Sorry this page looks weird. It was automatically migrated from my old blog, which had a different layout and different CSS.

Quo Vadis: Simple Authentication for Rails 3

Every Rails site I’ve ever built has needed authentication. Over the years I’ve tried several authentication libraries: Restful Authentication, Authlogic and, more recently, Devise.

However I only ever need simple username/password authentication. It’s not complicated. But all these libraries seem to make it complicated, or at least more complicated than it should be.

In this context flexibility equates to complexity. I don’t want flexibility: a bigger API takes longer to comprehend, and I don’t need it. I just want username/password authentication.

Recently I’ve been wanting to write a Rails 3 engine as a learning exercise for the new Rails APIs. So I took the opportunity to write my own authentication library: Quo Vadis.

Use it if you want simple username/password authentication which is easy to understand.

How To Add Simple Authentication in 5 Minutes

Add gem 'quo_vadis' to your Gemfile.

Run rails generate quo_vadis:install.

Run rake db:migrate.

Amend your User model:

class User < ActiveRecord::Base
  authenticates
end

Add a before filter to the actions needing an authenticated user:

class ArticlesController < ActionController::Base
  before_filter :authenticate, :except => [:index, :show]
end

Write the sign-in view. It must be in app/views/sessions/new.html.:format and post the parameters :username and :password to sign_in_url. You have to write your own view because I always end up doing it anyway when an authentication library generates it for me — the markup is never right.

In your layout, use the current_user helper method to retrieve the signed-in user, and sign_in_path and sign_out_path as appropriate.

There: I think that’s about as simple as you can make it.

Customisation

Quo Vadis is easy to customise. See the README for details.

Developing a Rails 3 Engine

Apart from one or two blog posts, good information on Rails 3 engine development is quite hard to come by. One of the best articles I found was How Rails 3 Enables More Choices (Part 1) by (inevitably!) Yehuda Katz.

I heartily recommend José Valim’s Enginex, a tool which generates a bare bones engine complete with a ready-to-go test suite. I had already created my engine layout by hand, starting from Bundler’s new gem skeleton, but Enginex was invaluable for making it fully testable.

While we’re here, I also recommend Crafting Rails Applications. Refreshingly it’s aimed at the intermediate to advanced developer, not the beginner, and it works through the new Rails 3 APIs in a well explained, test-first manner.

Conclusion

Simple username/password authentication isn’t hard: you could easily do it yourself in each app. But it would take you longer than 5 minutes, and you might make a typo.

Just go with the flow and use Quo Vadis.

Andrew Stewart • 25 January 2011 • RailsQuo Vadis
You can reach me by email or on Twitter.