Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Gems You Might Not Need - Authentication and Au...
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Brandon Beacher
March 30, 2012
Programming
5
380
Gems You Might Not Need - Authentication and Authorization
Brandon Beacher
March 30, 2012
Tweet
Share
More Decks by Brandon Beacher
See All by Brandon Beacher
Ruby for Recruiters
brandon_beacher
1
77
Academic Software Development Collaboration Tools
brandon_beacher
3
180
Other Decks in Programming
See All in Programming
24時間止められないシステムを守る-医療ITにおけるランサムウェア対策の実際
koukimiura
1
130
AIによるイベントストーミング図からのコード生成 / AI-powered code generation from Event Storming diagrams
nrslib
2
1.9k
AI時代の認知負荷との向き合い方
optfit
0
170
そのAIレビュー、レビューしてますか? / Are you reviewing those AI reviews?
rkaga
6
4.6k
dchart: charts from deck markup
ajstarks
3
1k
KIKI_MBSD Cybersecurity Challenges 2025
ikema
0
1.3k
Oxlintはいいぞ
yug1224
5
1.4k
AgentCoreとHuman in the Loop
har1101
5
250
Python’s True Superpower
hynek
0
110
日本だけで解禁されているアプリ起動の方法
ryunakayama
0
270
今から始めるClaude Code超入門
448jp
8
9.1k
Data-Centric Kaggle
isax1015
2
780
Featured
See All Featured
WCS-LA-2024
lcolladotor
0
450
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
330
Game over? The fight for quality and originality in the time of robots
wayneb77
1
120
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
120
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.9k
New Earth Scene 8
popppiees
1
1.5k
How to make the Groovebox
asonas
2
1.9k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.1k
Building AI with AI
inesmontani
PRO
1
710
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
140
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
410
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
200
Transcript
Gems You Might Not Need Authentication and Authorization
Authentication Who are you? Authorization Are you allowed to do
that?
Do I need an authentication gem? Maybe not...
has_secure_password • Built in to newer versions of Rails •
Adds methods to set and authenticate against a BCrypt password. • This mechanism requires you to have a password_digest attribute. https://gist.github.com/2252946
Invitations • Add an invitation_token string attribute to your model
• Generate the token with ActiveSupport:: SecureRandom.hex https://gist.github.com/2253047
Do I need an authorization gem? Maybe not...
Before filters • Methods with redirects https://gist.github.com/2253206
Before filters - a step further • Stay flexible to
meet needs https://gist.github.com/3f28fd45a9755dfafd72
The Forbid pattern • When you need to get more
granular than before filters • class ForbiddenError < StandardError • rescue_from ForbiddenError https://gist.github.com/2253303
The Forbid pattern - a step further • Stay flexible
to meet business needs https://gist.github.com/2253352
The End • Simple • Flexible • Easy to understand
brandon_beacher
koukimiura
nrslib
optfit
rkaga
ajstarks
ikema
yug1224
har1101
hynek
ryunakayama
448jp
isax1015
lcolladotor
marktimemedia
wayneb77
sabderemane
productmarketing
popppiees
asonas
inesmontani
dugsong
reverentgeek
