开发者

Steps to create my own authentication system, need some guidance

问答 作者:

I want to learn how to create my own authentication system, please provide some guidance if am doing this wrong.

  1. I will create a Module in my /lib folder /lib/auth.rb
  2. I will require this module in my ApplicationCont开发者_JS百科roller.
  3. when a user enters their email + password, I will call a method that will do a lookup in the user's table for a user with the same email, I will then compare the passwords. (i'll add encryption with salt later).
  4. If the user entered the correct credentials, I will create a row in the Sessions table, and then write the session GUID to a cookie.
  5. Now whenever I need to check if the user is logged in, or I need the user object, I will check if the cookie exists, if it does, I will lookup the session table for a row with the same guid, if it exists, I will return the session row and then load the User object.

I realize there are many suggestions one can give, but in a nutshell does this sound like a workable solution?

Now to make this usable, I will have to make some helper methods in my ApplicationController right?

How will I access the current_user from within my views?

P.S I know of other authentication systems, I just want to learn how to create my own.

The basic logic you're following is correct. Of course you can always expand on this with features that you need. For instance, you'll need helper methods for things like "logged_in?" and "current_user". Also, you might want to add session expiry, or session retention as a "remember me" feature.
Go for it, you won't learn authentication systems better than building your own then figuring what's wrong with it.

You should really check out the authlogic gem on github. http://github.com/binarylogic/authlogic It also has great instructions on how to set up your users.

After Faisal said what I would say, I only give you answer to the last part of your question: "How will I access the current_user from within my views?"

try something like this:

class User < ...
  def self.current=(u)
    @current = u
  end
  def self.current
    @current
  end
end

In your views (or any part of your code) you can call User.current. Your controller has to assign a validated user to User.current. Your filters can react to "if User.current.nil?" and so on.

If you want to be thread safe, you may use a thread variable instead of @current:

Thread.current[:current_user] = u

继续阅读:ruby-on-rails

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9