Custom Rails authentication / authorization
-
10-07-2019 - |
Question
I know questions of this kind have been asked before, but my situation differs a little.
On my rails app I have to validate the user login against an existing repository and then control authorization to given modules. So, I don't want the solution I go for to generate a model for my users and rely on that. The authetication per se needs to be customized.
Under that scenario, what would be the best plugin to use?
Solution
I don't know whether these will help, but I always use these links for reference apart from RESTful ACL
1) http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/
2) http://steffenbartsch.com/blog/2008/08/rails-authorization-plugins/ - has a list of stuffs on authentication/authorization plugins
http://metautonomo.us/2008/09/30/easy-role-based-authorization/
OTHER TIPS
Look into restful acl
Here's one secure_sessions, which makes no assumptions about your models. Instead you provide a proc in your environment that is responsible for authentication:
SecureSessions::Password.validate_proc = proc do |ctrl|
# define any proc here which validates username/password etc, and returns a unique ID
return nil unless User.authenticate(ctrl.params[:login], ctrl.params[:password])
User.find_by_login(ctrl.params[:login]).id
end
Authority
I've just released a gem called Authority which is totally ORM-neutral; you can do whatever Ruby logic works for your app.
The original use case, for example, involved comparing roles described by a single-sign-on system with permissions in a YAML file.