SlideShare ist ein Scribd-Unternehmen logo

Clearance: Simple, complete Ruby web app authentication.

Jason Morrison
Jason Morrison

Simple, complete Ruby web app authentication at http://github.com/thoughtbot/clearance/tree/master

TechnologieDesign
1 von 28
Downloaden Sie, um offline zu lesen
Clearance Jason Morrison jmorrison@thoughtbot.com
$ sudo gem install thoughtbot- Clearance --source http://gems.github.com $ curl “http://github.com/thoughtbot/ clearance/tree/master%2FREADME.textile? raw=true”
Thank you.
Encore!
“Who goes there?”
email + confirmation + password + forgot = authentication. No authorization, no roles, no ACLs, no HTTP basic auth, no OpenID (in core), no admin (in core), no, no, no!
Keep It Simple, Sucka.
mess ^ Generator free!
(but it’s small) # models and controllers [~/dev/clearance/lib/clearance/app] find . | xargs wc -l 434 total # units and functionals [~/dev/clearance/lib/clearance/test] find . | xargs wc -l 822 total
Let’s see it!
http://github.com/thoughtbot/clearance
Have it your way class User < ActiveRecord::Base include Clearance::Model def encrypt(password) Digest::SHA1.hexdigest quot;--#{salt}--#{password}--quot; end protected def initialize_salt self.salt = Digest::SHA1.hexdigest( quot;--#{Time.now.to_s}--#{email}--quot;) if new_record? end end
Have it your way # similar deal for UsersController, ConfirmationsController class SessionsController < ApplicationController include Clearance::SessionsController def url_after_create video_url(:awesome_and_exciting_welcome) end def url_after_destroy video_url(:wistful_farewell) end end
Get goin’ class User < ActiveRecord::Base include Clearance::Model acts_as_geocodable :normalize_address => true # don’t forget this guy! attr_accessible :first_name, :last_name, :street, :locality, :region, :postal_code, :website, :about end
Get goin’ class UsersController < ApplicationController include Clearance::UsersController before_filter :authenticate, :except => [:new, :create] before_filter :can_only_edit_self, :only => [:edit, :update] protected def can_only_edit_self unless current_user == User.find(params[:id]) flash[:error] = 'Oh, snap! Get outta here.' redirect_to root_url end end end
Future Work
TODO.textile • Some refactoring & documentation to do
Loot from merb-auth • Store current_user on the session, not controller • HTTP fluency • 401 Unauthorized • 405 Resource not allowed • Make a strategy: • Email confirmation • Forgot password • Salted passwords
clearance-admin <% if current_user.admin? -%> Admin::UsersController logged_in_admin_context {} should_only_allow_admins_on ‘get :index’
clearance-openid Extract from http://hoptoadapp.com
Always be on the lookout for Clearance http://www.youtube.com/watch?v=sEaqfpqLBK4
Guard Dog http://headrush.typepad.com/creating_passionate_users /2007/03/seven_blog_virt.html Kiss http://flickr.com/photos/andraspfaff/623258079/ Awesome Delorean http://flickr.com/photos/f1rstborn/757609629/ “Shh!” http://flickr.com/photos/cupcake_eater/2721122278/ Personals Ad http://flickr.com/photos/eggplant/3211654/ Baseball Photosiñata http://flickr.com/photos/mcbeth/156411746/
$ tail -n 8 README.textile h2. Authors * thoughtbot, inc. * Dan Croak * Jason Morrison * Mike Burns * Josh Nichols * Mike Breen
github.com /thoughtbot /clearance github.com /jasonm /talks

Empfohlen

JavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the PlatformJavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the Platform
Robert Nyman
 
J Query - Your First Steps
J Query - Your First StepsJ Query - Your First Steps
J Query - Your First Steps
Bronson Quick
 
A re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbaiA re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbai
Praveen Puglia
 
Djangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django applicationDjangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django application
Masashi Shibata
 
Cheap frontend tricks
Cheap frontend tricksCheap frontend tricks
Cheap frontend tricks
ambiescent
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp Hamilton
Paul Bearne
 
WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008
mvitor
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Yandex
 

Empfohlen

JavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the PlatformJavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the Platform
Robert Nyman
 
J Query - Your First Steps
J Query - Your First StepsJ Query - Your First Steps
J Query - Your First Steps
Bronson Quick
 
A re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbaiA re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbai
Praveen Puglia
 
Djangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django applicationDjangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django application
Masashi Shibata
 
Cheap frontend tricks
Cheap frontend tricksCheap frontend tricks
Cheap frontend tricks
ambiescent
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp Hamilton
Paul Bearne
 
WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008
mvitor
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Yandex
 
Nodejs.meetup
Nodejs.meetupNodejs.meetup
Nodejs.meetup
Vivian S. Zhang
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
Saket Choudhary
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
Saket Choudhary
 
Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008
Mark Jaquith
 
HTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymoreHTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymore
Remy Sharp
 
シックス・アパート・フレームワーク
シックス・アパート・フレームワークシックス・アパート・フレームワーク
シックス・アパート・フレームワーク
Takatsugu Shigeta
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approval
Simon Willison
 
The Spirit of Testing
The Spirit of TestingThe Spirit of Testing
The Spirit of Testing
Marco Cedaro
 
How to make your users not want to murder you
How to make your users not want to murder youHow to make your users not want to murder you
How to make your users not want to murder you
joe_mcmahon
 
YUI on the go
YUI on the goYUI on the go
YUI on the go
Christian Heilmann
 
YUI introduction to build hack interfaces
YUI introduction to build hack interfacesYUI introduction to build hack interfaces
YUI introduction to build hack interfaces
Christian Heilmann
 
Sxsw 20090314
Sxsw 20090314Sxsw 20090314
Sxsw 20090314
guestcabcf63
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验
yiditushe
 
SocketStream
SocketStreamSocketStream
SocketStream
Paul Jensen
 
Web APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existedWeb APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existed
Zeno Rocha
 
Canjs
CanjsCanjs
Canjs
bitovi
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus Bundles
Albert Jessurum
 
Fav
FavFav
Fav
helloppt
 
Building web framework with Rack
Building web framework with RackBuilding web framework with Rack
Building web framework with Rack
sickill
 
Professional web development with libraries
Professional web development with librariesProfessional web development with libraries
Professional web development with libraries
Christian Heilmann
 
Rochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to RailsRochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to Rails
Jason Morrison
 
Rockit: A Parser Generator for Ruby
Rockit: A Parser Generator for RubyRockit: A Parser Generator for Ruby
Rockit: A Parser Generator for Ruby
Jason Morrison
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008
Mark Jaquith
 
シックス・アパート・フレームワーク
シックス・アパート・フレームワークシックス・アパート・フレームワーク
シックス・アパート・フレームワーク
Takatsugu Shigeta
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approval
Simon Willison
 
YUI introduction to build hack interfaces
YUI introduction to build hack interfacesYUI introduction to build hack interfaces
YUI introduction to build hack interfaces
Christian Heilmann
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验
yiditushe
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus Bundles
Albert Jessurum
 

Was ist angesagt? (20)

Nodejs.meetup
Nodejs.meetupNodejs.meetup
Nodejs.meetup
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008
 
HTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymoreHTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymore
 
シックス・アパート・フレームワーク
シックス・アパート・フレームワークシックス・アパート・フレームワーク
シックス・アパート・フレームワーク
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approval
 
The Spirit of Testing
The Spirit of TestingThe Spirit of Testing
The Spirit of Testing
 
How to make your users not want to murder you
How to make your users not want to murder youHow to make your users not want to murder you
How to make your users not want to murder you
 
YUI on the go
YUI on the goYUI on the go
YUI on the go
 
YUI introduction to build hack interfaces
YUI introduction to build hack interfacesYUI introduction to build hack interfaces
YUI introduction to build hack interfaces
 
Sxsw 20090314
Sxsw 20090314Sxsw 20090314
Sxsw 20090314
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验
 
SocketStream
SocketStreamSocketStream
SocketStream
 
Web APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existedWeb APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existed
 
Canjs
CanjsCanjs
Canjs
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus Bundles
 
Fav
FavFav
Fav
 
Building web framework with Rack
Building web framework with RackBuilding web framework with Rack
Building web framework with Rack
 
Professional web development with libraries
Professional web development with librariesProfessional web development with libraries
Professional web development with libraries
 

Andere mochten auch

Andere mochten auch (7)

Rochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to RailsRochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to Rails
 
Rockit: A Parser Generator for Ruby
Rockit: A Parser Generator for RubyRockit: A Parser Generator for Ruby
Rockit: A Parser Generator for Ruby
 
Writing DSLs with Parslet - Wicked Good Ruby Conf
Writing DSLs with Parslet - Wicked Good Ruby ConfWriting DSLs with Parslet - Wicked Good Ruby Conf
Writing DSLs with Parslet - Wicked Good Ruby Conf
 
SmartLab at Ignite Boston 5
SmartLab at Ignite Boston 5SmartLab at Ignite Boston 5
SmartLab at Ignite Boston 5
 
Rochester on Rails: Introduction to Ruby
Rochester on Rails: Introduction to RubyRochester on Rails: Introduction to Ruby
Rochester on Rails: Introduction to Ruby
 
Synthetic Biology at BarcampRochester3
Synthetic Biology at BarcampRochester3Synthetic Biology at BarcampRochester3
Synthetic Biology at BarcampRochester3
 
Multitouch: FTIR
Multitouch: FTIRMultitouch: FTIR
Multitouch: FTIR
 

Ähnlich wie Clearance: Simple, complete Ruby web app authentication.

OSDC 2009 Rails Turtorial
OSDC 2009 Rails TurtorialOSDC 2009 Rails Turtorial
OSDC 2009 Rails Turtorial
Yi-Ting Cheng
 
Action Controller Overview, Season 2
Action Controller Overview, Season 2Action Controller Overview, Season 2
Action Controller Overview, Season 2
RORLAB
 
Systems Automation with Puppet
Systems Automation with PuppetSystems Automation with Puppet
Systems Automation with Puppet
elliando dias
 
Intro To Mvc Development In Php
Intro To Mvc Development In PhpIntro To Mvc Development In Php
Intro To Mvc Development In Php
funkatron
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!
Greg Bell
 
Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation
Compare Infobase Limited
 

Ähnlich wie Clearance: Simple, complete Ruby web app authentication. (20)

OSDC 2009 Rails Turtorial
OSDC 2009 Rails TurtorialOSDC 2009 Rails Turtorial
OSDC 2009 Rails Turtorial
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
 
Action Controller Overview, Season 2
Action Controller Overview, Season 2Action Controller Overview, Season 2
Action Controller Overview, Season 2
 
Cache Money Talk: Practical Application
Cache Money Talk: Practical ApplicationCache Money Talk: Practical Application
Cache Money Talk: Practical Application
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application Framework
 
Pluginが広げるRailsの魅力
Pluginが広げるRailsの魅力Pluginが広げるRailsの魅力
Pluginが広げるRailsの魅力
 
More to RoC weibo
More to RoC weiboMore to RoC weibo
More to RoC weibo
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
Systems Automation with Puppet
Systems Automation with PuppetSystems Automation with Puppet
Systems Automation with Puppet
 
Working Effectively With Legacy Code
Working Effectively With Legacy CodeWorking Effectively With Legacy Code
Working Effectively With Legacy Code
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
 
Intro To Mvc Development In Php
Intro To Mvc Development In PhpIntro To Mvc Development In Php
Intro To Mvc Development In Php
 
More Secrets of JavaScript Libraries
More Secrets of JavaScript LibrariesMore Secrets of JavaScript Libraries
More Secrets of JavaScript Libraries
 
Symfony 1, mi viejo amigo
Symfony 1, mi viejo amigoSymfony 1, mi viejo amigo
Symfony 1, mi viejo amigo
 
Boston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on RailsBoston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on Rails
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!
 
Revoke-Obfuscation
Revoke-ObfuscationRevoke-Obfuscation
Revoke-Obfuscation
 
Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation
 
GAEO
GAEOGAEO
GAEO
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Kürzlich hochgeladen (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Clearance: Simple, complete Ruby web app authentication.

  • 1. Clearance Jason Morrison jmorrison@thoughtbot.com
  • 2. $ sudo gem install thoughtbot- Clearance --source http://gems.github.com $ curl “http://github.com/thoughtbot/ clearance/tree/master%2FREADME.textile? raw=true”
  • 5.
  • 7. email + confirmation + password + forgot = authentication. No authorization, no roles, no ACLs, no HTTP basic auth, no OpenID (in core), no admin (in core), no, no, no!
  • 9. mess ^ Generator free!
  • 10.
  • 11. (but it’s small) # models and controllers [~/dev/clearance/lib/clearance/app] find . | xargs wc -l 434 total # units and functionals [~/dev/clearance/lib/clearance/test] find . | xargs wc -l 822 total
  • 13.
  • 15. Have it your way class User < ActiveRecord::Base include Clearance::Model def encrypt(password) Digest::SHA1.hexdigest quot;--#{salt}--#{password}--quot; end protected def initialize_salt self.salt = Digest::SHA1.hexdigest( quot;--#{Time.now.to_s}--#{email}--quot;) if new_record? end end
  • 16. Have it your way # similar deal for UsersController, ConfirmationsController class SessionsController < ApplicationController include Clearance::SessionsController def url_after_create video_url(:awesome_and_exciting_welcome) end def url_after_destroy video_url(:wistful_farewell) end end
  • 17.
  • 18. Get goin’ class User < ActiveRecord::Base include Clearance::Model acts_as_geocodable :normalize_address => true # don’t forget this guy! attr_accessible :first_name, :last_name, :street, :locality, :region, :postal_code, :website, :about end
  • 19. Get goin’ class UsersController < ApplicationController include Clearance::UsersController before_filter :authenticate, :except => [:new, :create] before_filter :can_only_edit_self, :only => [:edit, :update] protected def can_only_edit_self unless current_user == User.find(params[:id]) flash[:error] = 'Oh, snap! Get outta here.' redirect_to root_url end end end
  • 21. TODO.textile • Some refactoring & documentation to do
  • 22. Loot from merb-auth • Store current_user on the session, not controller • HTTP fluency • 401 Unauthorized • 405 Resource not allowed • Make a strategy: • Email confirmation • Forgot password • Salted passwords
  • 23. clearance-admin <% if current_user.admin? -%> Admin::UsersController logged_in_admin_context {} should_only_allow_admins_on ‘get :index’
  • 24. clearance-openid Extract from http://hoptoadapp.com
  • 25. Always be on the lookout for Clearance http://www.youtube.com/watch?v=sEaqfpqLBK4
  • 26. Guard Dog http://headrush.typepad.com/creating_passionate_users /2007/03/seven_blog_virt.html Kiss http://flickr.com/photos/andraspfaff/623258079/ Awesome Delorean http://flickr.com/photos/f1rstborn/757609629/ “Shh!” http://flickr.com/photos/cupcake_eater/2721122278/ Personals Ad http://flickr.com/photos/eggplant/3211654/ Baseball Photosiñata http://flickr.com/photos/mcbeth/156411746/
  • 27. $ tail -n 8 README.textile h2. Authors * thoughtbot, inc. * Dan Croak * Jason Morrison * Mike Burns * Josh Nichols * Mike Breen