SlideShare ist ein Scribd-Unternehmen logo

Authentication in-rails

Als PPTX, PDF herunterladen
Mihir Vaidya
Mihir Vaidya

Slides from my talk at the Eastside Incubator's Rails Chat series. With so many authentication solutions out there (Devise, OmniAuth, AuthLogic, just to name a few), this slide deck goes through various options, and guides with choosing the best authentication solution for your app. The deck covers following areas... Your Own Auth (Authentication from Scratch) Your Own Auth With Facebook Connect OmniAuth (Facebook + Twitter) OmniAuth (Facebook + Twitter + Identity) Devise (+ Omniauthable, example includes Facebook and Twitter) All source code for this talk is available on GitHub at https://github.com/mvaidya/Authentication-In-Rails

Technologie
1 von 42
Experience Technologies V.P. Engineering Dec 2011 - now Software Engineer August 2010 – Dec 2011 Software Engineer Mihir A. Vaidya Feb 2006 – August 2010 Co-Founder and V.P. Engineering ReadyPulse Software Engineer https://www.linkedin.com/in/vaidyamihir May 2004 – Feb 2006 https://twitter.com/mihirvaidya Researcher May 2003 – May 2004
• • •
• – –
• – – • – – – – – – – •
• • – • • •
• – • • http_basic_authenticate_with :name => "ror", :password => "rocks", :except=>[:index]
• – – – • • • • – • • current_user, authenticate_user! – • – – – –
• –
• – – • • – • – • – • – • – – • • • • •
• • • • •
• • • – – – • – • – –
• – • – – • –  – » • Perform all authentication in a HTML POPUP with your own handler pages before and after Facebook OAuth calls – • • – – • – –
•
• • – Sessions#fb_auth •
• – • •
• • – • – – • • – – (session[:user_id]) – (current_user, authenticate_user!) • •
• • • – • – gem „omniauth-twitter‟ – gem „omniauth-facebook‟ – bundle install • – • Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, APP_CONFIG[:twitter]['consumer_key'], APP_CONFIG[:twitter]['consumer_secret'] provider :facebook, APP_CONFIG[:facebook]['app_id'], APP_CONFIG[:facebook]['app_secret'], :client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } End • • (/auth/:provider/callback) – request.env[“omniauth.auth”]
• – • • • – OmniAuth.config.on_failure = -> env do env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again." SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form end
• – – – – • – –
• – • •
• – '/auth/:provider/callback' => 'sessions#create' • – • – – •
• – provider :identity, on_failed_registration: lambda { |env| # lambda is used so that the class IdentitiesController is not cached (important for dev environment). # That way, changes to the controller will be picked up automatically since # lamda is the rack application to handle failures and not IndentitiesController#new directly IdentitiesController.action(:new).call(env) }
• – • – –
• • – • • – • • – • – • • • –
• – – • – • • – – • – • • – –
• – • • • • • –
 • • – • –
• – • – – – • – –
• • • – – • • • – –
• • –
• – – • – • • – • – – • • •
• • • • – – – – • –
• • –  • – – • – – –  • – •
• • •
• •
• – • • • – • • – • – – – – • – – – • • – current_user – authenticate_user!
• – – – – • password_salt = BCrypt::Engine.generate_salt • password_hash = BCrypt::Engine.hash_secret(password, password_salt) • –
• – • – • –

Empfohlen

Pre auditoria trabajos_alturas
Pre auditoria trabajos_alturasPre auditoria trabajos_alturas
Pre auditoria trabajos_alturasAngelica Lopera
 
Jugando al Memory-Cuaresma
Jugando al Memory-CuaresmaJugando al Memory-Cuaresma
Jugando al Memory-CuaresmaFranciscanos Valladolid
 
Aar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfAar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfBrandon Williams
 
Ekaw2010 tutorial3
Ekaw2010 tutorial3Ekaw2010 tutorial3
Ekaw2010 tutorial3Amparo Elizabeth Cano Basave
 
CCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLCCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLEmmanuel Fuchs
 
On off-4
On off-4On off-4
On off-4Anjaritoi Urnieta
 
IASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIlkka Kakko
 
Oto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez
 

Empfohlen

Pre auditoria trabajos_alturas
Pre auditoria trabajos_alturasPre auditoria trabajos_alturas
Pre auditoria trabajos_alturasAngelica Lopera
 
Jugando al Memory-Cuaresma
Jugando al Memory-CuaresmaJugando al Memory-Cuaresma
Jugando al Memory-CuaresmaFranciscanos Valladolid
 
Aar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfAar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfBrandon Williams
 
Ekaw2010 tutorial3
Ekaw2010 tutorial3Ekaw2010 tutorial3
Ekaw2010 tutorial3Amparo Elizabeth Cano Basave
 
CCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLCCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLEmmanuel Fuchs
 
On off-4
On off-4On off-4
On off-4Anjaritoi Urnieta
 
IASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIlkka Kakko
 
Oto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez
 
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkSusannSgorzaly
 
Poisoning Google images
Poisoning Google imagesPoisoning Google images
Poisoning Google imageslukash4
 
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDays Riga
 
IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13Dominopoint - Italian Lotus User Group
 
下吧开发总结
下吧开发总结下吧开发总结
下吧开发总结Night Sailer
 
Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Jinho Jung
 
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersSharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersDan Usher
 
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...Scott Hoag
 
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Prashant G Bhoyar (Microsoft MVP)
 
Sucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri
 
Google-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareGoogle-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareAvast
 
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...Amazon Web Services
 
memories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlmemories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlhonishi
 
Chaione Ember.js Training
Chaione Ember.js TrainingChaione Ember.js Training
Chaione Ember.js Trainingaortbals
 
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...Dan Usher
 
BSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesBSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesIsmael Goncalves
 
HTML5 History & Features
HTML5 History & FeaturesHTML5 History & Features
HTML5 History & FeaturesDave Ross
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilFabio Akita
 
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...iMasters
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Weitere ähnliche Inhalte

Ähnlich wie Authentication in-rails

Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkSusannSgorzaly
 
Poisoning Google images
Poisoning Google imagesPoisoning Google images
Poisoning Google imageslukash4
 
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDays Riga
 
下吧开发总结
下吧开发总结下吧开发总结
下吧开发总结Night Sailer
 
Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Jinho Jung
 
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersSharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersDan Usher
 
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...Scott Hoag
 
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Prashant G Bhoyar (Microsoft MVP)
 
Sucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri
 
Google-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareGoogle-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareAvast
 
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...Amazon Web Services
 
memories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlmemories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlhonishi
 
Chaione Ember.js Training
Chaione Ember.js TrainingChaione Ember.js Training
Chaione Ember.js Trainingaortbals
 
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...Dan Usher
 
BSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesBSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesIsmael Goncalves
 
HTML5 History & Features
HTML5 History & FeaturesHTML5 History & Features
HTML5 History & FeaturesDave Ross
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilFabio Akita
 
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...iMasters
 

Ähnlich wie Authentication in-rails (20)

Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP framework
 
Poisoning Google images
Poisoning Google imagesPoisoning Google images
Poisoning Google images
 
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
 
IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13
 
下吧开发总结
下吧开发总结下吧开发总结
下吧开发总结
 
Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드
 
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersSharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
 
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
 
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
 
Sucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web Agencies
 
Google-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareGoogle-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malware
 
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
 
memories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlmemories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowl
 
Chaione Ember.js Training
Chaione Ember.js TrainingChaione Ember.js Training
Chaione Ember.js Training
 
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
 
BSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesBSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicações
 
HTML5 History & Features
HTML5 History & FeaturesHTML5 History & Features
HTML5 History & Features
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All Evil
 
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
 

Kürzlich hochgeladen

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Kürzlich hochgeladen (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Authentication in-rails

  • 1.
  • 2. Experience Technologies V.P. Engineering Dec 2011 - now Software Engineer August 2010 – Dec 2011 Software Engineer Mihir A. Vaidya Feb 2006 – August 2010 Co-Founder and V.P. Engineering ReadyPulse Software Engineer https://www.linkedin.com/in/vaidyamihir May 2004 – Feb 2006 https://twitter.com/mihirvaidya Researcher May 2003 – May 2004
  • 4. – –
  • 5. – – • – – – – – – – •
  • 6. • • – • • •
  • 7. – • • http_basic_authenticate_with :name => "ror", :password => "rocks", :except=>[:index]
  • 8. – – – • • • • – • • current_user, authenticate_user! – • – – – –
  • 9.
  • 10. – – • • – • – • – • – • – – • • • • •
  • 12. • • • – – – • – • – –
  • 13. – • – – • –  – » • Perform all authentication in a HTML POPUP with your own handler pages before and after Facebook OAuth calls – • • – – • – –
  • 14.
  • 15. • • – Sessions#fb_auth •
  • 16. – • •
  • 17. • • – • – – • • – – (session[:user_id]) – (current_user, authenticate_user!) • •
  • 18. • • • – • – gem „omniauth-twitter‟ – gem „omniauth-facebook‟ – bundle install • – • Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, APP_CONFIG[:twitter]['consumer_key'], APP_CONFIG[:twitter]['consumer_secret'] provider :facebook, APP_CONFIG[:facebook]['app_id'], APP_CONFIG[:facebook]['app_secret'], :client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } End • • (/auth/:provider/callback) – request.env[“omniauth.auth”]
  • 19. – • • • – OmniAuth.config.on_failure = -> env do env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again." SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form end
  • 20. – – – – • – –
  • 21. – • •
  • 22. – '/auth/:provider/callback' => 'sessions#create' • – • – – •
  • 23. – provider :identity, on_failed_registration: lambda { |env| # lambda is used so that the class IdentitiesController is not cached (important for dev environment). # That way, changes to the controller will be picked up automatically since # lamda is the rack application to handle failures and not IndentitiesController#new directly IdentitiesController.action(:new).call(env) }
  • 24. – • – –
  • 25. • • – • • – • • – • – • • • –
  • 26. – – • – • • – – • – • • – –
  • 27. – • • • • • –
  • 28.  • • – • –
  • 29. – • – – – • – –
  • 30. • • • – – • • • – –
  • 31. • •
  • 32. – – • – • • – • – – • • •
  • 33. • • • • – – – – • –
  • 34. • • –  • – – • – – –  • – •
  • 37.
  • 38.
  • 39.
  • 40. – • • • – • • – • – – – – • – – – • • – current_user – authenticate_user!
  • 41. – – – – • password_salt = BCrypt::Engine.generate_salt • password_hash = BCrypt::Engine.hash_secret(password, password_salt) • –
  • 42. – • – • –