Rodauth: Clean Authentication - Valentine Ostakh
0 likes1,319 views
Rodauth is a flexible authentication library for Rack applications. It provides features like login, logout, password reset, and account management. Rodauth aims for security, simplicity and flexibility. It has minimal dependencies and allows customization. Rodauth authentication can be integrated into any Rack app, including Rails, Sinatra and Hanami. Developers define the authentication features needed via a simple configuration DSL.
![Setup With Postgresql
create_table(:accounts) do
primary_key :id, :type=>:Bignum
foreign_key :status_id, :account_statuses, :null=>false, :default=>1
if db.database_type == :postgres
citext :email, :null=>false
constraint :valid_email, :email=>/^[^,;@ rn]+@[^,@; rn]+.[^,@; rn]+$/
index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
else
String :email, :null=>false
index :email, :unique=>true
end
end
case database_type
when :postgres
user = get{Sequel.lit('current_user')} + '_password'
run "GRANT REFERENCES ON accounts TO #{user}"
end](https://image.slidesharecdn.com/rodauth-clean-authentication-170215142536/85/Rodauth-Clean-Authentication-Valentine-Ostakh-87-320.jpg)
![Define Rodauth Features
plugin :rodauth, :json=>true, :csrf=>false, :flash=>false do
enable :change_password, :close_account, :create_account,
:login, :logout, :remember, :reset_password, :verify_account,
:otp, :recovery_codes, :sms_codes, :password_complexity,
:disallow_password_reuse, :password_grace_period,
:account_expiration, :single_session, :jwt, :session_expiration,
max_invalid_logins 2
allow_password_change_after 60
verify_account_grace_period 300
jwt_secret secret
sms_send do |phone_number, message|
MUTEX.synchronize{SMS[session_value] = "..."}
end
end](https://image.slidesharecdn.com/rodauth-clean-authentication-170215142536/85/Rodauth-Clean-Authentication-Valentine-Ostakh-88-320.jpg)
![Registration
module Auth
class Rodauth < Roda
DB = Sequel.connect(ENV['DATABASE_URL'])
plugin :middleware
plugin :rodauth, json: :only do
enable :login, :logout, :jwt, :create_account
jwt_session_hash do
super().merge(exp: SmartTaskApi::Utils.jwt_expiration)
end
jwt_secret ENV['JWT_SECRET']
end
route do |r|
r.rodauth
env['rodauth'] = rodauth
end
end
end](https://image.slidesharecdn.com/rodauth-clean-authentication-170215142536/85/Rodauth-Clean-Authentication-Valentine-Ostakh-93-320.jpg)
![Token Authentication
module Api
class Rodauth < Roda
DB = Sequel.connect(ENV['DATABASE_URL'])
plugin :middleware
plugin :rodauth, json: :only do
enable :jwt
jwt_secret ENV['JWT_SECRET']
end
route do |r|
r.rodauth
rodauth.require_authentication
env['rodauth'] = rodauth
end
end
end](https://image.slidesharecdn.com/rodauth-clean-authentication-170215142536/85/Rodauth-Clean-Authentication-Valentine-Ostakh-94-320.jpg)
Rodauth: Clean Authentication - Valentine Ostakh
- 3. What is the most necessary feature for interaction with users?
- 5. Authentication is the act of identification of user that going to interact with your product
- 6. I want authentication for my application
- 8. Ruby-toolbox
- 9. Awesome-ruby
- 10. Authentication • Authlogic • Devise • Clearance • Sorcery • Warden • Rodauth
- 14. Custom Solution vs Authentication Libraries Library Issues Pull Requests First Release Sorcery 64/451 28/306 31 Jan 2011 Clearance 12/374 4/369 1 Sep 2009 Authlogic 124/221 6/186 3 Nov 2008 Devise 39/3353 29/979 21 Oct 2009 Warden 18/74 4/49 26 May 2009 Rodauth 0/8 0/11 12 Aug 2015
- 15. I want flexible authentication that can be used with any framework
- 19. How to choose a library for my application?
- 20. Dependencies
- 21. • Authlogic - activerecord, activesupport • Devise - rails, warden • Clearance - rails, rack • Sorcery - rails • Warden - rack • Rodauth - roda, rack
- 22. Clearance
- 23. Features
- 24. Registration • Authlogic • Devise • Clearance • Sorcery • Warden • Rodauth
- 25. Login • Authlogic • Devise • Clearance • Sorcery • Warden • Rodauth
- 26. Logout • Authlogic • Devise • Clearance • Sorcery • Warden • Rodauth
- 27. Would be great to have token authentication
- 28. Token Authentication • Authlogic • Devise • Clearance • Sorcery • Warden • Rodauth
- 29. Token Authentication Articles • An Introduction to Using JWT Authentication in Rails • Authenticate Your Rails API with JWT from Scratch • Token-based authentication with Ruby on Rails 5 API • JWT Auth in Rails, From Scratch • Implementing JWT in Ruby on Rails-based API • Authenticate Your Rails API with JWT • Rails Api Backed With JWT • Rails, Devise, JWT and the forgotten Warden
- 30. Token Authentication Gems • jwt_authentication • simple_token_authentication • devise_token_auth
- 31. Token Authentication Gems • jwt_authentication (based on devise) • simple_token_authentication (based on devise) • devise_token_auth (based on devise)
- 33. Popularity
- 34. Library Total Downloads rubygems.org Devise 21,407,462 Warden 21,018,495 Authlogic 2,343,678 Sorcery 527,431 Clearance 317,409 Rodauth 6,163
- 35. Summary
- 36. Library Dependencies Features Token Authentication Devise Warden Authlogic Sorcery Clearance Rodauth
- 37. Rodauth
- 38. Rodauth
- 40. Roda Sequel
- 41. Rodauth Goals • Security • Simplicity • Flexibility
- 42. Features first
- 47. Rodauth Features Login Logout Change Password Change Login Reset Password
- 48. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account
- 49. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account
- 50. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account
- 51. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password
- 52. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token)
- 53. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection)
- 54. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP)
- 55. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes)
- 56. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS)
- 57. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login
- 58. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period
- 59. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period
- 60. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity
- 61. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse
- 62. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse Password Expiration
- 63. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse Password Expiration Account Expiration
- 64. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse Password Expiration Account Expiration Session Expiration
- 65. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse Password Expiration Account Expiration Session Expiration Single Session
- 66. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse Password Expiration Account Expiration Session Expiration Single Session JWT
- 67. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse Password Expiration Account Expiration Session Expiration Single Session JWT Update Password Hash
- 68. Rodauth Features Login Logout Change Password Change Login Reset Password Create Account Close Account Verify Account Confirm Password Remember (Autologin via token) Lockout (Bruteforce protection) OTP (2 factor authentication via TOTP) Recovery Codes (2 factor authentication via backup codes) SMS Codes (2 factor authentication via SMS) Verify Change Login Verify Account Grace Period Password Grace Period Password Complexity Disallow Password Reuse Password Expiration Account Expiration Session Expiration Single Session JWT Update Password HashHTTP Basic Auth
- 70. Security
- 71. • Uses database functions to access password hashes • Two database accounts are used
- 72. • Uses database functions to access password hashes (optional) • Two database accounts are used (optional)
- 73. Flexibility
- 74. Can be used with the any rack framework
- 75. require "roda" class RodauthApp < Roda # If using Rodauth in a non-Roda application # plugin :middleware plugin :rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication # If using Rodauth in a Roda application # Your app code here end end # If using Rodauth in a non-Roda application # use RodauthApp # If using Rodauth in a Roda application run RodauthApp
- 76. require "roda" class RodauthApp < Roda # If using Rodauth in a non-Roda application # plugin :middleware plugin :rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication # If using Rodauth in a Roda application # Your app code here end end # If using Rodauth in a non-Roda application # use RodauthApp # If using Rodauth in a Roda application run RodauthApp
- 77. Rodauth uses a simple configuration DSL
- 78. require 'simple_ldap_authenticator' plugin :rodauth do enable :login, :logout # Don't require the bcrypt library, since using LDAP for auth require_bcrypt? false # Treat the login itself as the account account_from_login{|l| l.to_s} # Use the login provided as the session value account_session_value{account} # Store session value in :login key, since the :account_id # default wouldn't make sense session_key :login password_match? do |password| SimpleLdapAuthenticator.valid?(account, password) end end
- 79. Simplicity
- 80. Rodauth allows for overriding any part of the framework
- 81. module Auth class Rodauth < Roda plugin :rodauth do enable :login end route do |r| r.post 'login' do # Custom POST /login handling here end r.rodauth end end end
- 82. How to start use Rodauth?
- 83. • Resolve database dependencies • Define Rodauth features
- 85. • Setup database • Create tables
- 86. Setup With Postgresql # Load extentions psql -U postgres -c "CREATE EXTENSION citext" ${DATABASE_NAME} # Create database accounts createuser -U postgres ${DATABASE_NAME} createuser -U postgres ${DATABASE_NAME}_password
- 87. Setup With Postgresql create_table(:accounts) do primary_key :id, :type=>:Bignum foreign_key :status_id, :account_statuses, :null=>false, :default=>1 if db.database_type == :postgres citext :email, :null=>false constraint :valid_email, :email=>/^[^,;@ rn]+@[^,@; rn]+.[^,@; rn]+$/ index :email, :unique=>true, :where=>{:status_id=>[1, 2]} else String :email, :null=>false index :email, :unique=>true end end case database_type when :postgres user = get{Sequel.lit('current_user')} + '_password' run "GRANT REFERENCES ON accounts TO #{user}" end
- 88. Define Rodauth Features plugin :rodauth, :json=>true, :csrf=>false, :flash=>false do enable :change_password, :close_account, :create_account, :login, :logout, :remember, :reset_password, :verify_account, :otp, :recovery_codes, :sms_codes, :password_complexity, :disallow_password_reuse, :password_grace_period, :account_expiration, :single_session, :jwt, :session_expiration, max_invalid_logins 2 allow_password_change_after 60 verify_account_grace_period 300 jwt_secret secret sms_send do |phone_number, message| MUTEX.synchronize{SMS[session_value] = "..."} end end
- 89. Summary
- 90. Rodauth Advantages • Integration with any rack application • Minimun dependencies • Features • Security • Simplicity
- 91. Rodauth Disadvantages • Doesn’t work with OAuth • Routes design: can mismatch with your design
- 93. Registration module Auth class Rodauth < Roda DB = Sequel.connect(ENV['DATABASE_URL']) plugin :middleware plugin :rodauth, json: :only do enable :login, :logout, :jwt, :create_account jwt_session_hash do super().merge(exp: SmartTaskApi::Utils.jwt_expiration) end jwt_secret ENV['JWT_SECRET'] end route do |r| r.rodauth env['rodauth'] = rodauth end end end
- 94. Token Authentication module Api class Rodauth < Roda DB = Sequel.connect(ENV['DATABASE_URL']) plugin :middleware plugin :rodauth, json: :only do enable :jwt jwt_secret ENV['JWT_SECRET'] end route do |r| r.rodauth rodauth.require_authentication env['rodauth'] = rodauth end end end
- 95. Rodauth Examples • https://github.com/jeremyevans/ginatra • https://github.com/jeremyevans/rodauth-demo-rails • https://github.com/davydovanton/rodauth_hanami • https://github.com/davydovanton/grape-rodauth • https://github.com/valikos/smart-task-api-hanami
- 97. Thanks!
- 98. Questions?