devise tutorial - 2011 rubyconf taiwan

3,163 views
3,074 views

Published on

[Tutorial] Build your authentication system with Devise

Published in: Technology
0 Comments
11 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,163
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
101
Comments
0
Likes
11
Embeds 0
No embeds

No notes for slide

devise tutorial - 2011 rubyconf taiwan

  1. 1. BUILD YOURAUTHENTICATION SYSTEM WITH DEVISE Tse-Ching Ho (何澤清) 2011-08-26
  2. 2. HTTPS://GITHUB.COM/TSECHINGHO/DEVISE_TUTORIAL git clone git://github.com/tsechingho/devise_tutorial.git
  3. 3. AGENDA• OminiAuth Client Application providers: Facebook, Twitter, Github• OpenID Client Application providers: Google, Yahoo, Google Apps• LDAP Client Application providers: Localhost OpenLDAP• CAS Client Application providers: Localhost CAS
  4. 4. WHAT IS AUTHENTICATION ?
  5. 5. ABOUT AUTHENTICATION• authenticationand authorization are two things• authentication is just an identity token / ticket• canuse multi authentication providers on one site• oneuser can have many authentications
  6. 6. Oauth customer devise providers OpenID providers LDAP omniauth providers 3rd party providers CAS username server /passwordDEVISE - OMNIAUTH WAY
  7. 7. WHAT DO WE NEED ?
  8. 8. USER STORY PLEASE
  9. 9. users managers Model: User Model: Manager has_many :authentications, :as => :resource has_many :authentications, :as => :resource has_one :profile, :as => :resource has_one :profile, :as => :resource id integer id integer email string email string encrypted_password string encrypted_password string reset_password_token string reset_password_token string reset_password_sent_at datetime reset_password_sent_at datetime remember_created_at datetime remember_created_at datetime sign_in_count integer sign_in_count integer current_sign_in_at datetime current_sign_in_at datetime last_sign_in_at datetime last_sign_in_at datetime current_sign_in_ip string current_sign_in_ip string last_sign_in_ip string last_sign_in_ip string created_at datetime created_at datetime updated_at datetime updated_at datetime authentications profiles Model: Authentication Model: Profile belongs_to :resource, :polymorphic => true belongs_to :resource, :polymorphic => true id integer id integer resource_id integer resource_id integer resource_type string resource_type string provider string first_name string uid string last_name string uname string fullname string umail string nickname string created_at datetime created_at datetime updated_at datetime updated_at datetimePOSSIBLE DB SCHEMA
  10. 10. WHY DEVISE ?
  11. 11. FEATURES OF DEVISE• rack - simple and fast• strategies - logical and flexible• modularity - maintainable rails engine• multi-models - signed in at the same time• extensions - diversity• authentication scheme with general user’s needs
  12. 12. BUILDED IN MODULES• Database authenticatable • Rememberable• Token authenticatable • Trackable• Omniauthable • Timeoutable• Confirmable • Validatable• Recoverable • Lockable• Registerable • Encryptalbe
  13. 13. EXTENSION MODULES• ORM• Encryption• Authentication• UI enhancement• https://github.com/plataformatec/devise/wiki/Extensions
  14. 14. FILTERS & HELPERS• authenticate_user!• user_signed_in?• current_user• user_session• user_root_path
  15. 15. DEMOSHOW, DON’T TELL
  16. 16. GIT LOGS ARE FRIENDS
  17. 17. NEW RAILS APP• rails new devise_tutorial -JTd mysql• cd devise_tutorial• vim Gemfile• bundle install• rails generate scaffold page title:string content:text• rake db:create• rake db:migrate• rails server bundle exec unicorn -p 3000• tail -f log/development.log
  18. 18. GIT CHECKOUT HEROKU
  19. 19. DEPLOY TO HEROKU• git checkout heroku• heroku keys:add• heroku create• git push heroku master• heroku rake db:setup• heroku open
  20. 20. GIT CHECKOUT USER
  21. 21. DEVISE CUSTOMIZATION• config - set configurations for devise• migrations - set database fields• models - select modules, set attributes• routes - set uri mapping• controllers - set filters and redirects• views - set html and css
  22. 22. rake middlewareuse ActionDispatch::Staticuse Rack::Lockuse ActiveSupport::Cache::Strategy::LocalCacheuse Rack::Runtimeuse Rails::Rack::Loggeruse ActionDispatch::ShowExceptionsuse ActionDispatch::RemoteIpuse Rack::Sendfileuse ActionDispatch::Callbacksuse ActiveRecord::ConnectionAdapters::ConnectionManagementuse ActiveRecord::QueryCacheuse ActionDispatch::Cookiesuse ActionDispatch::Session::CookieStoreuse ActionDispatch::Flashuse ActionDispatch::ParamsParseruse Rack::MethodOverrideuse ActionDispatch::Headuse ActionDispatch::BestStandardsSupportuse Warden::Managerrun DeviseTutorial::Application.routes
  23. 23. GIT CHECKOUT MANAGER
  24. 24. rake routes manager_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"management", :action=>"show"} new_manager_session GET /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} manager_session POST /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_manager_session DELETE /managers/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} manager_password POST /managers/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_manager_password GET /managers/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_manager_password GET /managers/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /managers/password(.:format) {:controller=>"devise/passwords", :action=>"update"}cancel_manager_registration GET /managers/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} manager_registration POST /managers(.:format) {:controller=>"devise/registrations", :action=>"create"} new_manager_registration GET /managers/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_manager_registration GET /managers/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /managers(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /managers(.:format) {:controller=>"devise/registrations", :action=>"destroy"} user_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"dashboard", :action=>"show"} new_user_session GET /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} user_session POST /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_user_session DELETE /users/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} user_password POST /users/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_user_password GET /users/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_user_password GET /users/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /users/password(.:format) {:controller=>"devise/passwords", :action=>"update"} cancel_user_registration GET /users/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} user_registration POST /users(.:format) {:controller=>"devise/registrations", :action=>"create"} new_user_registration GET /users/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_user_registration GET /users/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /users(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /users(.:format) {:controller=>"devise/registrations", :action=>"destroy"} root /(.:format) {:controller=>"pages", :action=>"show"}
  25. 25. GIT CHECKOUT PROVIDER
  26. 26. users Model: User has_many :authentications, :as => :resource authentications has_one :profile, :as => :resource Model: Authentication id integer belongs_to :resource, :polymorphic => true email string encrypted_password string id integer reset_password_token string resource_id integer reset_password_sent_at datetime resource_type string remember_created_at datetime provider string sign_in_count integer uid string current_sign_in_at datetime uname string last_sign_in_at datetime umail string current_sign_in_ip string created_at datetime last_sign_in_ip string updated_at datetime created_at datetime updated_at datetimePROVIDER - USER DB SCHEMA
  27. 27. GIT CHECKOUT OA-OAUTH
  28. 28. OMNIAUTH MIDDLEWARESrake middlewareuse ActionDispatch::Static......use ActionDispatch::BestStandardsSupportuse Warden::Manageruse OmniAuth::Strategies::Facebookuse OmniAuth::Strategies::Twitteruse OmniAuth::Strategies::GitHubuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::GoogleAppsuse OmniAuth::Strategies::GoogleAppsrun DeviseTutorial::Application.routes
  29. 29. DEVISE OMNIAUTH ROUTES• /users/auth/:provider(.:format) { :controller => "users/omniauth_callbacks", :action => "passthru" }• user_omniauth_callback /users/auth/:action/callback(.:format) { :controller => "users/omniauth_callbacks", :action => /facebook|twitter|github/ }
  30. 30. NEEDS OF OAUTH• create new app record for each client site• app id and app secret are required• callback url must match• access token / error message will append to callback url• specific yaml pattern for user auth data
  31. 31. ---provider: facebookuid: "1290347368"credentials: token: 49923..........6RqGcuser_info: nickname: tsechingho email: tsechingho@gmail.com first_name: Tse-Ching last_name: Ho name: Tse-Ching Ho image: http://graph.facebook.com/1290347368/picture?type=square urls: Facebook: http://www.facebook.com/tsechingho Website:extra: user_hash: id: "1290347368" name: Tse-Ching Ho first_name: Tse-Ching last_name: Ho link: http://www.facebook.com/tsechingho username: tsechingho hometown: id: "110922325599480" name: Taichung, Taiwan
  32. 32. FACEBOOK
  33. 33. developers.facebook.comNEW FACEBOOK APP https://developers.facebook.com/apps
  34. 34. developers.facebook.comCORRECT APP SETTINGSapp id, app secret, site url, site domain are required.
  35. 35. facebook.com FACEBOOK USER PANEL http://www.facebook.com/settings?tab=applicationshttps://developers.facebook.com/docs/reference/api/permissions/
  36. 36. FACEBOOK OAUTH WORK FLOW facebook.com• ca_file / ca_path• /users/auth/facebook• users/omniauth_callbacks#passthru• https://www.facebook.com/connect/uiserver.php• /users/auth/facebook/callback?code=xxxxxx
  37. 37. TWITTER
  38. 38. dev.twitter.comNEW TWITTER APP https://dev.twitter.com/apps/new use http://127.0.0.1 for localhost
  39. 39. dev.twitter.com CORRECT APP SETTINGSconsumer key, consumer secret, callback url are required.
  40. 40. twitter.comTWITTER USER PANEL you can stop it, not remove it.
  41. 41. TWITTER OAUTH WORK FLOW api.twitter.com• /users/auth/twitter• users/omniauth_callbacks#passthru• https://api.twitter.com/oauth/authenticate• /users/auth/twitter/callback?code=xxxxxx• twitter auth data is too big for cookies session store• no email in user auth data
  42. 42. GITHUB
  43. 43. github.com NEW GITHUB APPhttps://github.com/account/applications/new
  44. 44. github.comCORRECT APP SETTINGS client id, client secret, callback url are required.
  45. 45. github.comGITHUB APP/USER PANEL ? Don’t delete oauth application, otherwise you have to create new one.
  46. 46. GITHUB OAUTH WORK FLOW github.com• /users/auth/github• users/omniauth_callbacks#passthru• https://github.com/login/oauth/authorize• /users/auth/github/callback?code=xxxxxx
  47. 47. GIT CHECKOUT OA-OPENID
  48. 48. GOOGLE
  49. 49. SIGN IN GOOGLE ACCOUNT
  50. 50. GOOGLE OPENID WORK FLOW• ca_file / open_id_store• /users/auth/google• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/google/callback
  51. 51. YAHOO
  52. 52. SIGN IN YAHOO ACCOUNT
  53. 53. YAHOO OPENID WORK FLOW• ca_file / open_id_store• /users/auth/yahoo• users/omniauth_callbacks#passthru• https://open.login.yahooapis.com/openid/op/auth• https://login.yahoo.com/config/login• https://me.yahoo.com/a/xxxxxx• /users/auth/yahoo/callback
  54. 54. GOOGLE APPS
  55. 55. SIGN IN GOOGLE ACCOUNT http://www.google.com/enterprise/marketplace/http://developer.googleapps.com/marketplace/getting-started
  56. 56. GOOGLE APPS OPENID WORK FLOW• ca_file / open_id_store• /users/auth/gmail• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud?source=gmail.com• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/gmail/callback
  57. 57. ISSUES
  58. 58. FINDING USER ?
  59. 59. USERNAME VSUNCHANGEABLE EMAIL
  60. 60. ONE EMAIL - ONE USER VSONE USER - MULTI EMAILS
  61. 61. IF EMAIL OF PROVIDER USER CHANGED, THEN >.<
  62. 62. PUBLIC EMAIL ADDRESS VS PROVIDER - UID PAIR
  63. 63. WHO AM I ?
  64. 64. ONE PROVIDER - ONE USER VSONE USER - MULTI PROVIDERS
  65. 65. OWN LOCAL USER FIRST OROWN PROVIDER USER FIRST
  66. 66. ONE USER MULTI MAILSMULTI PROVIDERS
  67. 67. RESOURCES
  68. 68. TUTORIALS• http://www.communityguides.eu/articles/11• http://www.communityguides.eu/articles/16• http://railscasts.com/episodes/235-omniauth-part-1• http://railscasts.com/episodes/236-omniauth-part-2• https://github.com/plataformatec/devise/wiki/Example- Applications
  69. 69. DOCUMENTS• https://github.com/plataformatec/devise/wiki• https://github.com/intridea/omniauth/wiki• https://github.com/intridea/authbuttons
  70. 70. Q&A

×