Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Gems You Might Not Need - Authentication and Au...
Search
Brandon Beacher
March 30, 2012
Programming
380
5
Share
Gems You Might Not Need - Authentication and Authorization
Brandon Beacher
March 30, 2012
More Decks by Brandon Beacher
See All by Brandon Beacher
Ruby for Recruiters
brandon_beacher
1
83
Academic Software Development Collaboration Tools
brandon_beacher
3
190
Other Decks in Programming
See All in Programming
Why Laravel apps break—Mastering the fundamentals to keep them maintainable
kentaroutakeda
1
310
脅威をエンジニアリングの糧にして――現場編 / Turning Threats into Engineering Fuel — Field Edition
nrslib
0
210
Inside Stream API
skrb
1
250
AIエージェントの隔離技術の徹底比較
kawayu
0
440
Talking to terminals (and how they talk back) (KotlinConf 2026)
jakewharton
PRO
1
160
技術記事、AIに書かせるか、自分で書くか? 〜それでも私が自分の手で書く理由〜 / #QiitaConference
jnchito
2
1.2k
[BalkanRuby 2026] Drop your app/services!
palkan
3
710
iOS26時代の新規アプリ開発
yuukiw00w
0
210
AI時代の仕事技芸論 — ソフトウェア開発で「遊ぶように働く」職人的熟達のすすめ
kuranuki
1
440
RailsTokyo 2026#4: AI様があれば、 Hotwireの弱点は消えるか?
naofumi
5
1k
TSKaigi2026-静的解析への投資がAI時代のコード品質を支える ── カスタムESLintルールの設計と運用
hayatokudou
6
1.3k
Old Dog, New Tricks: The Java 25 Reinvention - JNation
bazlur_rahman
0
130
Featured
See All Featured
Being A Developer After 40
akosma
91
590k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
130
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.5k
Everyday Curiosity
cassininazir
0
210
How to Talk to Developers About Accessibility
jct
2
210
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
120k
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
marcoroth
1
120
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.8k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
470
The Invisible Side of Design
smashingmag
302
52k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
200
Done Done
chrislema
186
16k
Transcript
Gems You Might Not Need Authentication and Authorization
Authentication Who are you? Authorization Are you allowed to do
that?
Do I need an authentication gem? Maybe not...
has_secure_password • Built in to newer versions of Rails •
Adds methods to set and authenticate against a BCrypt password. • This mechanism requires you to have a password_digest attribute. https://gist.github.com/2252946
Invitations • Add an invitation_token string attribute to your model
• Generate the token with ActiveSupport:: SecureRandom.hex https://gist.github.com/2253047
Do I need an authorization gem? Maybe not...
Before filters • Methods with redirects https://gist.github.com/2253206
Before filters - a step further • Stay flexible to
meet needs https://gist.github.com/3f28fd45a9755dfafd72
The Forbid pattern • When you need to get more
granular than before filters • class ForbiddenError < StandardError • rescue_from ForbiddenError https://gist.github.com/2253303
The Forbid pattern - a step further • Stay flexible
to meet business needs https://gist.github.com/2253352
The End • Simple • Flexible • Easy to understand
brandon_beacher
kentaroutakeda
nrslib
skrb
kawayu
jakewharton
jnchito
palkan
yuukiw00w
kuranuki
naofumi
hayatokudou
bazlur_rahman
akosma
akademiya2063
marcduiker
cassininazir
jct
twada
marcoroth
zakiyama
marktimemedia
smashingmag
mkilby
chrislema
