SlideShare una empresa de Scribd logo

Clearance: Simple, complete Ruby web app authentication.

Jason Morrison
Jason Morrison

Simple, complete Ruby web app authentication at http://github.com/thoughtbot/clearance/tree/master

TecnologíaDiseño
1 de 28
Descargar para leer sin conexión
Clearance Jason Morrison jmorrison@thoughtbot.com
$ sudo gem install thoughtbot- Clearance --source http://gems.github.com $ curl “http://github.com/thoughtbot/ clearance/tree/master%2FREADME.textile? raw=true”
Thank you.
Encore!
“Who goes there?”
email + confirmation + password + forgot = authentication. No authorization, no roles, no ACLs, no HTTP basic auth, no OpenID (in core), no admin (in core), no, no, no!
Keep It Simple, Sucka.
mess ^ Generator free!
(but it’s small) # models and controllers [~/dev/clearance/lib/clearance/app] find . | xargs wc -l 434 total # units and functionals [~/dev/clearance/lib/clearance/test] find . | xargs wc -l 822 total
Let’s see it!
http://github.com/thoughtbot/clearance
Have it your way class User < ActiveRecord::Base include Clearance::Model def encrypt(password) Digest::SHA1.hexdigest quot;--#{salt}--#{password}--quot; end protected def initialize_salt self.salt = Digest::SHA1.hexdigest( quot;--#{Time.now.to_s}--#{email}--quot;) if new_record? end end
Have it your way # similar deal for UsersController, ConfirmationsController class SessionsController < ApplicationController include Clearance::SessionsController def url_after_create video_url(:awesome_and_exciting_welcome) end def url_after_destroy video_url(:wistful_farewell) end end
Get goin’ class User < ActiveRecord::Base include Clearance::Model acts_as_geocodable :normalize_address => true # don’t forget this guy! attr_accessible :first_name, :last_name, :street, :locality, :region, :postal_code, :website, :about end
Get goin’ class UsersController < ApplicationController include Clearance::UsersController before_filter :authenticate, :except => [:new, :create] before_filter :can_only_edit_self, :only => [:edit, :update] protected def can_only_edit_self unless current_user == User.find(params[:id]) flash[:error] = 'Oh, snap! Get outta here.' redirect_to root_url end end end
Future Work
TODO.textile • Some refactoring & documentation to do
Loot from merb-auth • Store current_user on the session, not controller • HTTP fluency • 401 Unauthorized • 405 Resource not allowed • Make a strategy: • Email confirmation • Forgot password • Salted passwords
clearance-admin <% if current_user.admin? -%> Admin::UsersController logged_in_admin_context {} should_only_allow_admins_on ‘get :index’
clearance-openid Extract from http://hoptoadapp.com
Always be on the lookout for Clearance http://www.youtube.com/watch?v=sEaqfpqLBK4
Guard Dog http://headrush.typepad.com/creating_passionate_users /2007/03/seven_blog_virt.html Kiss http://flickr.com/photos/andraspfaff/623258079/ Awesome Delorean http://flickr.com/photos/f1rstborn/757609629/ “Shh!” http://flickr.com/photos/cupcake_eater/2721122278/ Personals Ad http://flickr.com/photos/eggplant/3211654/ Baseball Photosiñata http://flickr.com/photos/mcbeth/156411746/
$ tail -n 8 README.textile h2. Authors * thoughtbot, inc. * Dan Croak * Jason Morrison * Mike Burns * Josh Nichols * Mike Breen
github.com /thoughtbot /clearance github.com /jasonm /talks

Recomendados

JavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the PlatformJavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the PlatformRobert Nyman
 
J Query - Your First Steps
J Query - Your First StepsJ Query - Your First Steps
J Query - Your First StepsBronson Quick
 
A re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbaiA re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbaiPraveen Puglia
 
Djangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django applicationDjangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django applicationMasashi Shibata
 
Cheap frontend tricks
Cheap frontend tricksCheap frontend tricks
Cheap frontend tricksambiescent
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp HamiltonPaul Bearne
 
WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008mvitor
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеYandex
 

Recomendados

JavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the PlatformJavaScript APIs - The Web is the Platform
JavaScript APIs - The Web is the PlatformRobert Nyman
 
J Query - Your First Steps
J Query - Your First StepsJ Query - Your First Steps
J Query - Your First StepsBronson Quick
 
A re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbaiA re introduction to webpack - reactfoo - mumbai
A re introduction to webpack - reactfoo - mumbaiPraveen Puglia
 
Djangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django applicationDjangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django applicationMasashi Shibata
 
Cheap frontend tricks
Cheap frontend tricksCheap frontend tricks
Cheap frontend tricksambiescent
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp HamiltonPaul Bearne
 
WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008WWW:::Mechanize YAPC::BR 2008
WWW:::Mechanize YAPC::BR 2008mvitor
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеYandex
 
Nodejs.meetup
Nodejs.meetupNodejs.meetup
Nodejs.meetupVivian S. Zhang
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare InstantSaket Choudhary
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare InstantSaket Choudhary
 
Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Mark Jaquith
 
HTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymoreHTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymoreRemy Sharp
 
シックス・アパート・フレームワーク
シックス・アパート・フレームワークシックス・アパート・フレームワーク
シックス・アパート・フレームワークTakatsugu Shigeta
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approvalSimon Willison
 
The Spirit of Testing
The Spirit of TestingThe Spirit of Testing
The Spirit of TestingMarco Cedaro
 
How to make your users not want to murder you
How to make your users not want to murder youHow to make your users not want to murder you
How to make your users not want to murder youjoe_mcmahon
 
YUI on the go
YUI on the goYUI on the go
YUI on the goChristian Heilmann
 
YUI introduction to build hack interfaces
YUI introduction to build hack interfacesYUI introduction to build hack interfaces
YUI introduction to build hack interfacesChristian Heilmann
 
Sxsw 20090314
Sxsw 20090314Sxsw 20090314
Sxsw 20090314guestcabcf63
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验yiditushe
 
SocketStream
SocketStreamSocketStream
SocketStreamPaul Jensen
 
Web APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existedWeb APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existedZeno Rocha
 
Canjs
CanjsCanjs
Canjsbitovi
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesAlbert Jessurum
 
Fav
FavFav
Favhelloppt
 
Building web framework with Rack
Building web framework with RackBuilding web framework with Rack
Building web framework with Racksickill
 
Professional web development with libraries
Professional web development with librariesProfessional web development with libraries
Professional web development with librariesChristian Heilmann
 
Rochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to RailsRochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to RailsJason Morrison
 
Rockit: A Parser Generator for Ruby
Rockit: A Parser Generator for RubyRockit: A Parser Generator for Ruby
Rockit: A Parser Generator for RubyJason Morrison
 

Más contenido relacionado

La actualidad más candente

Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Mark Jaquith
 
HTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymoreHTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymoreRemy Sharp
 
シックス・アパート・フレームワーク
シックス・アパート・フレームワークシックス・アパート・フレームワーク
シックス・アパート・フレームワークTakatsugu Shigeta
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approvalSimon Willison
 
The Spirit of Testing
The Spirit of TestingThe Spirit of Testing
The Spirit of TestingMarco Cedaro
 
How to make your users not want to murder you
How to make your users not want to murder youHow to make your users not want to murder you
How to make your users not want to murder youjoe_mcmahon
 
YUI introduction to build hack interfaces
YUI introduction to build hack interfacesYUI introduction to build hack interfaces
YUI introduction to build hack interfacesChristian Heilmann
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验yiditushe
 
Web APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existedWeb APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existedZeno Rocha
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesAlbert Jessurum
 
Building web framework with Rack
Building web framework with RackBuilding web framework with Rack
Building web framework with Racksickill
 
Professional web development with libraries
Professional web development with librariesProfessional web development with libraries
Professional web development with librariesChristian Heilmann
 

La actualidad más candente (20)

Nodejs.meetup
Nodejs.meetupNodejs.meetup
Nodejs.meetup
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008Secure Coding with WordPress - WordCamp SF 2008
Secure Coding with WordPress - WordCamp SF 2008
 
HTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymoreHTML5: where flash isn't needed anymore
HTML5: where flash isn't needed anymore
 
シックス・アパート・フレームワーク
シックス・アパート・フレームワークシックス・アパート・フレームワーク
シックス・アパート・フレームワーク
 
Building Things Fast - and getting approval
Building Things Fast - and getting approvalBuilding Things Fast - and getting approval
Building Things Fast - and getting approval
 
The Spirit of Testing
The Spirit of TestingThe Spirit of Testing
The Spirit of Testing
 
How to make your users not want to murder you
How to make your users not want to murder youHow to make your users not want to murder you
How to make your users not want to murder you
 
YUI on the go
YUI on the goYUI on the go
YUI on the go
 
YUI introduction to build hack interfaces
YUI introduction to build hack interfacesYUI introduction to build hack interfaces
YUI introduction to build hack interfaces
 
Sxsw 20090314
Sxsw 20090314Sxsw 20090314
Sxsw 20090314
 
Google在Web前端方面的经验
Google在Web前端方面的经验Google在Web前端方面的经验
Google在Web前端方面的经验
 
SocketStream
SocketStreamSocketStream
SocketStream
 
Web APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existedWeb APIs you (probably) didn't know existed
Web APIs you (probably) didn't know existed
 
Canjs
CanjsCanjs
Canjs
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus Bundles
 
Fav
FavFav
Fav
 
Building web framework with Rack
Building web framework with RackBuilding web framework with Rack
Building web framework with Rack
 
Professional web development with libraries
Professional web development with librariesProfessional web development with libraries
Professional web development with libraries
 

Destacado

Rochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to RailsRochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to RailsJason Morrison
 
Rockit: A Parser Generator for Ruby
Rockit: A Parser Generator for RubyRockit: A Parser Generator for Ruby
Rockit: A Parser Generator for RubyJason Morrison
 
Writing DSLs with Parslet - Wicked Good Ruby Conf
Writing DSLs with Parslet - Wicked Good Ruby ConfWriting DSLs with Parslet - Wicked Good Ruby Conf
Writing DSLs with Parslet - Wicked Good Ruby ConfJason Garber
 
SmartLab at Ignite Boston 5
SmartLab at Ignite Boston 5SmartLab at Ignite Boston 5
SmartLab at Ignite Boston 5Jason Morrison
 
Rochester on Rails: Introduction to Ruby
Rochester on Rails: Introduction to RubyRochester on Rails: Introduction to Ruby
Rochester on Rails: Introduction to RubyJason Morrison
 
Synthetic Biology at BarcampRochester3
Synthetic Biology at BarcampRochester3Synthetic Biology at BarcampRochester3
Synthetic Biology at BarcampRochester3Jason Morrison
 

Destacado (7)

Rochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to RailsRochester on Rails: Introduction to Rails
Rochester on Rails: Introduction to Rails
 
Rockit: A Parser Generator for Ruby
Rockit: A Parser Generator for RubyRockit: A Parser Generator for Ruby
Rockit: A Parser Generator for Ruby
 
Writing DSLs with Parslet - Wicked Good Ruby Conf
Writing DSLs with Parslet - Wicked Good Ruby ConfWriting DSLs with Parslet - Wicked Good Ruby Conf
Writing DSLs with Parslet - Wicked Good Ruby Conf
 
SmartLab at Ignite Boston 5
SmartLab at Ignite Boston 5SmartLab at Ignite Boston 5
SmartLab at Ignite Boston 5
 
Rochester on Rails: Introduction to Ruby
Rochester on Rails: Introduction to RubyRochester on Rails: Introduction to Ruby
Rochester on Rails: Introduction to Ruby
 
Synthetic Biology at BarcampRochester3
Synthetic Biology at BarcampRochester3Synthetic Biology at BarcampRochester3
Synthetic Biology at BarcampRochester3
 
Multitouch: FTIR
Multitouch: FTIRMultitouch: FTIR
Multitouch: FTIR
 

Similar a Clearance: Simple, complete Ruby web app authentication.

OSDC 2009 Rails Turtorial
OSDC 2009 Rails TurtorialOSDC 2009 Rails Turtorial
OSDC 2009 Rails TurtorialYi-Ting Cheng
 
Action Controller Overview, Season 2
Action Controller Overview, Season 2Action Controller Overview, Season 2
Action Controller Overview, Season 2RORLAB
 
Cache Money Talk: Practical Application
Cache Money Talk: Practical ApplicationCache Money Talk: Practical Application
Cache Money Talk: Practical ApplicationWolfram Arnold
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?brynary
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkDirk Haun
 
Pluginが広げるRailsの魅力
Pluginが広げるRailsの魅力Pluginが広げるRailsの魅力
Pluginが広げるRailsの魅力Yoji Shidara
 
More to RoC weibo
More to RoC weiboMore to RoC weibo
More to RoC weiboshaokun
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Jeff Jones
 
Systems Automation with Puppet
Systems Automation with PuppetSystems Automation with Puppet
Systems Automation with Puppetelliando dias
 
Working Effectively With Legacy Code
Working Effectively With Legacy CodeWorking Effectively With Legacy Code
Working Effectively With Legacy Codescidept
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
 
Intro To Mvc Development In Php
Intro To Mvc Development In PhpIntro To Mvc Development In Php
Intro To Mvc Development In Phpfunkatron
 
More Secrets of JavaScript Libraries
More Secrets of JavaScript LibrariesMore Secrets of JavaScript Libraries
More Secrets of JavaScript Librariesjeresig
 
Boston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on RailsBoston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on RailsJohn Brunswick
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!Greg Bell
 
Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation Compare Infobase Limited
 

Similar a Clearance: Simple, complete Ruby web app authentication. (20)

OSDC 2009 Rails Turtorial
OSDC 2009 Rails TurtorialOSDC 2009 Rails Turtorial
OSDC 2009 Rails Turtorial
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
 
Action Controller Overview, Season 2
Action Controller Overview, Season 2Action Controller Overview, Season 2
Action Controller Overview, Season 2
 
Cache Money Talk: Practical Application
Cache Money Talk: Practical ApplicationCache Money Talk: Practical Application
Cache Money Talk: Practical Application
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application Framework
 
Pluginが広げるRailsの魅力
Pluginが広げるRailsの魅力Pluginが広げるRailsの魅力
Pluginが広げるRailsの魅力
 
More to RoC weibo
More to RoC weiboMore to RoC weibo
More to RoC weibo
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
Systems Automation with Puppet
Systems Automation with PuppetSystems Automation with Puppet
Systems Automation with Puppet
 
Working Effectively With Legacy Code
Working Effectively With Legacy CodeWorking Effectively With Legacy Code
Working Effectively With Legacy Code
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
 
Intro To Mvc Development In Php
Intro To Mvc Development In PhpIntro To Mvc Development In Php
Intro To Mvc Development In Php
 
More Secrets of JavaScript Libraries
More Secrets of JavaScript LibrariesMore Secrets of JavaScript Libraries
More Secrets of JavaScript Libraries
 
Symfony 1, mi viejo amigo
Symfony 1, mi viejo amigoSymfony 1, mi viejo amigo
Symfony 1, mi viejo amigo
 
Boston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on RailsBoston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on Rails
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!
 
Revoke-Obfuscation
Revoke-ObfuscationRevoke-Obfuscation
Revoke-Obfuscation
 
Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation Zend - Installation And Sample Project Creation
Zend - Installation And Sample Project Creation
 
GAEO
GAEOGAEO
GAEO
 

Último

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Clearance: Simple, complete Ruby web app authentication.

  • 1. Clearance Jason Morrison jmorrison@thoughtbot.com
  • 2. $ sudo gem install thoughtbot- Clearance --source http://gems.github.com $ curl “http://github.com/thoughtbot/ clearance/tree/master%2FREADME.textile? raw=true”
  • 5.
  • 7. email + confirmation + password + forgot = authentication. No authorization, no roles, no ACLs, no HTTP basic auth, no OpenID (in core), no admin (in core), no, no, no!
  • 9. mess ^ Generator free!
  • 10.
  • 11. (but it’s small) # models and controllers [~/dev/clearance/lib/clearance/app] find . | xargs wc -l 434 total # units and functionals [~/dev/clearance/lib/clearance/test] find . | xargs wc -l 822 total
  • 13.
  • 15. Have it your way class User < ActiveRecord::Base include Clearance::Model def encrypt(password) Digest::SHA1.hexdigest quot;--#{salt}--#{password}--quot; end protected def initialize_salt self.salt = Digest::SHA1.hexdigest( quot;--#{Time.now.to_s}--#{email}--quot;) if new_record? end end
  • 16. Have it your way # similar deal for UsersController, ConfirmationsController class SessionsController < ApplicationController include Clearance::SessionsController def url_after_create video_url(:awesome_and_exciting_welcome) end def url_after_destroy video_url(:wistful_farewell) end end
  • 17.
  • 18. Get goin’ class User < ActiveRecord::Base include Clearance::Model acts_as_geocodable :normalize_address => true # don’t forget this guy! attr_accessible :first_name, :last_name, :street, :locality, :region, :postal_code, :website, :about end
  • 19. Get goin’ class UsersController < ApplicationController include Clearance::UsersController before_filter :authenticate, :except => [:new, :create] before_filter :can_only_edit_self, :only => [:edit, :update] protected def can_only_edit_self unless current_user == User.find(params[:id]) flash[:error] = 'Oh, snap! Get outta here.' redirect_to root_url end end end
  • 21. TODO.textile • Some refactoring & documentation to do
  • 22. Loot from merb-auth • Store current_user on the session, not controller • HTTP fluency • 401 Unauthorized • 405 Resource not allowed • Make a strategy: • Email confirmation • Forgot password • Salted passwords
  • 23. clearance-admin <% if current_user.admin? -%> Admin::UsersController logged_in_admin_context {} should_only_allow_admins_on ‘get :index’
  • 24. clearance-openid Extract from http://hoptoadapp.com
  • 25. Always be on the lookout for Clearance http://www.youtube.com/watch?v=sEaqfpqLBK4
  • 26. Guard Dog http://headrush.typepad.com/creating_passionate_users /2007/03/seven_blog_virt.html Kiss http://flickr.com/photos/andraspfaff/623258079/ Awesome Delorean http://flickr.com/photos/f1rstborn/757609629/ “Shh!” http://flickr.com/photos/cupcake_eater/2721122278/ Personals Ad http://flickr.com/photos/eggplant/3211654/ Baseball Photosiñata http://flickr.com/photos/mcbeth/156411746/
  • 27. $ tail -n 8 README.textile h2. Authors * thoughtbot, inc. * Dan Croak * Jason Morrison * Mike Burns * Josh Nichols * Mike Breen