wycats / merb

master merb branch

This URL has Read+Write access

merb / merb-auth
name age
history
message
..
file .gitignore Wed Oct 08 15:02:26 -0700 2008 Move things to merb-more [wycats]
file LICENSE Wed Oct 08 15:02:26 -0700 2008 Completes the move of merb-auth to merb-more [hassox]
file README.textile Loading commit data...
file Rakefile
file TODO Fri Jan 18 11:25:19 -0800 2008 Leftover files [wycats]
directory lib/ Mon Oct 13 03:13:28 -0700 2008 Versions updated in the rake tasks Updates the... [hassox]
directory merb-auth-core/
directory merb-auth-more/
directory merb-auth-slice-password/
merb-auth/README.textile

MerbAuth – Merb Merb::Authentication

An extensible architecture for authentication

  • Stupidly Simple
  • Speaks fluent HTTP, even the errors
  • Pluggable Architecture (so that you can use any authentication algorithms you like)
  • Cascading Merb::Authentication (if one method fails, another is attempted, then another. When no methods succeed, authentication fails)

Principles

  1. Sessions are authenticated
  2. Just because one method of authentication fails doesn’t mean the session, can’t be authenticated another way. This is especially true if your application has an external API as well as a public interface.
  3. HTTP has built-in Errors which every web-browser (should) know how to speak. If you’re application speaks in HTTP Verbs (GET, POST, PUT, DELETE), it should also serve the correct HTTP Errors when things go wrong.

What is it

The merb-auth gem is the default implementation of merb-auth-core and merb-auth-more for
the default Merb Stack. Included are:

merb-auth-slice-password # A basic slice that provides everything you need for basic password logins

Strategies:
:default_password_form # Form based login via a “login” field and “password” field
:default_basic_auth # Basic authentication

Mixins:
redirect_back # For redirect_back_or functionality
salted_user # Automtaically provides the required methods on your user model

Get merb-auth

merb-auth is bundled with the merb gem. To get it as stand alone you can get it two ways.

Gem Style
sudo gem install merb-auth

From Source


git clone http://github.com/wycats/merb-more.git
cd merb-more/merb-auth
sudo rake install

Basic Setup

Application Setup

Setup your user

Setup your User resource
$ merb-gen resource users

Ensure you have a login property
property :login, String

Make sure you have the following in your migrations (if required)
crypted_password – String
salt – String

Setup your configuration

Include merb-auth in your application config/init.rb 


  dependency "merb-auth"

Setup the routing: config/router.rb


  Merb::Router.prepare do
    merb_auth_routes(:name_prefix => nil, :path_prefix => nil)
  end

Protect Your Controller


  class MyController < Application
    before :ensure_authenticated

#…
end