Rails 2.3 engine based on the Authlogic gem to provide an instant authentication solution on a new or existing site.
Pull request Compare This branch is 14 commits ahead, 66 commits behind angantyr:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This engine will give you an instant authentication system for a new site, including support for user registration, openID authentication, and password resets via email. You will be able to customize look and feel, but it works right out of the box. Even with a completely empty app. ;-)

This Rails 2.3 engine is using the excellent Authlogic gem (github.com/binarylogic/authlogic/tree/master) from Ben Johnson at BinaryLogic, and is based on the sample application for that gem.


  1. You need Rails 2.3! This engine is not based on the rails-engines plugin.

  2. You need the Authlogic gem, but it will prompt for the gem if it's missing

  3. The OpenID Authentication plugin. Yes, I built in OpenID support by default.

  4. The authlogic_oid gem.


$ script/plugin install git://github.com/angantyr/authentication_engine.git

$ script/plugin install git://github.com/rails/open_id_authentication.git

$ script/plugin install git://github.com/iain/i18n_label.git

$ rake authentication_engine:sync

$ rake db:migrate

the authentication_engine:sync rake task does the following, so use it with care on an existing site:

  1. moves the migration files over to db/migrate

  2. moves an authentication_config.yml file and it's initializer into config

  3. moves a mailer template over. rails doesn't seem to pick up mailer templates inside engines


A couple of simple steps to get up and running:

In your application_controller.rb, you need to include authentication_system, like so:

class ApplicationController < ActionController::Base
  include AuthenticationEngine
  include LocalizedSystem

  helper :all # include all helpers, all the time
  protect_from_forgery # See ActionController::RequestForgeryProtection for details

If you are starting with a completely empty rails site, add a site root like this:

map.root :controller => "home", :action => "index"

and remove index.html in public folder,

and then for every controller you want to protect, simply add:

class WidgetsController < ApplicationController
  before_filter :require_user

or use a combination of user requirements on a per action level:

before_filter :require_no_user, :only => [:new, :create] before_filter :require_user, :only => :destroy

In your application layout include the javascript defaults if you are not already:

<%= javascript_include_tag :defaults %>

(This is only used for for switching between standard and openid login forms.)

In your layouts and views you can also call the login status bar:

<%= render :partial => 'shared/user_status' %>


Just remember to add this line to your routes.rb:

map.root :controller => "home", :action => "index"

First, you need to install the basic gems:

$ gem install rspec-rails
$ gem install cucumber
$ gem install webrat
$ gem install bmabey-email_spec -s http://gems.github.com
$ script/generate rspec
$ script/generate cucumber
$ script/generate email_spec

Then you can test the features of authentication_engine via rake command:

$ rake authentication_engine:features

Or test it manually:

$ rake db:test:prepare
$ cucumber vendor/plugins/authentication_engine/features

To-Do List

Build out admin interfaces, which will expose full data on the included models. This step will also require some kind of authorization scheme. I'm currently planning on using the authorization plugin. Any thoughts on that are welcome. Perhaps that gets rolled into a separate authorization_engine ?

Wish List

  • OpenID-based User creation: I would love for the user creation to use the OpenID functionality to the fullest.


On this one, all credit goes to Ben Johnson at BinaryLogic for providing a fresh start on authentication systems for Rails: github.com/binarylogic/authlogic/tree/master


Copyright © 2009 Mans Angantyr, released under the MIT license