devise tutorial - 2011 rubyconf taiwan

BUILD YOURAUTHENTICATION SYSTEM WITH DEVISE Tse-Ching Ho (何澤清) 2011-08-26

HTTPS://GITHUB.COM/TSECHINGHO/DEVISE_TUTORIAL git clone git://github.com/tsechingho/devise_tutorial.git

AGENDA• OminiAuth Client Application providers: Facebook, Twitter, Github• OpenID Client Application providers: Google, Yahoo, Google Apps• LDAP Client Application providers: Localhost OpenLDAP• CAS Client Application providers: Localhost CAS

WHAT IS AUTHENTICATION ?

ABOUT AUTHENTICATION• authenticationand authorization are two things• authentication is just an identity token / ticket• canuse multi authentication providers on one site• oneuser can have many authentications

Oauth customer devise providers OpenID providers LDAP omniauth providers 3rd party providers CAS username server /passwordDEVISE - OMNIAUTH WAY

WHAT DO WE NEED ?

USER STORY PLEASE

users managers Model: User Model: Manager has_many :authentications, :as => :resource has_many :authentications, :as => :resource has_one :profile, :as => :resource has_one :profile, :as => :resource id integer id integer email string email string encrypted_password string encrypted_password string reset_password_token string reset_password_token string reset_password_sent_at datetime reset_password_sent_at datetime remember_created_at datetime remember_created_at datetime sign_in_count integer sign_in_count integer current_sign_in_at datetime current_sign_in_at datetime last_sign_in_at datetime last_sign_in_at datetime current_sign_in_ip string current_sign_in_ip string last_sign_in_ip string last_sign_in_ip string created_at datetime created_at datetime updated_at datetime updated_at datetime authentications profiles Model: Authentication Model: Profile belongs_to :resource, :polymorphic => true belongs_to :resource, :polymorphic => true id integer id integer resource_id integer resource_id integer resource_type string resource_type string provider string first_name string uid string last_name string uname string fullname string umail string nickname string created_at datetime created_at datetime updated_at datetime updated_at datetimePOSSIBLE DB SCHEMA

WHY DEVISE ?

FEATURES OF DEVISE• rack - simple and fast• strategies - logical and ﬂexible• modularity - maintainable rails engine• multi-models - signed in at the same time• extensions - diversity• authentication scheme with general user’s needs

BUILDED IN MODULES• Database authenticatable • Rememberable• Token authenticatable • Trackable• Omniauthable • Timeoutable• Conﬁrmable • Validatable• Recoverable • Lockable• Registerable • Encryptalbe

EXTENSION MODULES• ORM• Encryption• Authentication• UI enhancement• https://github.com/plataformatec/devise/wiki/Extensions

FILTERS & HELPERS• authenticate_user!• user_signed_in?• current_user• user_session• user_root_path

DEMOSHOW, DON’T TELL

GIT LOGS ARE FRIENDS

NEW RAILS APP• rails new devise_tutorial -JTd mysql• cd devise_tutorial• vim Gemﬁle• bundle install• rails generate scaffold page title:string content:text• rake db:create• rake db:migrate• rails server bundle exec unicorn -p 3000• tail -f log/development.log

GIT CHECKOUT HEROKU

DEPLOY TO HEROKU• git checkout heroku• heroku keys:add• heroku create• git push heroku master• heroku rake db:setup• heroku open

GIT CHECKOUT USER

DEVISE CUSTOMIZATION• config - set configurations for devise• migrations - set database fields• models - select modules, set attributes• routes - set uri mapping• controllers - set filters and redirects• views - set html and css

rake middlewareuse ActionDispatch::Staticuse Rack::Lockuse ActiveSupport::Cache::Strategy::LocalCacheuse Rack::Runtimeuse Rails::Rack::Loggeruse ActionDispatch::ShowExceptionsuse ActionDispatch::RemoteIpuse Rack::Sendﬁleuse ActionDispatch::Callbacksuse ActiveRecord::ConnectionAdapters::ConnectionManagementuse ActiveRecord::QueryCacheuse ActionDispatch::Cookiesuse ActionDispatch::Session::CookieStoreuse ActionDispatch::Flashuse ActionDispatch::ParamsParseruse Rack::MethodOverrideuse ActionDispatch::Headuse ActionDispatch::BestStandardsSupportuse Warden::Managerrun DeviseTutorial::Application.routes

GIT CHECKOUT MANAGER

rake routes manager_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"management", :action=>"show"} new_manager_session GET /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} manager_session POST /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_manager_session DELETE /managers/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} manager_password POST /managers/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_manager_password GET /managers/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_manager_password GET /managers/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /managers/password(.:format) {:controller=>"devise/passwords", :action=>"update"}cancel_manager_registration GET /managers/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} manager_registration POST /managers(.:format) {:controller=>"devise/registrations", :action=>"create"} new_manager_registration GET /managers/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_manager_registration GET /managers/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /managers(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /managers(.:format) {:controller=>"devise/registrations", :action=>"destroy"} user_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"dashboard", :action=>"show"} new_user_session GET /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} user_session POST /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_user_session DELETE /users/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} user_password POST /users/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_user_password GET /users/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_user_password GET /users/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /users/password(.:format) {:controller=>"devise/passwords", :action=>"update"} cancel_user_registration GET /users/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} user_registration POST /users(.:format) {:controller=>"devise/registrations", :action=>"create"} new_user_registration GET /users/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_user_registration GET /users/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /users(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /users(.:format) {:controller=>"devise/registrations", :action=>"destroy"} root /(.:format) {:controller=>"pages", :action=>"show"}

GIT CHECKOUT PROVIDER

users Model: User has_many :authentications, :as => :resource authentications has_one :proﬁle, :as => :resource Model: Authentication id integer belongs_to :resource, :polymorphic => true email string encrypted_password string id integer reset_password_token string resource_id integer reset_password_sent_at datetime resource_type string remember_created_at datetime provider string sign_in_count integer uid string current_sign_in_at datetime uname string last_sign_in_at datetime umail string current_sign_in_ip string created_at datetime last_sign_in_ip string updated_at datetime created_at datetime updated_at datetimePROVIDER - USER DB SCHEMA

GIT CHECKOUT OA-OAUTH

OMNIAUTH MIDDLEWARESrake middlewareuse ActionDispatch::Static......use ActionDispatch::BestStandardsSupportuse Warden::Manageruse OmniAuth::Strategies::Facebookuse OmniAuth::Strategies::Twitteruse OmniAuth::Strategies::GitHubuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::GoogleAppsuse OmniAuth::Strategies::GoogleAppsrun DeviseTutorial::Application.routes

DEVISE OMNIAUTH ROUTES• /users/auth/:provider(.:format) { :controller => "users/omniauth_callbacks", :action => "passthru" }• user_omniauth_callback /users/auth/:action/callback(.:format) { :controller => "users/omniauth_callbacks", :action => /facebook|twitter|github/ }

NEEDS OF OAUTH• create new app record for each client site• app id and app secret are required• callback url must match• access token / error message will append to callback url• speciﬁc yaml pattern for user auth data

---provider: facebookuid: "1290347368"credentials: token: 49923..........6RqGcuser_info: nickname: tsechingho email: tsechingho@gmail.com ﬁrst_name: Tse-Ching last_name: Ho name: Tse-Ching Ho image: http://graph.facebook.com/1290347368/picture?type=square urls: Facebook: http://www.facebook.com/tsechingho Website:extra: user_hash: id: "1290347368" name: Tse-Ching Ho ﬁrst_name: Tse-Ching last_name: Ho link: http://www.facebook.com/tsechingho username: tsechingho hometown: id: "110922325599480" name: Taichung, Taiwan

FACEBOOK

developers.facebook.comNEW FACEBOOK APP https://developers.facebook.com/apps

developers.facebook.comCORRECT APP SETTINGSapp id, app secret, site url, site domain are required.

facebook.com FACEBOOK USER PANEL http://www.facebook.com/settings?tab=applicationshttps://developers.facebook.com/docs/reference/api/permissions/

FACEBOOK OAUTH WORK FLOW facebook.com• ca_ﬁle / ca_path• /users/auth/facebook• users/omniauth_callbacks#passthru• https://www.facebook.com/connect/uiserver.php• /users/auth/facebook/callback?code=xxxxxx

TWITTER

dev.twitter.comNEW TWITTER APP https://dev.twitter.com/apps/new use http://127.0.0.1 for localhost

dev.twitter.com CORRECT APP SETTINGSconsumer key, consumer secret, callback url are required.

twitter.comTWITTER USER PANEL you can stop it, not remove it.

TWITTER OAUTH WORK FLOW api.twitter.com• /users/auth/twitter• users/omniauth_callbacks#passthru• https://api.twitter.com/oauth/authenticate• /users/auth/twitter/callback?code=xxxxxx• twitter auth data is too big for cookies session store• no email in user auth data

GITHUB

github.com NEW GITHUB APPhttps://github.com/account/applications/new

github.comCORRECT APP SETTINGS client id, client secret, callback url are required.

github.comGITHUB APP/USER PANEL ? Don’t delete oauth application, otherwise you have to create new one.

GITHUB OAUTH WORK FLOW github.com• /users/auth/github• users/omniauth_callbacks#passthru• https://github.com/login/oauth/authorize• /users/auth/github/callback?code=xxxxxx

GIT CHECKOUT OA-OPENID

GOOGLE

SIGN IN GOOGLE ACCOUNT

GOOGLE OPENID WORK FLOW• ca_ﬁle / open_id_store• /users/auth/google• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/google/callback

SIGN IN YAHOO ACCOUNT

YAHOO OPENID WORK FLOW• ca_ﬁle / open_id_store• /users/auth/yahoo• users/omniauth_callbacks#passthru• https://open.login.yahooapis.com/openid/op/auth• https://login.yahoo.com/conﬁg/login• https://me.yahoo.com/a/xxxxxx• /users/auth/yahoo/callback

GOOGLE APPS

SIGN IN GOOGLE ACCOUNT http://www.google.com/enterprise/marketplace/http://developer.googleapps.com/marketplace/getting-started

GOOGLE APPS OPENID WORK FLOW• ca_ﬁle / open_id_store• /users/auth/gmail• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud?source=gmail.com• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/gmail/callback

ISSUES

FINDING USER ?

USERNAME VSUNCHANGEABLE EMAIL

ONE EMAIL - ONE USER VSONE USER - MULTI EMAILS

IF EMAIL OF PROVIDER USER CHANGED, THEN >.<

PUBLIC EMAIL ADDRESS VS PROVIDER - UID PAIR

WHO AM I ?

ONE PROVIDER - ONE USER VSONE USER - MULTI PROVIDERS

OWN LOCAL USER FIRST OROWN PROVIDER USER FIRST

ONE USER MULTI MAILSMULTI PROVIDERS

RESOURCES

TUTORIALS• http://www.communityguides.eu/articles/11• http://www.communityguides.eu/articles/16• http://railscasts.com/episodes/235-omniauth-part-1• http://railscasts.com/episodes/236-omniauth-part-2• https://github.com/plataformatec/devise/wiki/Example- Applications

DOCUMENTS• https://github.com/plataformatec/devise/wiki• https://github.com/intridea/omniauth/wiki• https://github.com/intridea/authbuttons

devise tutorial - 2011 rubyconf taiwan

by Tse-Ching Ho

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 1

Statistics

devise tutorial - 2011 rubyconf taiwan Presentation Transcript