Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Gems You Might Not Need - Authentication and Authorization
Search
Brandon Beacher
March 30, 2012
Programming
5
370
Gems You Might Not Need - Authentication and Authorization
Brandon Beacher
March 30, 2012
Tweet
Share
More Decks by Brandon Beacher
See All by Brandon Beacher
Ruby for Recruiters
brandon_beacher
1
57
Academic Software Development Collaboration Tools
brandon_beacher
3
160
Other Decks in Programming
See All in Programming
哲学史とモデリング
tanakahisateru
2
430
The Design of Everyday APIs - PyCon 2024
roguelynn
1
190
TypeScript Custom GitHub Action Development Tips
peaceiris
2
500
WinActorの勉強を継続する方法
tamai_63
0
130
Good first issues of TypeProf
mame
4
590
Implementing Design Systems in Swift
seyfoyun
2
530
Timeline エディター拡張入門
yucchiy
0
450
TypeScript 関数型スタイルでバックエンド開発のリアル
naoya
49
16k
教えて!スクラムコーチ品質とスピードのバランスはどうすりゃいいの?
pinboro
0
120
Enjoy Creative Coding with Ruby (RubyKaigi2024)
chobishiba
0
710
一文字エイリアスのすすめ
fujimura
0
200
JavaScript Closure
asoluka
0
2k
Featured
See All Featured
The Cost Of JavaScript in 2023
addyosmani
21
4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
BBQ
matthewcrist
80
8.8k
Designing the Hi-DPI Web
ddemaree
276
33k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Agile that works and the tools we love
rasmusluckow
325
20k
How to name files
jennybc
65
94k
A Tale of Four Properties
chriscoyier
153
22k
The MySQL Ecosystem @ GitHub 2015
samlambert
244
12k
In The Pink: A Labor of Love
frogandcode
138
21k
Building Applications with DynamoDB
mza
88
5.7k
The Brand Is Dead. Long Live the Brand.
mthomps
49
30k
Transcript
Gems You Might Not Need Authentication and Authorization
Authentication Who are you? Authorization Are you allowed to do
that?
Do I need an authentication gem? Maybe not...
has_secure_password • Built in to newer versions of Rails •
Adds methods to set and authenticate against a BCrypt password. • This mechanism requires you to have a password_digest attribute. https://gist.github.com/2252946
Invitations • Add an invitation_token string attribute to your model
• Generate the token with ActiveSupport:: SecureRandom.hex https://gist.github.com/2253047
Do I need an authorization gem? Maybe not...
Before filters • Methods with redirects https://gist.github.com/2253206
Before filters - a step further • Stay flexible to
meet needs https://gist.github.com/3f28fd45a9755dfafd72
The Forbid pattern • When you need to get more
granular than before filters • class ForbiddenError < StandardError • rescue_from ForbiddenError https://gist.github.com/2253303
The Forbid pattern - a step further • Stay flexible
to meet business needs https://gist.github.com/2253352
The End • Simple • Flexible • Easy to understand