Rails Full Authentication from scratch
I know that there are lot of gems available to implement full authentication in R开发者_如何学Pythonuby on Rails.
But in my case, I will need to implement one from scratch. There are lots of tutorials that show how to implement authentication in Rails but none of them cover a lot of other important parts like:
1] Tracking last login and current login timestamp.
2] Keeping a running count of all the successful logins for a user.
3] Tracking failed login attempts and locking out the user after certain number of failed attempts. (we won't be sending out emails to unlock the account. This is because the user will call in, verify their identity and then the person on the phone will unlock the account by resetting a flag. Please suggest if there is another better alternative.)
4] Remember me functionality.
Thanks in advance for help!
I think the pitfall for all self-proclaimed "newbies" are that they always want to build everything from scratch! =P
You are right, there are many authentication gems out there. And I would highly recommend digging a bit deeper into them before trying to roll your own as there are many sticky spots to make sure your authentication system is functional and secure.
I would recommend checking out Devise (https://github.com/plataformatec/devise), it's the one I use on my projects. If it doesn't provide you with most of your functionality out of the box, it's nearly trivial to add it by modifying the registrations controller. Again, if it's not available out of the box, the general approach will be - Add last_login, current_login, login_count, failed_attempts to your user model. - Override the devise registrations controller and make sure all those values are updated when you want.
Anther notes, Devise does provide functionality to recover passwords via email, but you can easily disable that to force your users through the call-in/verify.
Another entry point for you to consider would be the new Rails 3.1 (not officially released yet). But a lot of updates were included to help you build better authentication systems. Check out this railscast for more info: http://railscasts.com/episodes/270-authentication-in-rails-3-1
1] Add two timestamp fields to you table to track those params: last_login_time
and current_login_time
. When user login last_login_time = current_login_time
and current_login_time = Time.now
2] Add logins_count
field to you table and increase it on every login
3]
3.1 Add field fails_count
and increase it each time when login unsuccessful and reset at success login
3.2 add boolean field 'blocked' and set it to true if fails_count
equal some number
You may want to check my example Rails application that has authentication built from scratch.
精彩评论