Devise itself comes with Warden, another gem for implementing authentication Strategies, one of which could actually be Authlogic. To me, the key difference then is really how the software is architected. Warden is a rack-based implementation, and built using standard web app patterns. Rails 3 is also a rack-based solution, which implies the architectures are more in sync. On top of Warden, Devise provides convenient session query methods and User model integration. Further, Devise has a pretty solid integration with Omniauth, which allows your app to easily use external authentication providers (facebook, twitter, linkedin, etc.).
The question of which provides better security is really moot. In either case you need to make configuration choices which will dictate "how secure" your application is. And there are other considerations beyond password encryption and session management not provided by either (e.g., when to use SSL, what encryption algorithm you use, password and password recovery policies, etc.).
Definitely do read the wiki and make sure you understand all the configuration options and make conscious choices. And never use "assume" in the same sentence as "security".
I tend to think that it's sometimes better to build things yourself than rely on gem magic. With that in mind, building user authentication and session management can be done in just a few hours (or much less if you = coding ninja). The http://ruby.railstutorial.org/ I thought gave a good step by step process on how to go about it. There are a few things to watch out for though... Anyway just my two cents.

Forum solution for Rails 3 and Devise?

I'm looking for a forum solution for a website I'm building. I'm using Devise and Rails 3, so does there exist any pluggable solutions?
What about 3rd party services?
The goal of Community, is to provide a simple, and easy to setup forum application without having to dictate how your site it setup.
https://github.com/gitt/community
You could build one yourself, you'll be surprised that it's not that time consuming, and you won't have to deal with the bloat that 3rd party solutions might come with. Here is a good place to start.
Savage Beast, Altered Beast and rBoard may be good starting points, but note that they are only for Rails 2.x afaics.
Note: rBoard has a Rails 3 branch but I have no idea how stable that is.