devise tutorial - 2011 rubyconf taiwan

  • 2,369 views
Uploaded on

[Tutorial] Build your authentication system with Devise

[Tutorial] Build your authentication system with Devise

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,369
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
92
Comments
0
Likes
10

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. BUILD YOURAUTHENTICATION SYSTEM WITH DEVISE Tse-Ching Ho (何澤清) 2011-08-26
  • 2. HTTPS://GITHUB.COM/TSECHINGHO/DEVISE_TUTORIAL git clone git://github.com/tsechingho/devise_tutorial.git
  • 3. AGENDA• OminiAuth Client Application providers: Facebook, Twitter, Github• OpenID Client Application providers: Google, Yahoo, Google Apps• LDAP Client Application providers: Localhost OpenLDAP• CAS Client Application providers: Localhost CAS
  • 4. WHAT IS AUTHENTICATION ?
  • 5. ABOUT AUTHENTICATION• authenticationand authorization are two things• authentication is just an identity token / ticket• canuse multi authentication providers on one site• oneuser can have many authentications
  • 6. Oauth customer devise providers OpenID providers LDAP omniauth providers 3rd party providers CAS username server /passwordDEVISE - OMNIAUTH WAY
  • 7. WHAT DO WE NEED ?
  • 8. USER STORY PLEASE
  • 9. users managers Model: User Model: Manager has_many :authentications, :as => :resource has_many :authentications, :as => :resource has_one :profile, :as => :resource has_one :profile, :as => :resource id integer id integer email string email string encrypted_password string encrypted_password string reset_password_token string reset_password_token string reset_password_sent_at datetime reset_password_sent_at datetime remember_created_at datetime remember_created_at datetime sign_in_count integer sign_in_count integer current_sign_in_at datetime current_sign_in_at datetime last_sign_in_at datetime last_sign_in_at datetime current_sign_in_ip string current_sign_in_ip string last_sign_in_ip string last_sign_in_ip string created_at datetime created_at datetime updated_at datetime updated_at datetime authentications profiles Model: Authentication Model: Profile belongs_to :resource, :polymorphic => true belongs_to :resource, :polymorphic => true id integer id integer resource_id integer resource_id integer resource_type string resource_type string provider string first_name string uid string last_name string uname string fullname string umail string nickname string created_at datetime created_at datetime updated_at datetime updated_at datetimePOSSIBLE DB SCHEMA
  • 10. WHY DEVISE ?
  • 11. FEATURES OF DEVISE• rack - simple and fast• strategies - logical and flexible• modularity - maintainable rails engine• multi-models - signed in at the same time• extensions - diversity• authentication scheme with general user’s needs
  • 12. BUILDED IN MODULES• Database authenticatable • Rememberable• Token authenticatable • Trackable• Omniauthable • Timeoutable• Confirmable • Validatable• Recoverable • Lockable• Registerable • Encryptalbe
  • 13. EXTENSION MODULES• ORM• Encryption• Authentication• UI enhancement• https://github.com/plataformatec/devise/wiki/Extensions
  • 14. FILTERS & HELPERS• authenticate_user!• user_signed_in?• current_user• user_session• user_root_path
  • 15. DEMOSHOW, DON’T TELL
  • 16. GIT LOGS ARE FRIENDS
  • 17. NEW RAILS APP• rails new devise_tutorial -JTd mysql• cd devise_tutorial• vim Gemfile• bundle install• rails generate scaffold page title:string content:text• rake db:create• rake db:migrate• rails server bundle exec unicorn -p 3000• tail -f log/development.log
  • 18. GIT CHECKOUT HEROKU
  • 19. DEPLOY TO HEROKU• git checkout heroku• heroku keys:add• heroku create• git push heroku master• heroku rake db:setup• heroku open
  • 20. GIT CHECKOUT USER
  • 21. DEVISE CUSTOMIZATION• config - set configurations for devise• migrations - set database fields• models - select modules, set attributes• routes - set uri mapping• controllers - set filters and redirects• views - set html and css
  • 22. rake middlewareuse ActionDispatch::Staticuse Rack::Lockuse ActiveSupport::Cache::Strategy::LocalCacheuse Rack::Runtimeuse Rails::Rack::Loggeruse ActionDispatch::ShowExceptionsuse ActionDispatch::RemoteIpuse Rack::Sendfileuse ActionDispatch::Callbacksuse ActiveRecord::ConnectionAdapters::ConnectionManagementuse ActiveRecord::QueryCacheuse ActionDispatch::Cookiesuse ActionDispatch::Session::CookieStoreuse ActionDispatch::Flashuse ActionDispatch::ParamsParseruse Rack::MethodOverrideuse ActionDispatch::Headuse ActionDispatch::BestStandardsSupportuse Warden::Managerrun DeviseTutorial::Application.routes
  • 23. GIT CHECKOUT MANAGER
  • 24. rake routes manager_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"management", :action=>"show"} new_manager_session GET /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} manager_session POST /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_manager_session DELETE /managers/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} manager_password POST /managers/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_manager_password GET /managers/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_manager_password GET /managers/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /managers/password(.:format) {:controller=>"devise/passwords", :action=>"update"}cancel_manager_registration GET /managers/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} manager_registration POST /managers(.:format) {:controller=>"devise/registrations", :action=>"create"} new_manager_registration GET /managers/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_manager_registration GET /managers/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /managers(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /managers(.:format) {:controller=>"devise/registrations", :action=>"destroy"} user_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"dashboard", :action=>"show"} new_user_session GET /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} user_session POST /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_user_session DELETE /users/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} user_password POST /users/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_user_password GET /users/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_user_password GET /users/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /users/password(.:format) {:controller=>"devise/passwords", :action=>"update"} cancel_user_registration GET /users/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} user_registration POST /users(.:format) {:controller=>"devise/registrations", :action=>"create"} new_user_registration GET /users/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_user_registration GET /users/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /users(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /users(.:format) {:controller=>"devise/registrations", :action=>"destroy"} root /(.:format) {:controller=>"pages", :action=>"show"}
  • 25. GIT CHECKOUT PROVIDER
  • 26. users Model: User has_many :authentications, :as => :resource authentications has_one :profile, :as => :resource Model: Authentication id integer belongs_to :resource, :polymorphic => true email string encrypted_password string id integer reset_password_token string resource_id integer reset_password_sent_at datetime resource_type string remember_created_at datetime provider string sign_in_count integer uid string current_sign_in_at datetime uname string last_sign_in_at datetime umail string current_sign_in_ip string created_at datetime last_sign_in_ip string updated_at datetime created_at datetime updated_at datetimePROVIDER - USER DB SCHEMA
  • 27. GIT CHECKOUT OA-OAUTH
  • 28. OMNIAUTH MIDDLEWARESrake middlewareuse ActionDispatch::Static......use ActionDispatch::BestStandardsSupportuse Warden::Manageruse OmniAuth::Strategies::Facebookuse OmniAuth::Strategies::Twitteruse OmniAuth::Strategies::GitHubuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::GoogleAppsuse OmniAuth::Strategies::GoogleAppsrun DeviseTutorial::Application.routes
  • 29. DEVISE OMNIAUTH ROUTES• /users/auth/:provider(.:format) { :controller => "users/omniauth_callbacks", :action => "passthru" }• user_omniauth_callback /users/auth/:action/callback(.:format) { :controller => "users/omniauth_callbacks", :action => /facebook|twitter|github/ }
  • 30. NEEDS OF OAUTH• create new app record for each client site• app id and app secret are required• callback url must match• access token / error message will append to callback url• specific yaml pattern for user auth data
  • 31. ---provider: facebookuid: "1290347368"credentials: token: 49923..........6RqGcuser_info: nickname: tsechingho email: tsechingho@gmail.com first_name: Tse-Ching last_name: Ho name: Tse-Ching Ho image: http://graph.facebook.com/1290347368/picture?type=square urls: Facebook: http://www.facebook.com/tsechingho Website:extra: user_hash: id: "1290347368" name: Tse-Ching Ho first_name: Tse-Ching last_name: Ho link: http://www.facebook.com/tsechingho username: tsechingho hometown: id: "110922325599480" name: Taichung, Taiwan
  • 32. FACEBOOK
  • 33. developers.facebook.comNEW FACEBOOK APP https://developers.facebook.com/apps
  • 34. developers.facebook.comCORRECT APP SETTINGSapp id, app secret, site url, site domain are required.
  • 35. facebook.com FACEBOOK USER PANEL http://www.facebook.com/settings?tab=applicationshttps://developers.facebook.com/docs/reference/api/permissions/
  • 36. FACEBOOK OAUTH WORK FLOW facebook.com• ca_file / ca_path• /users/auth/facebook• users/omniauth_callbacks#passthru• https://www.facebook.com/connect/uiserver.php• /users/auth/facebook/callback?code=xxxxxx
  • 37. TWITTER
  • 38. dev.twitter.comNEW TWITTER APP https://dev.twitter.com/apps/new use http://127.0.0.1 for localhost
  • 39. dev.twitter.com CORRECT APP SETTINGSconsumer key, consumer secret, callback url are required.
  • 40. twitter.comTWITTER USER PANEL you can stop it, not remove it.
  • 41. TWITTER OAUTH WORK FLOW api.twitter.com• /users/auth/twitter• users/omniauth_callbacks#passthru• https://api.twitter.com/oauth/authenticate• /users/auth/twitter/callback?code=xxxxxx• twitter auth data is too big for cookies session store• no email in user auth data
  • 42. GITHUB
  • 43. github.com NEW GITHUB APPhttps://github.com/account/applications/new
  • 44. github.comCORRECT APP SETTINGS client id, client secret, callback url are required.
  • 45. github.comGITHUB APP/USER PANEL ? Don’t delete oauth application, otherwise you have to create new one.
  • 46. GITHUB OAUTH WORK FLOW github.com• /users/auth/github• users/omniauth_callbacks#passthru• https://github.com/login/oauth/authorize• /users/auth/github/callback?code=xxxxxx
  • 47. GIT CHECKOUT OA-OPENID
  • 48. GOOGLE
  • 49. SIGN IN GOOGLE ACCOUNT
  • 50. GOOGLE OPENID WORK FLOW• ca_file / open_id_store• /users/auth/google• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/google/callback
  • 51. YAHOO
  • 52. SIGN IN YAHOO ACCOUNT
  • 53. YAHOO OPENID WORK FLOW• ca_file / open_id_store• /users/auth/yahoo• users/omniauth_callbacks#passthru• https://open.login.yahooapis.com/openid/op/auth• https://login.yahoo.com/config/login• https://me.yahoo.com/a/xxxxxx• /users/auth/yahoo/callback
  • 54. GOOGLE APPS
  • 55. SIGN IN GOOGLE ACCOUNT http://www.google.com/enterprise/marketplace/http://developer.googleapps.com/marketplace/getting-started
  • 56. GOOGLE APPS OPENID WORK FLOW• ca_file / open_id_store• /users/auth/gmail• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud?source=gmail.com• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/gmail/callback
  • 57. ISSUES
  • 58. FINDING USER ?
  • 59. USERNAME VSUNCHANGEABLE EMAIL
  • 60. ONE EMAIL - ONE USER VSONE USER - MULTI EMAILS
  • 61. IF EMAIL OF PROVIDER USER CHANGED, THEN >.<
  • 62. PUBLIC EMAIL ADDRESS VS PROVIDER - UID PAIR
  • 63. WHO AM I ?
  • 64. ONE PROVIDER - ONE USER VSONE USER - MULTI PROVIDERS
  • 65. OWN LOCAL USER FIRST OROWN PROVIDER USER FIRST
  • 66. ONE USER MULTI MAILSMULTI PROVIDERS
  • 67. RESOURCES
  • 68. TUTORIALS• http://www.communityguides.eu/articles/11• http://www.communityguides.eu/articles/16• http://railscasts.com/episodes/235-omniauth-part-1• http://railscasts.com/episodes/236-omniauth-part-2• https://github.com/plataformatec/devise/wiki/Example- Applications
  • 69. DOCUMENTS• https://github.com/plataformatec/devise/wiki• https://github.com/intridea/omniauth/wiki• https://github.com/intridea/authbuttons
  • 70. Q&A