Rack for User Authentication

•

4 likes•2,833 views

Craig Jolicoeur

Using Rack for user authentication with Rack apps

Technology

Rack
For User Authentication

http://rirug.com RIRUG

Common Web App Needs

http://rirug.com RIRUG

Common Web App Needs

• A User

http://rirug.com RIRUG

Common Web App Needs

• A User
• A way to associate requests with that user

http://rirug.com RIRUG

Many Current Auth Solutions
• RESTful Authentication • HTTP Auth

• AuthLogic • LDAP

• Clearance • CAS

• OpenID • Roll Your Own

http://rirug.com RIRUG

Why Another One?

http://rirug.com RIRUG

Rack
Rails 2.3 introduced Rack
compatibility.

Rails 3 is Rack dependent.

Rack allows for modular
application design.

http://rirug.com RIRUG

Default Rails Rack Stack

http://rirug.com RIRUG

How Does This Affect Authentication?

• Rack allows for “mountable apps”
• Rails middleware
• Rails metal

http://rirug.com RIRUG

How will your
authentication cope?

http://rirug.com RIRUG

Apps Usually Need a
“User”

http://rirug.com RIRUG

Current Authentication
Systems Will Conﬂict
Between Apps

http://rirug.com RIRUG

Warden

• Injects a lazy proxy into the request

• Proxy follows around the request

• Does nothing until asked

• Authenticates requests for any kind of “user”

• Provides a mechanism for authentication

• Available to all downstream Rack parts

http://rirug.com RIRUG

Authenticating
(Loggin In)

http://rirug.com RIRUG

Accessing the user

http://rirug.com RIRUG

Authentication Logic

• Strategy Based
• Packagable
• Sharable between discrete apps
• Simple

http://rirug.com RIRUG

Strategies

• Multiple Strategies
• Strategies Cascade

http://rirug.com RIRUG

Rails Integration

http://rirug.com RIRUG

Devise

• Flexible Rails authentication based on Warden

• Rack based

• Complete MVC solution using Rails engines

• Allows for multiple roles (models/scopes)

• Based on modularity

http://rirug.com RIRUG

Devise Modules
• Database Authenticatable
• Token Authenticatable
• Conﬁrmable
• Recoverable
• Rememberable
• Registerable
• Trackable
• Timeoutable
• Validatable
• Lockable

http://rirug.com RIRUG

Rack Resources

• http://rack.rubyforge.org/

• http://rack.rubyforge.org/doc/SPEC.html

• http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal

http://rirug.com RIRUG

Warden Resources

• http://www.slideshare.net/hassox/warden-introduction

• http://wiki.github.com/hassox/warden/overview

• http://github.com/hassox/rails_warden

http://rirug.com RIRUG

Devise Resources

• http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/

• http://github.com/plataformatec/devise

• http://rdoc.info/projects/plataformatec/devise

• http://railscasts.com/episodes/209-introducing-devise

• http://railscasts.com/episodes/210-customizing-devise

http://rirug.com RIRUG

What's hot

Kraken

PayPal

Rails Plugins

Wen-Tien Chang

PWA Roadshow Seoul - HTTPS

Chang W. Doh

Progressive Web Apps

Unfold UI

Everybody knows Javascript is single-threaded and that it shares this same thread with other browser-related processes such as painting and compositing. There are several techniques to implement pseudo multithreading in JavaScript; however, during this talk we will focus our attention on how to use and debug the Service Worker API. Our end goal is to explore practical use cases in order to simplify the process to render complex user interfaces and transitions in a browser.

Service worker API

Giorgio Natili

Progressive Web Apps 101

Muhammad Samu

Ruby on Rails Penetration Testing

3S Labs

Service workers

Eugene Lazutkin

What's hot (8)

Kraken

Rails Plugins

PWA Roadshow Seoul - HTTPS

Progressive Web Apps

Service worker API

Progressive Web Apps 101

Ruby on Rails Penetration Testing

Service workers

Similar to Rack for User Authentication

Rhodes

jwallace41

Swagger - make your API accessible

Victor Trakhtenberg

Scalable Django Architecture

Rami Sayar

Stay safe, grab a drink and join us virtually for our upcoming "The Hacking Game - A Road to Post Exploitation" meetup to learn how hackers can compromise the software supply chain, advanced data protection methods on WebLogic Server and how to use AI in order to protect your software. Agenda: 17:00 - 17:10 - 'Opening words' - by Gidi Farkash (CISO at Pipl Security) 17:10 - 17:40 - 'Tracking Attackers in Open Source Supply Chain - Lessons Learned' - by Jossef Harush Kadouri (Head of Software Supply Chain Security at Checkmarx) 17:40 - 18:20 - 'WebLogic - The Road to Post Exploitation' - by Amit German (Cyber Security Researcher at Pentera) 18:20 - 19:00 - 'AI In The Hands of Application Security' - by Brit Glazer (Head of Information Security at Unit)

The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx

lior mazor

InVision is a collaborative design company that’s growing into Golang. That being said, when we started doing web services, we looked at using one of the middleware libraries out there such as Alice and Negroni. We found them all interesting but decided to tackle it on our own. As we did that we realized that our library was pretty cool so we broke it out and open sourced it as Rye. I’ll present on the approach we took and some of the benefits of using Rye including integration with Statsd, Context and custom middleware handlers we’ve added such as CIDR validation and JWT validation.

Middleware in Golang: InVision's Rye

Cale Hoopes

Security Goodness with Ruby on Rails

Source Conference

Heroku Dockerの使い所

Yusuke Kon

Nginx Essential

Gong Haibing

Euroclojure2014: Schema & Swagger - making your Clojure web APIs more awesome

Metosin Oy

vdocuments.site_nginx-essential.pdf

crezzcrezz

GitBucket: The perfect Github clone by Scala

takezoe

Hybrid integration with self hosted azure api gateways - published v1.0

Nikolai Blackie

Large Scale Drupal - Behind the Scenes

Boyan Borisov

Which Hypervisor is Best?

Kyle Bader

At Percona Live in April 2016, Red Hat's Kyle Bader answered questions like, "How does MySQL perform on different forms of virtualization?" and "How can you use Ceph for the storage backend?" He also presented the results of MySQL and file-level benchmarks obtained using tools like Percona TPCC, Sysbench and FIO, the positive and negative sides of each virtualization technology, and tuning guidelines to maximize performance.

Which Hypervisor Is Best? My SQL on Ceph

Red_Hat_Storage

Route Origin Validation - A MANRS Approach

Bangladesh Network Operators Group

Android lessons you won't learn in school

Michael Galpin

Android Penetration Testing - Day 3

Mohammed Adam

java in cloud - adopt cloud dev's DHARMA

Hochi Chuang

App forum2015 London - Building RhoMobile Applications with Ionic

robgalvinjr

Similar to Rack for User Authentication (20)

Rhodes

Swagger - make your API accessible

Scalable Django Architecture

The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx

Middleware in Golang: InVision's Rye

Security Goodness with Ruby on Rails

Heroku Dockerの使い所

Nginx Essential

Euroclojure2014: Schema & Swagger - making your Clojure web APIs more awesome

vdocuments.site_nginx-essential.pdf

GitBucket: The perfect Github clone by Scala

Hybrid integration with self hosted azure api gateways - published v1.0

Large Scale Drupal - Behind the Scenes

Which Hypervisor is Best?

Which Hypervisor Is Best? My SQL on Ceph

Route Origin Validation - A MANRS Approach

Android lessons you won't learn in school

Android Penetration Testing - Day 3

java in cloud - adopt cloud dev's DHARMA

App forum2015 London - Building RhoMobile Applications with Ionic

Recently uploaded

ICT role in 21st century education and its challenges

rafiqahmad00786416

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Architecting Cloud Native Applications

WSO2

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

The presentation was made in “Web3 Fusion: Embracing AI and Beyond” is more than a conference; it's a journey into the heart of digital transformation. The conference a provided a platform where the future of technology meets practical application. This three-day hybrid event, set in the heart of innovation, served as a gateway to the latest trends and transformative discussions in AI, Blockchain, IoT, AR/VR, and their collective impact on the information space.

AI in Action: Real World Use Cases by Anitaraj

AnitaRaj43

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Samir Dash

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Recently uploaded (20)

ICT role in 21st century education and its challenges

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Architecting Cloud Native Applications

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Why Teams call analytics are critical to your entire business

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

WSO2's API Vision: Unifying Control, Empowering Developers

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

AI in Action: Real World Use Cases by Anitaraj

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

FWD Group - Insurer Innovation Award 2024

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

AWS Community Day CPH - Three problems of Terraform

Rack for User Authentication

1. Rack For User Authentication http://rirug.com RIRUG

2. Common Web App Needs http://rirug.com RIRUG

3. Common Web App Needs • A User http://rirug.com RIRUG

4. Common Web App Needs • A User • A way to associate requests with that user http://rirug.com RIRUG

5. Many Current Auth Solutions • RESTful Authentication • HTTP Auth • AuthLogic • LDAP • Clearance • CAS • OpenID • Roll Your Own http://rirug.com RIRUG

6. Why Another One? http://rirug.com RIRUG

7. Rack Rails 2.3 introduced Rack compatibility. Rails 3 is Rack dependent. Rack allows for modular application design. http://rirug.com RIRUG

8. Default Rails Rack Stack http://rirug.com RIRUG

9. How Does This Affect Authentication? • Rack allows for “mountable apps” • Rails middleware • Rails metal http://rirug.com RIRUG

10. How will your authentication cope? http://rirug.com RIRUG

11. Apps Usually Need a “User” http://rirug.com RIRUG

12. Current Authentication Systems Will Conﬂict Between Apps http://rirug.com RIRUG

13. http://rirug.com RIRUG

14. Warden • Injects a lazy proxy into the request • Proxy follows around the request • Does nothing until asked • Authenticates requests for any kind of “user” • Provides a mechanism for authentication • Available to all downstream Rack parts http://rirug.com RIRUG

15. Authenticating (Loggin In) http://rirug.com RIRUG

16. Accessing the user http://rirug.com RIRUG

17. Logging Out http://rirug.com RIRUG

18. Authentication Logic • Strategy Based • Packagable • Sharable between discrete apps • Simple http://rirug.com RIRUG

19. Warden Strategy http://rirug.com RIRUG

20. Strategies • Multiple Strategies • Strategies Cascade http://rirug.com RIRUG

21. Rack Setup http://rirug.com RIRUG

22. Rails Integration http://rirug.com RIRUG

23. Warden + Devise http://rirug.com RIRUG

24. Devise • Flexible Rails authentication based on Warden • Rack based • Complete MVC solution using Rails engines • Allows for multiple roles (models/scopes) • Based on modularity http://rirug.com RIRUG

25. Devise Modules • Database Authenticatable • Token Authenticatable • Conﬁrmable • Recoverable • Rememberable • Registerable • Trackable • Timeoutable • Validatable • Lockable http://rirug.com RIRUG

26. Demo http://rirug.com RIRUG

27. Rack Resources • http://rack.rubyforge.org/ • http://rack.rubyforge.org/doc/SPEC.html • http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal http://rirug.com RIRUG

28. Warden Resources • http://www.slideshare.net/hassox/warden-introduction • http://wiki.github.com/hassox/warden/overview • http://github.com/hassox/rails_warden http://rirug.com RIRUG

29. Devise Resources • http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/ • http://github.com/plataformatec/devise • http://rdoc.info/projects/plataformatec/devise • http://railscasts.com/episodes/209-introducing-devise • http://railscasts.com/episodes/210-customizing-devise http://rirug.com RIRUG

Rack for User Authentication

Recommended

Recommended

More Related Content

What's hot

What's hot (8)

Similar to Rack for User Authentication

Similar to Rack for User Authentication (20)

Recently uploaded

Recently uploaded (20)

Rack for User Authentication