Quo Vadis: Simple Authentication for Rails 3
However I only ever need simple username/password authentication. It’s not complicated. But all these libraries seem to make it complicated, or at least more complicated than it should be.
In this context flexibility equates to complexity. I don’t want flexibility: a bigger API takes longer to comprehend, and I don’t need it. I just want username/password authentication.
Recently I’ve been wanting to write a Rails 3 engine as a learning exercise for the new Rails APIs. So I took the opportunity to write my own authentication library: Quo Vadis.
Use it if you want simple username/password authentication which is easy to understand.
How To Add Simple Authentication in 5 Minutes
gem 'quo_vadis' to your Gemfile.
rails generate quo_vadis:install.
Amend your User model:
class User < ActiveRecord::Base authenticates end
Add a before filter to the actions needing an authenticated user:
class ArticlesController < ActionController::Base before_filter :authenticate, :except => [:index, :show] end
Write the sign-in view. It must be in
app/views/sessions/new.html.:format and post the parameters
sign_in_url. You have to write your own view because I always end up doing it anyway when an authentication library generates it for me — the markup is never right.
In your layout, use the
current_user helper method to retrieve the signed-in user, and
sign_out_path as appropriate.
There: I think that’s about as simple as you can make it.
Quo Vadis is easy to customise. See the README for details.
Developing a Rails 3 Engine
Apart from one or two blog posts, good information on Rails 3 engine development is quite hard to come by. One of the best articles I found was How Rails 3 Enables More Choices (Part 1) by (inevitably!) Yehuda Katz.
I heartily recommend José Valim’s Enginex, a tool which generates a bare bones engine complete with a ready-to-go test suite. I had already created my engine layout by hand, starting from Bundler’s new gem skeleton, but Enginex was invaluable for making it fully testable.
While we’re here, I also recommend Crafting Rails Applications. Refreshingly it’s aimed at the intermediate to advanced developer, not the beginner, and it works through the new Rails 3 APIs in a well explained, test-first manner.
Simple username/password authentication isn’t hard: you could easily do it yourself in each app. But it would take you longer than 5 minutes, and you might make a typo.
Just go with the flow and use Quo Vadis.