Authentication in Rails - jiff_auth plugin

    While working on a rail project, I naturally needed to do user authentication. The monopoly on this in Rails was the restful_authentication plugin, which I did not like for several reasons:
    • it generates a lot of code
    • he is inflexible in the settings
    • It is difficult to integrate into existing models and controllers (must be created from scratch)
    • extremely slurred documentation
    To fix the above and it became the task of the jiff_auth plugin , which I decided to code.
    Below is a small instruction for setting up and using.

    Application integration


    cd vendor/plugins
    git clone git://

    Database Migrations

    You will need to add the following: Hereafter, I will mean that you are using the User model, although you can use the model with any name, of course.

    add_column :users,:password, :string :limit => 40
    add_column :users,:password_token, :string, :unique => true, :limit => 20
    add_column :users,:password_token_expires, :datetime

    Turn on the plugin!

    In application.rb you need to add only one line to make it work:

    JiffAuth.configure(:app_controller => self, :auth_controller => :users, :model => :user)

    JiffAuth.configure the ApplicationController extension and the classes specified as: controller and: model. In addition, configure () has a couple more interesting arguments that may come in handy: I think everything is clear here. Just keep in mind that all the listed arguments are already installed by default (with the values ​​given in the example), so use them if you are not comfortable with the default behavior.

    :redirect_on => {
    :create => '/login',
    :logout => '/login'
    :render_on => {
    :error => 'users/error',
    :message => 'users/system-message'

    And finally, configure routes.rb

    Here's what you need to add to routes.rb: Of course, you can choose the address for actions you like.
    map.connect 'login', :controller => 'users', :action => 'login'
    map.connect 'logout', :controller => 'users', :action => 'logout'
    map.connect 'lost-password', :controller => 'users', :action => 'lost_password'
    map.connect 'recover-password', :controller => 'users', :action => 'recover_password'
    map.connect 'change-password', :controller => 'users', :action => 'change_password'

    Usage examples in views

    Since the plugin does not provide for code generation, you have to do the view yourself.
    I will show examples of templates on two actions: create and login

    users / create.erb

    Here's what this template might look like: If the password field is empty, the plugin will generate the password itself. Further, if registration is successful, a redirect to the login form occurs.
    <% form_for @user, :method => "post", :html => {:multipart =>; true} do |f| %>

    <% end %>

    users / login.erb

    Here, everything is also simple: Instead of user [login], you can specify, for example, user [email] (or any other field, for example id), then authentication will take place using the email / password pair.
    <% form_for, :url => 'login', :method => "post", :html => {:multipart => true} do |f| %>

    <% end %>

    What's more?

    In fact, everything written here + there are still a lot of all kinds of interesting things - there is a README plugin. Do not be too lazy to read. Here I will only list a couple of things that are implemented in the plugin:
    • Cookies and sessions - by itself. You do not need to configure anything.
    • captcha
    • guessing the name of the field for the login by its content
    • Openid
    • Filter for query parameters output to the logs (in order not to shine the password)

    PS I apologize for formatting the code - the parser is a goof, I need to write to the administration.

    Also popular now: