No description, website, or topics provided.
Ruby
Switch branches/tags
Nothing to show
Clone or download
Michel Benevento
Michel Benevento improve tests
Latest commit c851757 Jun 4, 2015
Permalink
Failed to load latest commit information.
lib/roda improve tests Jun 4, 2015
test improve tests Jun 4, 2015
.gitignore ignore lockfile Jun 1, 2015
Gemfile first attempt Dec 26, 2014
Gemfile.lock add omniauth & csrf support Jun 3, 2015
README.md roda 2.0 Feb 19, 2015
Rakefile serialize sessions Jan 29, 2015
roda-auth.gemspec add omniauth & csrf support Jun 3, 2015

README.md

Roda plugin for Authentication

Status

This is a first stab at integrating Roda and Warden. It is by no means ready for real use.

Quick start

Install gem with

gem 'roda-auth'          #Gemfile

Create rack app

#api.ru

require 'roda/auth'

class App < Roda
  
  # plugin options, all optional
  # supports 3 auth types: :basic (default), :form, or :token
  # :user_class defaults to ::User
  # :redirect - url for login page, defaults to '/login'
  # :cookie - options hash for session cookie, see Rack::Session::Cookie
  
  plugin :auth, :form, user_class: MyUser, redirect: '/login', cookie: {secret:'secret'}
  
  route do |r|
    r.post 'login' do
      sign_in do
        redirect "/private/profile/#{current_user}"
      end
    end
    r.get 'login' do
      #render login form
    end
    r.post 'logout' do
      sign_out
    end
    r.on 'public' do
      #public content
    end
    authenticate!
    r.on 'private' do
      #private content
    end
  end

end

class MyUser

  #required - should return either a valid user or nil
  
  def self.authentic?(credentials)
    #credentials is either {'username' => 'foo', 'password' => 'bar'} or {'token' => '123'}
    if token = credentials['token']
      self.find_by_token(token) #make sure to use a safe (constant time) method of looking up tokens
    else
      self.check_password(credentials['username'], credentials['password'])
    end
  end
  
  #required when using :form strategy (for sessions)
  
  def self.find_by_id(id)
    find(id)
  end
  
  #optional - used for  generating/updating auth tokens or tracking logins
  
  def authentic!
    #call for each successful authentication request
  end
  
end