Giter Club home page Giter Club logo

padrino-auth's Introduction

Authorization and authentication modules for Padrino framework

Overview

This padrino-auth provides the means to authenticate and authorize users. These modules are designed to be independent but compatible with each other.

Padrino::Login, an authentication module for Padrino

Authentication means identifying the user by comparing provided parameters (usually login or email and password) with the credentials stored in the application database and selecting the matched one. This module provides a simple login form and related helpers methods including saving and restoring user location.

Usage

Holding a session

Make sure you have sessions enabled: enable :sessions.

If you use a different persistence storage you will have to make #session hash available to call in your app. Padrino::Login stores credentials id in session[settings.session_key]. You can customize session_key by calling set :session_key, :current_credentials_id. Default session_key name is "_login_#{app.app_name}".

Taming a model

By default Padrino::Login uses credentials model name Account. You can customize it by setting set :login_model, :user.

Usually a set of credentials are stored in application database. To access stored credentials Padrino::Login uses Account.authenticate class method. The Account model must provide this class method in at least two forms: authenticate with email/password, or with id. Account.authenticate is called

  • with hash like { :email => '[email protected]', :password => 'mypass' } to authenticate by email and password in response to user request
  • with hash { :id => 42 } to restore credentials from session
Accessing credentials (optional)

To be able to access current credentials of the signed user your app will have to provide application helpers. By default Padrino::Login adds simple reader and writer with names credentials and credentials=(user). You can customize helper name by setting set :credentials_accessor, :visitor and you can override default accessor by defining your own reader and writer helpers with the said names.

  • the reader is called before checking if the user is signed in
  • the writer is called after authenticating user's credentials or restoring it from session
Bypassing authentication (optional)

By default this option is disabled. To enable it you can call enable :login_bypass.

In development environment it sometimes is convenient to be able to bypass authentication. If you do this you also have to extend your model Account.authenticate class method to be able to return default credentials in response to hash { :bypass => true }. This way if the user authenticates with parameter bypass she will be assigned the credentials returned by you model and redirected to the stored location.

Customizing the login process (optional)

By default Padrino::Login registers a simple login controller for your app and binds it to /login.

To customize this url it you can call set :login_url, '/signin'. Also it's possible to disable registering the default controller by calling disable :login_controller. If you do so you should provide a controller for your custom login url which on request of authentication will call #authenticate helper. If the result is true it should call #restore_location, else it should show an error. Or you can do whatever you like, it's your controller after all.

Synergizing with Padrino::Access and other things (info)

Padrino::Login tries to inform Padrino::Access that /login url should be accessible for unauthenticated users by setting default set(:login_permissions) { set_access(:*, :allow => :*, :with => :login) }. Yes, it's a Proc and Padrino::Access tries to call it when registers itself.

If you name your controller another way you must redefine this. If you use another authorization solution you also should configure it to allow visiting /login url without having to authenticate.

Redirecting the user (info)

To authenticate users Padrino::Login defines Sinatra before_filter which checks things and acts accordingly.

The first thing is if the user is already logged in. It uses the credentials reader we mentioned before, or tries to restore credentials from session.

The second thing is if the user is authorized to look at the requested page. To do so Padrino::Login calls #authorized? helper and checks it's bollean result. If this helper does not exist then your app is considered not requiring authorization. If it exists and responds with true then before_filter passes. If the helper exists and returns false then the user's location is saved and the user herself is redirected to login url.

#authorized? helper should be defined in your app if you want access control.

Finally registering

Call register Padrino::Login and you are ready to roll.

Padrino::Access, an authorization module for Padrino

https://github.com/padrino/padrino-framework/wiki/Padrino-authorization-module

Examples

EXAMPLES.md

padrino-auth's People

Stargazers

 avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar

Forkers

cads

padrino-auth's Issues

set_access from cancan perspective

hi,

im quite confused with set access,
how do i use it with activerecord model?
and where do i specify the action accessible?
or how do i force authorize! :my_action, model ?

thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.