devise tutorial - 2011 rubyconf taiwan

  • View
    2.595

  • Download
    5

Embed Size (px)

DESCRIPTION

[Tutorial] Build your authentication system with Devise

Text of devise tutorial - 2011 rubyconf taiwan

  • 1.BUILD YOURAUTHENTICATION SYSTEM WITH DEVISETse-Ching Ho () 2011-08-26

2. HTTPS://GITHUB.COM/TSECHINGHO/DEVISE_TUTORIALgit clone git://github.com/tsechingho/devise_tutorial.git 3. AGENDA OminiAuthClient Application providers: Facebook, Twitter, Github OpenIDClient Application providers: Google, Yahoo, Google Apps LDAP Client Application providers: Localhost OpenLDAP CAS Client Application providers: Localhost CAS 4. WHAT IS AUTHENTICATION ? 5. ABOUT AUTHENTICATION authenticationand authorization are two things authentication is just an identity token / ticket canuse multi authentication providers on one site oneuser can have many authentications 6. Oauthcustomerdeviseproviders OpenIDprovidersLDAP omniauthproviders3rd partyproviders CASusernameserver/passwordDEVISE - OMNIAUTH WAY 7. WHAT DO WE NEED ? 8. USER STORY PLEASE 9. users managersModel: UserModel: Managerhas_many :authentications, :as => :resourcehas_many :authentications, :as => :resourcehas_one :prole, :as => :resourcehas_one :prole, :as => :resourceidintegeridintegeremail string email stringencrypted_passwordstring encrypted_passwordstringreset_password_tokenstring reset_password_tokenstringreset_password_sent_atdatetime reset_password_sent_atdatetimeremember_created_at datetime remember_created_at datetimesign_in_count integersign_in_count integercurrent_sign_in_atdatetime current_sign_in_atdatetimelast_sign_in_at datetime last_sign_in_at datetimecurrent_sign_in_ipstring current_sign_in_ipstringlast_sign_in_ip string last_sign_in_ip stringcreated_atdatetime created_atdatetimeupdated_atdatetime updated_atdatetime authenticationsproles Model: AuthenticationModel: Prole belongs_to :resource, :polymorphic => true belongs_to :resource, :polymorphic => true id integer id integer resource_idinteger resource_idinteger resource_typestringresource_typestring provider stringrst_namestring uidstringlast_namestring unamestringfullname string umailstringnickname string created_at datetimecreated_at datetime updated_at datetimeupdated_at datetimePOSSIBLE DB SCHEMA 10. WHY DEVISE ? 11. FEATURES OF DEVISE rack - simple and fast strategies - logical and exible modularity- maintainable rails engine multi-models- signed in at the same time extensions- diversity authenticationscheme with general users needs 12. BUILDED IN MODULES Database authenticatable Rememberable Token authenticatable Trackable Omniauthable Timeoutable Conrmable Validatable Recoverable Lockable Registerable Encryptalbe 13. EXTENSION MODULES ORM Encryption Authentication UI enhancement https://github.com/plataformatec/devise/wiki/Extensions 14. FILTERS & HELPERS authenticate_user! user_signed_in? current_user user_session user_root_path 15. DEMOSHOW, DONT TELL 16. GIT LOGS ARE FRIENDS 17. NEW RAILS APP rails new devise_tutorial -JTd mysql cd devise_tutorial vim Gemle bundle install rails generate scaffold page title:string content:text rake db:create rake db:migrate rails serverbundle exec unicorn -p 3000 tail -f log/development.log 18. GIT CHECKOUT HEROKU 19. DEPLOY TO HEROKU git checkout heroku herokukeys:add herokucreate git push heroku master herokurake db:setup herokuopen 20. GIT CHECKOUT USER 21. DEVISE CUSTOMIZATION cong- set congurations for devise migrations- set database elds models- select modules, set attributes routes - set uri mapping controllers - set lters and redirects views - set html and css 22. rake middlewareuse ActionDispatch::Staticuse Rack::Lockuse ActiveSupport::Cache::Strategy::LocalCacheuse Rack::Runtimeuse Rails::Rack::Loggeruse ActionDispatch::ShowExceptionsuse ActionDispatch::RemoteIpuse Rack::Sendleuse ActionDispatch::Callbacksuse ActiveRecord::ConnectionAdapters::ConnectionManagementuse ActiveRecord::QueryCacheuse ActionDispatch::Cookiesuse ActionDispatch::Session::CookieStoreuse ActionDispatch::Flashuse ActionDispatch::ParamsParseruse Rack::MethodOverrideuse ActionDispatch::Headuse ActionDispatch::BestStandardsSupportuse Warden::Managerrun DeviseTutorial::Application.routes 23. GIT CHECKOUT MANAGER 24. rake routes manager_root GET/pages/:id(.:format) {:controller=>"pages", :id=>"management", :action=>"show"}new_manager_session GET/managers/sign_in(.:format){:controller=>"devise/sessions", :action=>"new"}manager_session POST /managers/sign_in(.:format){:controller=>"devise/sessions", :action=>"create"}destroy_manager_session DELETE /managers/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"} manager_password POST /managers/password(.:format) {:controller=>"devise/passwords", :action=>"create"} new_manager_password GET/managers/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"}edit_manager_password GET/managers/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"}PUT/managers/password(.:format) {:controller=>"devise/passwords", :action=>"update"}cancel_manager_registration GET/managers/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"} manager_registration POST /managers(.:format){:controller=>"devise/registrations", :action=>"create"} new_manager_registration GET/managers/sign_up(.:format){:controller=>"devise/registrations", :action=>"new"}edit_manager_registration GET/managers/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"}PUT/managers(.:format){:controller=>"devise/registrations", :action=>"update"}DELETE /managers(.:format){:controller=>"devise/registrations", :action=>"destroy"}user_root GET/pages/:id(.:format) {:controller=>"pages", :id=>"dashboard", :action=>"show"} new_user_session GET/users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"} user_session POST /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"} destroy_user_session DELETE /users/sign_out(.:format){:controller=>"devise/sessions", :action=>"destroy"}user_password POST /users/password(.:format){:controller=>"devise/passwords", :action=>"create"}new_user_password GET/users/password/new(.:format){:controller=>"devise/passwords", :action=>"new"} edit_user_password GET/users/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"}PUT/users/password(.:format){:controller=>"devise/passwords", :action=>"update"} cancel_user_registration GET/users/cancel(.:format){:controller=>"devise/registrations", :action=>"cancel"}user_registration POST /users(.:format) {:controller=>"devise/registrations", :action=>"create"}new_user_registration GET/users/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"} edit_user_registration GET/users/edit(.:format){:controller=>"devise/registrations", :action=>"edit"}PUT/users(.:format) {:controller=>"devise/registrations", :action=>"update"}DELETE /users(.:format) {:controller=>"devise/registrations", :action=>"destroy"} root/(.:format){:controller=>"pages", :action=>"show"} 25. GIT CHECKOUT PROVIDER 26. usersModel: Userhas_many :authentications, :as => :resource authenticationshas_one :prole, :as => :resourceModel: Authenticationid integerbelongs_to :resource, :polymorphic => trueemailstringencrypted_password string idintegerreset_password_token string resource_id integerreset_password_sent_at datetime resource_type stringremember_created_atdatetime providerstringsign_in_countintegeruid stringcurrent_sign_in_at datetime uname stringlast_sign_in_atdatetime umail stringcurrent_sign_in_ip string created_atdatetimelast_sign_in_ipstring updated_atdatetimecreated_at datetimeupdated_at datetimePROVIDER - USER DB SCHEMA 27. GIT CHECKOUT OA-OAUTH 28. OMNIAUTH MIDDLEWARESrake middlewareuse ActionDispatch::Static......use ActionDispatch::BestStandardsSupportuse Warden::Manageruse OmniAuth::Strategies::Facebookuse OmniAuth::Strategies::Twitteruse OmniAuth::Strategies::GitHubuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::OpenIDuse OmniAuth::Strategies::GoogleAppsuse OmniAuth::Strategies::GoogleAppsrun DeviseTutorial::Application.routes 29. DEVISE OMNIAUTH ROUTES /users/auth/:provider(.:format) { :controller => "users/omniauth_callbacks", :action => "passthru" } user_omniauth_callback /users/auth/:action/callback(.:format) { :controller => "users/omniauth_callbacks", :action => /facebook|twitter|github/ } 30. NEEDS OF OAUTH create new app record for each client site app id and app secret are required callback url must match access token / error message will append to callback url specicyaml pattern for user auth data 31. ---provider: facebookuid: "1290347368"credentials:token: 49923..........6RqGcuser_info:nickname: tsechinghoemail: tsechingho@gmail.comrst_name: Tse-Chinglast_name: Honame: Tse-Ching Hoimage: http://graph.facebook.com/1290347368/picture?type=squareurls:Facebook: http://www.facebook.com/tsechinghoWebsite:extra:user_hash:id: "1290347368"name: Tse-Ching Horst_name: Tse-Chinglast_name: Holink: http://www.facebook.com/tsechinghousername: tsechinghohometown:id: "110922325599480"name: Taichung, Taiwan 32. FACEBOOK 33. developers.facebook.comNEW FACEBOOK APP https://developers.facebook.com/apps 34. developers.facebook.comCORRECT APP SETTINGSapp id, app secret, site url, site domain are required. 35. facebook.comFACEBOOK USER PANELhttp://www.facebook.com/settings?tab=applicationshttps://developers.facebook.com/docs/reference/api/permissions/ 36. FACEBOOK OAUTH WORK FLOWfacebook.com ca_le / ca_path /users/auth/facebook users/omniauth_callbacks#passthru https://www.facebook.com/connect/uiserver.php /users/auth/facebook/callback?code=xxxxxx 37. TWITTER 38. dev.twitter.comNEW TWITTER APP https://dev.twitter.com/apps/new use http://127.0.0.1 for localhost 39. dev.twitter.comCORRECT APP SETTINGSconsumer key, consumer secret, callback url are required. 40. twitter.comTWITTER USER PANEL you can stop it, not remove it. 4