I have always used Authlogic in Rails 2.3 but now that I am using Rails 3 I think I might try out a new authentication solution.
How does Devise compare with Authlogic? What are their differences?
I've used them both, but not extensively. In my last project, I gave Devise a shot. I ended up using Rails-Warden instead.
Devise is a full authentication framework built on top of Warden. To customize its looks, you use generators, then edit the resulting views. Its routes, and view logic are hard coded. For example, successful login will always take you to /session/new? This was a dealbreaker or me, I wanted my users to end up on "welcome/index". Devise is not as well documented, or intuitive as authlogic.
Warden is a middleware framework Devise is based upon. It has plugins for many web authentication schemes (fb, openid, oauth), and it is easy to build a plugin for your own authentication back end. It comes with no UI, and docs are not as good as authlogic.
I ended up using rails-warden because I needed to plugin multiple custom authentication schemes.
Also, see OmniAuth answer below, that's what I am using in 2012.
for devise, if you want to send successful login to "welcome/index" you add to routes.rb
namespace :user do
root :to => "welcome#index"
end
as documented https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-on-successful-sign-in
personally, i like devise. it think it's great and i guess you can call it "opinionated" but those opinions can be easily overwritten.
I found Devise too opinionated for me. If you just want to accept the way it does things out of the box it is good and easy to get going. I had some specific requirements and found myself writing things to get round Devise so ended up ripping it out and updating Authlogic to Rails3 instead.
Like the original questioner, I too had always used AuthLogic in the Rails 2.3 days but made the choice to use Devise when AuthLogic wasn't ready for Rails 3.1 (when it was at the RC stage). Overall I've made Devise do what I want but I'm unhappy and wish I hadn't made the change.
User Authentication seems simple on the surface and an ideal thing to "componentize" but so many times you want to let a user engage with your site fully before requiring login and Devise makes this harder.
Yes features like putting after_sign_in_path_for / after_sign_up_path_for into Application Controller work but these functions are really intended to do nothing more than return a path and if you're using Devise you'll find yourself sticking big blocks of code into them. It works but having your own users controller to handle user related actions is, to me, more elegant.
If you need multiple OAuth authentication to Twitter, Facebook, LinkedIn and Google, you can use the OmniAuth gem along with Authlogic. Easy to figure out and gives you complete control over what happens as users authenticate from different social sites, which you do in authorizations_controller.rb.
I like Devise. You can use OmniAuth with Devise too. I think that the Devise project is very active, and it has a big support on the internet.
Related
I need to integrate google, yahoo calender in my rails app.
Is there any gem or plugin for that, gem/plugin should have very basic feature i.e. creating new events and editing existing event?
Thanks
I Think,
https://github.com/google/google-api-ruby-client and this http://blog.baugues.com/google-calendar-api-oauth2-and-ruby-on-rails may prove useful to you.
And about yahoo, I'm afraid they dont have a gem. Even I am in search for that!!!
I was using the Twitter Widget for the longest time but I was looking to step it up a level and add additional styling and filtering. Recently I got started with the Rails Twitter Gem and so far so good, but I wanted to be able to link back to profiles wherever #username appears.
Looking around it seems that Twitter Anywhere is the way to go, but I was wondering if there was a better implementation in a Rails environment? Perhaps a gem that loads the required JS files and provides helper methods?
Also I should note that I don't necessarily require all of the functionality that the anywhere api offers, at the moment my main focus is just to provide the #username links (though it is certainly nice to have the option for future expansion).
It turns out that Twitter Anywhere might have been a little overkill for what I was trying to do. All I really needed was the following helper method as mentioned here
def linkup_mentions_and_hashtags(text)
text.gsub!(/#([\w]+)(\W)?/, '#\1\2')
text.gsub!(/#([\w]+)(\W)?/, '#\1\2')
text
end
I've got a Twitter app. All our users come directly from Twitter. This means, you cannot do any significant interactions with the app unless you are logged on, from Twitter. Our app caches (saves the user's Twitter data in the db).
It is possible to integrate Capybara with Omniauth. For example to test OAuth integration with Twitter. I've read a few articles online about this. However, the tricky part is getting it to work with Devise + Omniauth (I've only seen a scarce number of articles, have tried them to no avail).
Second, I've also looked into testing file uploads to S3, which make it quite difficult, since we are uploading directly to S3 using JS (Uploadify) and then instructing Carrierwave to grab the file.
A few have mentioned that it is best to provide mock data instead of trying to test OAuth directly. I guess, what they are trying to suggest, is to seed the test database with mock Twitter data. That way, I can test the user directly in the app. Without having to worry about how to get testing with Rspec + Capybara + Devise + Omniauth + Twitter to work.
I could do the same for file uploads as well. Does this make sense? Is this a sensible approach?
By seeding the database with the appropriate data beforehand, you avoid dealing with all the integration testing issues of Omniauth etc. As the library itself is already tested anyhow, you also avoid and unnecessary overhead.
So yes - seed your db with the data right away.
OmniAuth has helpers for integration testing.. i wrote a post about that, it may help you..
I want to build a simple API that can be accessed by myself in other clients. I want to use Rails 3 to build it but I do not know how to do it. I know that Rails got this more or less build in but I do not know how to interact with it.
Is there any resources on the Internet that I can read up on how to turn my Rails 3 application into a server with a remote API?
Thankful for all input.
Despite of what had been already told, you can start with rails api screencast. Although it's meant for an API only application.
If you want to add and API to an existent full rails app, check this blog post which covers the essentials on a Rails API, including tips for speed-up.
Since this should be a requirement too, for securing your API there's also a screencast on the subject: #352 Securing an API
Yehuda Katz and Ryan Bigg's book, Rails 3 in Action, has a chapter on building a test-driven JSON API on top of the example application that runs through the entire book.
The code for the sample application in the book, Ticketee, is open source and can be found on GitHub. In particular, everything API-related is namespaced under /app/controllers/api and you can find plenty of RSpec tests in /spec/api.
a good starting point might be reading up on REST and responders
Then to interact with the API from another rails app, you can use ActiveResource. There's a Railscast on it.
An example:
#API side
class ProductsController < ApplicationController
respond_to :json
def index
#products = Product.all
respond_with(#products)
end
end
#Client
# models/product.rb
class Product < ActiveResource::Base
self.site = "http://your-api-app.com"
end
The rails-api gem is a Rails subset that only includes the minimum modules needed to create an API app. It's intended to be lightweight and faster than a normal Rails application.
Check http://railscasts.com/episodes/348-the-rails-api-gem for a nice tutorial on how to use the gem.
Came up with a blog post recently - describes in examples how to add API to an existing Ruby on Rails application. Covers topics like Rails Metal controllers, routing, views and security.
Hope that will help.
Im new to ruby on rails and i have been following The Rails Space book to build a social network the problem is that i know from Experience if you dont put in a validator or something you get a ton of fake accounts!
I work better from Examples that i can cut and paste/edit to work with my site i just can seem to find any examples!
If you are setting up an authentication system with Rails, I recommend you look at Devise (Railscast episode).
Among other things, Devise features email confirmation out of the box.