Warden
General Rack Authentication

Many Web Apps Need

1. A User

2. A way to associate it
with a request

Many Solutions Exist
• •
Restful Authentication Basic Auth
• •
AuthLogic Digest
• •
Merbful Authentication LAPD
• •
Merb-Auth CAS
• Home Grown
• OpenID

Why Another One?

Rack

Rack Router

class SimpleRack
include Rack::Router::Routable
def initialize
prepare do |r|
r.map \"/\", :to => router { |c| c.map \"/hello\", :to => ChildApp }
r.map \"/hello\", :to => ParentApp
r.map \"/one\", :to => lambda { |env| do_one(env) }
r.map \"/two\", :to => lambda { |env| do_two(env) }
end
end
def do_one(env)
# Stuff
end
def do_two(env)
# Stuff
end
end

Mountable Apps

How Will Your
Authentication Cope?

Apps Usually Need a
“User”

Current Breed Will
Conflict Between Apps

Warden
• Injects a very lazy proxy into the request
• Proxy follows around in the request
• Does nothing until you ask it
• Authenticates Requests for any kind of
“User”
• Provides a mechanism for Authentication
• Available in all downstream Rack parts

Authenticating
(Logging In)
env['warden'].authenticate :password
env['warden'].authenticate! :password, :basic, :open_id
env['warden'].authenticated? :password

Accessing The User
env['warden'].user

Logging Out
env['warden'].logout

Authentication Logic
• Strategy Based
• Packagable
• Sharable between discrete Apps
• Simple

Strategy
Warden::Strategies.add(:password) do
def valid?
params[:username] || params[:password]
end
def authenticate!
u = User.authenticate(params[:username], params[:password])
u.nil? ? fail!(\"Could not log in\") : success!(u)
end
end

Strategies
• Multiple Strategies
• Strategies Cascade
env['warden'].authenticate! :password, :basic, :open_id

Failure
throw(:warden)
throw(:warden, :some => :option)
Drops out to a “Failure Application”

Rack Setup
Rack::Builder.new do
use Rack::Session::Cookie
use Warden::Manager do |manager|
manager.default_strategies :password, :basic
manager.failure_app = BadAuthenticationEndsUpHere
end
run SomeApp
end

Session Integration
Warden::Manager.serialize_into_session{ |user| user.id }
Warden::Manager.serialize_from_session{ |key| User.get(id)}

Other Features
• Callbacks
• User Scopes - Multiple Users / session
• Authenticated Session Data
• Locks Session per user

Rails Integration
config/initializers/warden.rb
Rails.configuration.middleware.use Warden::Manager do |manager|
manager.default_strategies :password
manager.failure_app = LoginController
end
# Rails needs the action to be passed in with the params
Warden::Manager.before_failure do |env, opts|
request = env[\"action_controller.rescue.request\"]
request.params[\"action\"] = \"unauthenticated\"
end
# Session Serialization & Strategies

More Information
• http://github.com/hassox/warden
• http://wiki.github.com/hassox/warden