Authentication in-rails
Download as PPTX, PDF2 likes716 views
The document outlines the professional experience of Mihir A. Vaidya, detailing his career progression from software engineer to vice president of engineering at various companies. It includes technical aspects related to user authentication in web development using Rails and Omniauth, including integration with Twitter and Facebook. Additionally, it indicates the use of BCrypt for password management and security.
![•
–
•
•
http_basic_authenticate_with
:name => "ror",
:password => "rocks",
:except=>[:index]](https://image.slidesharecdn.com/authentication-in-rails-120711021016-phpapp01/85/Authentication-in-rails-7-320.jpg)
![•
•
–
•
–
–
•
•
–
– (session[:user_id])
– (current_user, authenticate_user!)
•
•](https://image.slidesharecdn.com/authentication-in-rails-120711021016-phpapp01/85/Authentication-in-rails-17-320.jpg)
![•
•
•
–
•
– gem „omniauth-twitter‟
– gem „omniauth-facebook‟
– bundle install
•
–
•
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter,
APP_CONFIG[:twitter]['consumer_key'],
APP_CONFIG[:twitter]['consumer_secret']
provider :facebook,
APP_CONFIG[:facebook]['app_id'],
APP_CONFIG[:facebook]['app_secret'],
:client_options => {
:ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" }
}
End
•
• (/auth/:provider/callback)
– request.env[“omniauth.auth”]](https://image.slidesharecdn.com/authentication-in-rails-120711021016-phpapp01/85/Authentication-in-rails-18-320.jpg)
![•
–
•
•
•
–
OmniAuth.config.on_failure = -> env do
env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new
env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again."
SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form
end](https://image.slidesharecdn.com/authentication-in-rails-120711021016-phpapp01/85/Authentication-in-rails-19-320.jpg)
Authentication in-rails
- 2. Experience Technologies V.P. Engineering Dec 2011 - now Software Engineer August 2010 – Dec 2011 Software Engineer Mihir A. Vaidya Feb 2006 – August 2010 Co-Founder and V.P. Engineering ReadyPulse Software Engineer https://www.linkedin.com/in/vaidyamihir May 2004 – Feb 2006 https://twitter.com/mihirvaidya Researcher May 2003 – May 2004
- 3. • • •
- 4. • – –
- 5. • – – • – – – – – – – •
- 6. • • – • • •
- 7. • – • • http_basic_authenticate_with :name => "ror", :password => "rocks", :except=>[:index]
- 8. • – – – • • • • – • • current_user, authenticate_user! – • – – – –
- 9. • –
- 10. • – – • • – • – • – • – • – – • • • • •
- 11. • • • • •
- 12. • • • – – – • – • – –
- 13. • – • – – • – – » • Perform all authentication in a HTML POPUP with your own handler pages before and after Facebook OAuth calls – • • – – • – –
- 14. •
- 15. • • – Sessions#fb_auth •
- 16. • – • •
- 17. • • – • – – • • – – (session[:user_id]) – (current_user, authenticate_user!) • •
- 18. • • • – • – gem „omniauth-twitter‟ – gem „omniauth-facebook‟ – bundle install • – • Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, APP_CONFIG[:twitter]['consumer_key'], APP_CONFIG[:twitter]['consumer_secret'] provider :facebook, APP_CONFIG[:facebook]['app_id'], APP_CONFIG[:facebook]['app_secret'], :client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } End • • (/auth/:provider/callback) – request.env[“omniauth.auth”]
- 19. • – • • • – OmniAuth.config.on_failure = -> env do env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again." SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form end
- 20. • – – – – • – –
- 21. • – • •
- 22. • – '/auth/:provider/callback' => 'sessions#create' • – • – – •
- 23. • – provider :identity, on_failed_registration: lambda { |env| # lambda is used so that the class IdentitiesController is not cached (important for dev environment). # That way, changes to the controller will be picked up automatically since # lamda is the rack application to handle failures and not IndentitiesController#new directly IdentitiesController.action(:new).call(env) }
- 24. • – • – –
- 25. • • – • • – • • – • – • • • –
- 26. • – – • – • • – – • – • • – –
- 27. • – • • • • • –
- 28. • • – • –
- 29. • – • – – – • – –
- 30. • • • – – • • • – –
- 31. • • –
- 32. • – – • – • • – • – – • • •
- 33. • • • • – – – – • –
- 34. • • – • – – • – – – • – •
- 35. • • •
- 36. • •
- 40. • – • • • – • • – • – – – – • – – – • • – current_user – authenticate_user!
- 41. • – – – – • password_salt = BCrypt::Engine.generate_salt • password_hash = BCrypt::Engine.hash_secret(password, password_salt) • –
- 42. • – • – • –