The rails community seems to be leaving Authlogic in favor of Devise. I have been using Authlogic for over a year and would like to know what the reasons are. Is it just marketing, or is there a good reason for this? I have used Devise and prefer Authlogic at this point, but if there is a good reason to make the switch I certainly would.
I have read quite a bit on Devise but I don't see where the excitement comes from. The main reason I like the idea of Devise is because of the community support - as of this writing stackoverflow has 605 questions for Authlogic and 2580 for Devise.
Any input is greatly appreciated.
Devise is solid, has a lot of features and has huge community support.
Devise has integrations with and/or is used by lots of other important projects -- such as OmniAuth or ActiveAdmin.
JOSE VALIM!
I mean seriously, how many people do you know have over 1500 github followers? He's a core rails contributor, basically wrote devise, and is one of the most influential people in the ruby and rails communities.
Related
I am a newbie in ROR developement. I am trying to create my own application with the help of Ruby on Rails tutorial 2nd edition. I made many reseaches. I need your comments about devise or any other authentications system or as the book offers us to write our own authentication systems.
What are your ideas? Is it wasting time to write your own authentication system?
i'm quite new to RoR myself but i used Devise so far (and according to the book i'm currently reading it is worth it).
You could use the Railscasts about Devise if you want an introduction to it:
http://railscasts.com/episodes/209-introducing-devise
And as it is quite easy to learn and well featured i'd say it is pretty overkill to write your own.
I am a huge advocate of Devise, and also of not recreating the wheel. My rebuttal question would be why go through the trouble of creating your own authentication solution, when in just a few short bash commands, Devise will be installed and running. The configuration options alone are enough to choose Devise, not to mention that almost every part of the engine has the ability to be overridden with your own code.
There are hundreds of blog posts out there that can easily get you started with running Devise. As always with any gem, I would recommend starting out with browsing the source code, and then turning to the wiki for the answers that you seek. As #krizz mentioned, Ryan Bates' Railscasts are always a great place to turn when you need to see it setup.
And of course, you can always turn back here to the stack when you get stuck.
I know that Rails has some tools on board to create a REST API. However, concepts like HATEOS aren't supported out of the box.
I googled around for Gems that are filling the gap. The most complete Gem I found is Restfulie (https://github.com/caelum/restfulie). But I am not complete convinced about Restfulie and the project looks abandoned. Hence, I am looking for good alternatives to Restfulie.
What's the best Gem to create a REST API for Rails?
Popular choices are RABL and Roar / roar-rails.
I personally like Roar better because it allows you to consume your representations which is a bit harder with RABL. On the other hand, it's concepts are still in flux so things still tend to change.
Grape is worth a try.
With all this talk of Authlogic or Devise, which ones easier to install and useful etc. (Can't decide which one I like more so far.)
I've just been blindly using then and assuming they both have rock-solid security.
So my question is, what is the security like behind these plugins and which offers the best protection to the user? Or they the same?
Is one better than the other, and are there any security issues?
If using Rails 3, I suggest Devise.
When I moved from rails 2 to 3, I made the switch from Authlogic to devise. Comparing Devise to Authlogic isn't exactly apples to apples, although used without any customization they do offer the same key functionality. Devise itself comes with Warden, another gem for implementing authentication Strategies, one of which could actually be Authlogic. To me, the key difference then is really how the software is architected. Warden is a rack-based implementation, and built using standard web app patterns. Rails 3 is also a rack-based solution, which implies the architectures are more in sync. On top of Warden, Devise provides convenient session query methods and User model integration. Further, Devise has a pretty solid integration with Omniauth, which allows your app to easily use external authentication providers (facebook, twitter, linkedin, etc.).
The question of which provides better security is really moot. In either case you need to make configuration choices which will dictate "how secure" your application is. And there are other considerations beyond password encryption and session management not provided by either (e.g., when to use SSL, what encryption algorithm you use, password and password recovery policies, etc.).
Definitely do read the wiki and make sure you understand all the configuration options and make conscious choices. And never use "assume" in the same sentence as "security".
I tend to think that it's sometimes better to build things yourself than rely on gem magic. With that in mind, building user authentication and session management can be done in just a few hours (or much less if you = coding ninja). The http://ruby.railstutorial.org/ I thought gave a good step by step process on how to go about it. There are a few things to watch out for though... Anyway just my two cents.
I'm looking for some gem/library able to generate administration interface for my RoR3 project.
I don't want to have some library/gem with its own logic and data in some gem repo, I want it to be not just integrated with my app, but be actual part of it, have ability to tweak and modify logic, views, etc...
ATM I've tried rails_admin and it seems to be the best imho, but during development lots of issues came out: i18n issues, additional pages, custom controls, lack of documentation on extending it, ... There's a lot actually. Maybe for something simple its a perfect match, but not for projects requiring complex administration interface.
So any ideas on gem/library I can use?
Thanks.
Active Admin:
Active Admin is a Ruby on Rails plugin for generating administration
style interfaces. It abstracts common business application patterns to
make it simple for developers to implement beautiful and elegant
interfaces with very little effort.
I'm looking for a forum solution for a website I'm building. I'm using Devise and Rails 3, so does there exist any pluggable solutions?
What about 3rd party services?
The goal of Community, is to provide a simple, and easy to setup forum application without having to dictate how your site it setup.
https://github.com/gitt/community
You could build one yourself, you'll be surprised that it's not that time consuming, and you won't have to deal with the bloat that 3rd party solutions might come with. Here is a good place to start.
Savage Beast, Altered Beast and rBoard may be good starting points, but note that they are only for Rails 2.x afaics.
Note: rBoard has a Rails 3 branch but I have no idea how stable that is.