Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/GBH/letmein
Minimalistic authentication plugin for Rails 3 apps
https://github.com/GBH/letmein
Last synced: 3 months ago
JSON representation
Minimalistic authentication plugin for Rails 3 apps
- Host: GitHub
- URL: https://github.com/GBH/letmein
- Owner: GBH
- License: mit
- Archived: true
- Created: 2011-03-23T19:42:33.000Z (over 13 years ago)
- Default Branch: master
- Last Pushed: 2013-03-28T15:52:18.000Z (over 11 years ago)
- Last Synced: 2024-05-11T22:21:55.281Z (6 months ago)
- Language: Ruby
- Homepage:
- Size: 161 KB
- Stars: 145
- Watchers: 2
- Forks: 10
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# letmein [](http://travis-ci.org/GBH/letmein)
**letmein** is a minimalistic authentication plugin for Rails 3 applications. It doesn't have anything other than the UserSession (or WhateverSession) object that you can use to authenticate logins.
Setup
=====
Plug the thing below into Gemfile and you know what to do after.
gem 'letmein'
If you want to authenticate *User* with database fields *email*, *password_hash* and *password_salt* you don't need to do anything. If you're authenticating something else, you want something like this in your initializers:
LetMeIn.configure do |conf|
conf.model = 'Account'
conf.attribute = 'username'
conf.password = 'password_crypt'
conf.salt = 'salty_salt'
end
When creating/updating a record you have access to *password* accessor.
>> user = User.new(:email => '[email protected]', :password => 'letmein')
>> user.save!
=> true
>> user.password_hash
=> $2a$10$0MeSaaE3I7.0FQ5ZDcKPJeD1.FzqkcOZfEKNZ/DNN.w8xOwuFdBCm
>> user.password_salt
=> $2a$10$0MeSaaE3I7.0FQ5ZDcKPJe
Authentication
==============
You authenticate using UserSession object. Example:
>> session = UserSession.new(:email => '[email protected]', :password => 'letmein')
>> session.save
=> true
>> session.user
=> #
When credentials are invalid:
>> session = UserSession.new(:email => '[email protected]', :password => 'bad_password')
>> session.save
=> false
>> session.user
=> nil
Usage
=====
There are no built-in routes/controllers/views/helpers or anything. I'm confident you can do those yourself, because you're awesome. But here's an example how you can implement the controller handling the login:
class SessionsController < ApplicationController
def create
@session = UserSession.new(params[:user_session])
@session.save!
# Store the user in session and get a fresh session id
session[:user_id] = @session.user.id
request.session_options[:renew] = true
flash[:notice] = "Welcome back #{@session.user.name}!"
redirect_to '/'
rescue LetMeIn::Error
flash.now[:error] = 'Invalid Credentials'
render :action => :new
end
end
Upon successful login you have access to *session[:user_id]*. The rest is up to you.
Authenticating Multiple Models
==============================
Yes, you can do that too. Let's assume you also want to authenticate admins that don't have email addresses, but have usernames.
LetMeIn.configure do |conf|
conf.models = ['User', 'Admin']
conf.attributes = ['email', 'username']
end
Bam! You're done. Now you have an AdminSession object that will use *username* and *password* to authenticate.
Overriding Session Authentication
=================================
By default user will be logged in if provided email and password match. If you need to add a bit more logic to that you'll need to create your own session object. In the following example we do an additional check to see if user is 'approved' before letting him in.
class MySession < LetMeIn::Session
# Model that is being authenticated is derived from the class name
# If you're authenticating multiple models you need to specify which one
@model = 'User'
def authenticate
super # need to authenticate with email/password first
unless user && user.is_approved?
# adding a validation error will prevent login
errors.add :base, "You are not approved yet, #{user.name}."
end
end
end
Copyright
=========
(c) 2011 Oleg Khabarov, released under the MIT license