Every Rails site I’ve ever built has needed authentication. Over the years I’ve tried several authentication libraries: Restful Authentication, Authlogic and, more recently, Devise.
However I only ever need simple username/password authentication. It’s not complicated. But all these libraries seem to make it complicated, or at least more complicated than it should be.
In this context flexibility equates to complexity. I don’t want flexibility: a bigger API takes longer to comprehend, and I don’t need it. I just want username/password authentication.
Recently I’ve been wanting to write a Rails 3 engine as a learning exercise for the new Rails APIs. So I took the opportunity to write my own authentication library: Quo Vadis.
Use it if you want simple username/password authentication which is easy to understand.
Add gem 'quo_vadis' to your Gemfile.
Run rails generate quo_vadis:install.
Run rake db:migrate.
Amend your User model:
class User < ActiveRecord::Base
authenticates
end
Add a before filter to the actions needing an authenticated user:
class ArticlesController < ActionController::Base
before_filter :authenticate, :except => [:index, :show]
end
Write the sign-in view. It must be in app/views/sessions/new.html.:format and post the parameters :username and :password to sign_in_url. You have to write your own view because I always end up doing it anyway when an authentication library generates it for me — the markup is never right.
In your layout, use the current_user helper method to retrieve the signed-in user, and sign_in_path and sign_out_path as appropriate.
There: I think that’s about as simple as you can make it.
Quo Vadis is easy to customise. See the README for details.
Apart from one or two blog posts, good information on Rails 3 engine development is quite hard to come by. One of the best articles I found was How Rails 3 Enables More Choices (Part 1) by (inevitably!) Yehuda Katz.
I heartily recommend José Valim’s Enginex, a tool which generates a bare bones engine complete with a ready-to-go test suite. I had already created my engine layout by hand, starting from Bundler’s new gem skeleton, but Enginex was invaluable for making it fully testable.
While we’re here, I also recommend Crafting Rails Applications. Refreshingly it’s aimed at the intermediate to advanced developer, not the beginner, and it works through the new Rails 3 APIs in a well explained, test-first manner.
Simple username/password authentication isn’t hard: you could easily do it yourself in each app. But it would take you longer than 5 minutes, and you might make a typo.
Just go with the flow and use Quo Vadis.