Warden Introduction

Warden General Rack Authentication

Many Web Apps Need

1. A User

2. A way to associate it with a request

Many Solutions Exist • • Restful Authentication Basic Auth • • AuthLogic Digest • • Merbful Authentication LAPD • • Merb-Auth CAS • Home Grown • OpenID

Why Another One?

Rack Router

class SimpleRack include Rack::Router::Routable def initialize prepare do |r| r.map quot;/quot;, :to => router { |c| c.map quot;/helloquot;, :to => ChildApp } r.map quot;/helloquot;, :to => ParentApp r.map quot;/onequot;, :to => lambda { |env| do_one(env) } r.map quot;/twoquot;, :to => lambda { |env| do_two(env) } end end def do_one(env) # Stuff end def do_two(env) # Stuff end end

Mountable Apps

How Will Your Authentication Cope?

Apps Usually Need a “User”

Current Breed Will Conﬂict Between Apps

Warden • Injects a very lazy proxy into the request • Proxy follows around in the request • Does nothing until you ask it • Authenticates Requests for any kind of “User” • Provides a mechanism for Authentication • Available in all downstream Rack parts

Authenticating (Logging In) env['warden'].authenticate :password env['warden'].authenticate! :password, :basic, :open_id env['warden'].authenticated? :password

Accessing The User env['warden'].user

Logging Out env['warden'].logout

Authentication Logic • Strategy Based • Packagable • Sharable between discrete Apps • Simple

Strategy Warden::Strategies.add(:password) do def valid? params[:username] || params[:password] end def authenticate! u = User.authenticate(params[:username], params[:password]) u.nil? ? fail!(quot;Could not log inquot;) : success!(u) end end

Strategies • Multiple Strategies • Strategies Cascade env['warden'].authenticate! :password, :basic, :open_id

Failure throw(:warden) throw(:warden, :some => :option) Drops out to a “Failure Application”

Rack Setup Rack::Builder.new do use Rack::Session::Cookie use Warden::Manager do |manager| manager.default_strategies :password, :basic manager.failure_app = BadAuthenticationEndsUpHere end run SomeApp end

Session Integration Warden::Manager.serialize_into_session{ |user| user.id } Warden::Manager.serialize_from_session{ |key| User.get(id)}

Other Features • Callbacks • User Scopes - Multiple Users / session • Authenticated Session Data • Locks Session per user

Rails Integration conﬁg/initializers/warden.rb Rails.configuration.middleware.use Warden::Manager do |manager| manager.default_strategies :password manager.failure_app = LoginController end # Rails needs the action to be passed in with the params Warden::Manager.before_failure do |env, opts| request = env[quot;action_controller.rescue.requestquot;] request.params[quot;actionquot;] = quot;unauthenticatedquot; end # Session Serialization & Strategies

More Information • http://github.com/hassox/warden • http://wiki.github.com/hassox/warden

Warden Introduction

by hassox on Apr 30, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 174

Statistics

Warden Introduction — Presentation Transcript