• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
devise tutorial - 2011 rubyconf taiwan
 

devise tutorial - 2011 rubyconf taiwan

on

  • 2,455 views

[Tutorial] Build your authentication system with Devise

[Tutorial] Build your authentication system with Devise

Statistics

Views

Total Views
2,455
Views on SlideShare
2,454
Embed Views
1

Actions

Likes
10
Downloads
91
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    devise tutorial - 2011 rubyconf taiwan devise tutorial - 2011 rubyconf taiwan Presentation Transcript

    • BUILD YOURAUTHENTICATION SYSTEM WITH DEVISE Tse-Ching Ho (何澤清) 2011-08-26
    • HTTPS://GITHUB.COM/TSECHINGHO/DEVISE_TUTORIAL git clone git://github.com/tsechingho/devise_tutorial.git
    • AGENDA• OminiAuth Client Application providers: Facebook, Twitter, Github• OpenID Client Application providers: Google, Yahoo, Google Apps• LDAP Client Application providers: Localhost OpenLDAP• CAS Client Application providers: Localhost CAS
    • WHAT IS AUTHENTICATION ?
    • ABOUT AUTHENTICATION• authenticationand authorization are two things• authentication is just an identity token / ticket• canuse multi authentication providers on one site• oneuser can have many authentications
    • Oauth customer devise providers OpenID providers LDAP omniauth providers 3rd party providers CAS username server /passwordDEVISE - OMNIAUTH WAY
    • WHAT DO WE NEED ?
    • USER STORY PLEASE
    • users managers Model: User Model: Manager has_many :authentications, :as => :resource has_many :authentications, :as => :resource has_one :profile, :as => :resource has_one :profile, :as => :resource id integer id integer email string email string encrypted_password string encrypted_password string reset_password_token string reset_password_token string reset_password_sent_at datetime reset_password_sent_at datetime remember_created_at datetime remember_created_at datetime sign_in_count integer sign_in_count integer current_sign_in_at datetime current_sign_in_at datetime last_sign_in_at datetime last_sign_in_at datetime current_sign_in_ip string current_sign_in_ip string last_sign_in_ip string last_sign_in_ip string created_at datetime created_at datetime updated_at datetime updated_at datetime authentications profiles Model: Authentication Model: Profile belongs_to :resource, :polymorphic => true belongs_to :resource, :polymorphic => true id integer id integer resource_id integer resource_id integer resource_type string resource_type string provider string first_name string uid string last_name string uname string fullname string umail string nickname string created_at datetime created_at datetime updated_at datetime updated_at datetimePOSSIBLE DB SCHEMA
    • WHY DEVISE ?
    • FEATURES OF DEVISE• rack - simple and fast• strategies - logical and flexible• modularity - maintainable rails engine• multi-models - signed in at the same time• extensions - diversity• authentication scheme with general user’s needs
    • BUILDED IN MODULES• Database authenticatable • Rememberable• Token authenticatable • Trackable• Omniauthable • Timeoutable• Confirmable • Validatable• Recoverable • Lockable• Registerable • Encryptalbe
    • EXTENSION MODULES• ORM• Encryption• Authentication• UI enhancement• https://github.com/plataformatec/devise/wiki/Extensions
    • FILTERS & HELPERS• authenticate_user!• user_signed_in?• current_user• user_session• user_root_path
    • DEMOSHOW, DON’T TELL
    • GIT LOGS ARE FRIENDS
    • NEW RAILS APP• rails new devise_tutorial -JTd mysql• cd devise_tutorial• vim Gemfile• bundle install• rails generate scaffold page title:string content:text• rake db:create• rake db:migrate• rails server bundle exec unicorn -p 3000• tail -f log/development.log
    • GIT CHECKOUT HEROKU
    • DEPLOY TO HEROKU• git checkout heroku• heroku keys:add• heroku create• git push heroku master• heroku rake db:setup• heroku open
    • GIT CHECKOUT USER
    • DEVISE CUSTOMIZATION• config - set configurations for devise• migrations - set database fields• models - select modules, set attributes• routes - set uri mapping• controllers - set filters and redirects• views - set html and css
    • rake middlewareuse ActionDispatch::Staticuse Rack::Lockuse ActiveSupport::Cache::Strategy::LocalCacheuse Rack::Runtimeuse Rails::Rack::Loggeruse ActionDispatch::ShowExceptionsuse ActionDispatch::RemoteIpuse Rack::Sendfileuse ActionDispatch::Callbacksuse ActiveRecord::ConnectionAdapters::ConnectionManagementuse ActiveRecord::QueryCacheuse ActionDispatch::Cookiesuse ActionDispatch::Session::CookieStoreuse ActionDispatch::Flashuse ActionDispatch::ParamsParseruse Rack::MethodOverrideuse ActionDispatch::Headuse ActionDispatch::BestStandardsSupportuse Warden::Managerrun DeviseTutorial::Application.routes
    • GIT CHECKOUT MANAGER
    • rake routes manager_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"management", :action=>"show"} new_manager_session GET /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} manager_session POST /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_manager_session DELETE /managers/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} manager_password POST /managers/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_manager_password GET /managers/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_manager_password GET /managers/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /managers/password(.:format) {:controller=>"devise/passwords", :action=>"update"}cancel_manager_registration GET /managers/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} manager_registration POST /managers(.:format) {:controller=>"devise/registrations", :action=>"create"} new_manager_registration GET /managers/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_manager_registration GET /managers/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /managers(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /managers(.:format) {:controller=>"devise/registrations", :action=>"destroy"} user_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"dashboard", :action=>"show"} new_user_session GET /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} user_session POST /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_user_session DELETE /users/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} user_password POST /users/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_user_password GET /users/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} edit_user_password GET /users/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} PUT /users/password(.:format) {:controller=>"devise/passwords", :action=>"update"} cancel_user_registration GET /users/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} user_registration POST /users(.:format) {:controller=>"devise/registrations", :action=>"create"} new_user_registration GET /users/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_user_registration GET /users/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"} PUT /users(.:format) {:controller=>"devise/registrations", :action=>"update"} DELETE /users(.:format) {:controller=>"devise/registrations", :action=>"destroy"} root /(.:format) {:controller=>"pages", :action=>"show"}
    • GIT CHECKOUT PROVIDER
    • users Model: User has_many :authentications, :as => :resource authentications has_one :profile, :as => :resource Model: Authentication id integer belongs_to :resource, :polymorphic => true email string encrypted_password string id integer reset_password_token string resource_id integer reset_password_sent_at datetime resource_type string remember_created_at datetime provider string sign_in_count integer uid string current_sign_in_at datetime uname string last_sign_in_at datetime umail string current_sign_in_ip string created_at datetime last_sign_in_ip string updated_at datetime created_at datetime updated_at datetimePROVIDER - USER DB SCHEMA
    • GIT CHECKOUT OA-OAUTH
    • OMNIAUTH MIDDLEWARESrake middlewareuse ActionDispatch::Static......use ActionDispatch::BestStandardsSupportuse Warden::Manageruse OmniAuth::Strategies::Facebookuse OmniAuth::Strategies::Twitteruse OmniAuth::Strategies::GitHubuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::GoogleAppsuse OmniAuth::Strategies::GoogleAppsrun DeviseTutorial::Application.routes
    • DEVISE OMNIAUTH ROUTES• /users/auth/:provider(.:format) { :controller => "users/omniauth_callbacks", :action => "passthru" }• user_omniauth_callback /users/auth/:action/callback(.:format) { :controller => "users/omniauth_callbacks", :action => /facebook|twitter|github/ }
    • NEEDS OF OAUTH• create new app record for each client site• app id and app secret are required• callback url must match• access token / error message will append to callback url• specific yaml pattern for user auth data
    • ---provider: facebookuid: "1290347368"credentials: token: 49923..........6RqGcuser_info: nickname: tsechingho email: tsechingho@gmail.com first_name: Tse-Ching last_name: Ho name: Tse-Ching Ho image: http://graph.facebook.com/1290347368/picture?type=square urls: Facebook: http://www.facebook.com/tsechingho Website:extra: user_hash: id: "1290347368" name: Tse-Ching Ho first_name: Tse-Ching last_name: Ho link: http://www.facebook.com/tsechingho username: tsechingho hometown: id: "110922325599480" name: Taichung, Taiwan
    • FACEBOOK
    • developers.facebook.comNEW FACEBOOK APP https://developers.facebook.com/apps
    • developers.facebook.comCORRECT APP SETTINGSapp id, app secret, site url, site domain are required.
    • facebook.com FACEBOOK USER PANEL http://www.facebook.com/settings?tab=applicationshttps://developers.facebook.com/docs/reference/api/permissions/
    • FACEBOOK OAUTH WORK FLOW facebook.com• ca_file / ca_path• /users/auth/facebook• users/omniauth_callbacks#passthru• https://www.facebook.com/connect/uiserver.php• /users/auth/facebook/callback?code=xxxxxx
    • TWITTER
    • dev.twitter.comNEW TWITTER APP https://dev.twitter.com/apps/new use http://127.0.0.1 for localhost
    • dev.twitter.com CORRECT APP SETTINGSconsumer key, consumer secret, callback url are required.
    • twitter.comTWITTER USER PANEL you can stop it, not remove it.
    • TWITTER OAUTH WORK FLOW api.twitter.com• /users/auth/twitter• users/omniauth_callbacks#passthru• https://api.twitter.com/oauth/authenticate• /users/auth/twitter/callback?code=xxxxxx• twitter auth data is too big for cookies session store• no email in user auth data
    • GITHUB
    • github.com NEW GITHUB APPhttps://github.com/account/applications/new
    • github.comCORRECT APP SETTINGS client id, client secret, callback url are required.
    • github.comGITHUB APP/USER PANEL ? Don’t delete oauth application, otherwise you have to create new one.
    • GITHUB OAUTH WORK FLOW github.com• /users/auth/github• users/omniauth_callbacks#passthru• https://github.com/login/oauth/authorize• /users/auth/github/callback?code=xxxxxx
    • GIT CHECKOUT OA-OPENID
    • GOOGLE
    • SIGN IN GOOGLE ACCOUNT
    • GOOGLE OPENID WORK FLOW• ca_file / open_id_store• /users/auth/google• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/google/callback
    • YAHOO
    • SIGN IN YAHOO ACCOUNT
    • YAHOO OPENID WORK FLOW• ca_file / open_id_store• /users/auth/yahoo• users/omniauth_callbacks#passthru• https://open.login.yahooapis.com/openid/op/auth• https://login.yahoo.com/config/login• https://me.yahoo.com/a/xxxxxx• /users/auth/yahoo/callback
    • GOOGLE APPS
    • SIGN IN GOOGLE ACCOUNT http://www.google.com/enterprise/marketplace/http://developer.googleapps.com/marketplace/getting-started
    • GOOGLE APPS OPENID WORK FLOW• ca_file / open_id_store• /users/auth/gmail• users/omniauth_callbacks#passthru• https://www.google.com/accounts/o8/ud?source=gmail.com• https://accounts.google.com/o/openid2/auth• https://www.google.com/accounts/o8/id?id=xxxxxx• /users/auth/gmail/callback
    • ISSUES
    • FINDING USER ?
    • USERNAME VSUNCHANGEABLE EMAIL
    • ONE EMAIL - ONE USER VSONE USER - MULTI EMAILS
    • IF EMAIL OF PROVIDER USER CHANGED, THEN >.<
    • PUBLIC EMAIL ADDRESS VS PROVIDER - UID PAIR
    • WHO AM I ?
    • ONE PROVIDER - ONE USER VSONE USER - MULTI PROVIDERS
    • OWN LOCAL USER FIRST OROWN PROVIDER USER FIRST
    • ONE USER MULTI MAILSMULTI PROVIDERS
    • RESOURCES
    • TUTORIALS• http://www.communityguides.eu/articles/11• http://www.communityguides.eu/articles/16• http://railscasts.com/episodes/235-omniauth-part-1• http://railscasts.com/episodes/236-omniauth-part-2• https://github.com/plataformatec/devise/wiki/Example- Applications
    • DOCUMENTS• https://github.com/plataformatec/devise/wiki• https://github.com/intridea/omniauth/wiki• https://github.com/intridea/authbuttons
    • Q&A