Passa al contingut principal

Remote authentication with devise

Devise is great. It simplifies lots of tasks related to resource management: authentication, registration, confirmation, etc; and it does it in a clean and highly configurable way. But it is only this great if you are managing your resources locally. Devise has adapters only for models backed up with ActiveRecord or MongoId which means that if you’re using resources provided by an external webservice you can’t use Devise.


But don’t despair.


Extending Devise


First of all we have to get a basic idea of how Devise authenticates your resources. This explanation might be a bit rough so I’m going to use the following diagram to ease the explanation (kudos to asischao for his help).


The workflow of a request



  1. A request to authenticate a resource is received in the Rails app and it matches a route generated by devise_for.

  2. The request is handled (by default) by the SessionsController, provided by Devise, which delegates the authentication to Warden

  3. Warden uses one of the strategies provided by Devise to determine if the resource can be authenticated or not.


The output of this process is an authenticated resource. Or not.


So, from this list of steps it seems that we have the following spots to work on:



  • Configure our resource to enable remote authentication.

  • Create an strategy that authenticates the resources with the external webservice.


Configuring the resource


Lets assume that our resource is a PORO called User


User PORO








1
2
3


class User
attr_accessor :id
end



Devise requires some functionallity that we usually have for free when using ActiveRecord resources. As this is not the case we have to do some plumbing: include some ActiveModel modules and extend the class using Devise::Models.


Preparation








1
2
3
4
5
6
7


class User
include ActiveModel::Validations #required because some before_validations are defined in devise
extend ActiveModel::Callbacks #required to define callbacks
extend Devise::Models

define_model_callbacks :validation #required by Devise
end



At this point we are ready to configure Devise.


Enable Devise








1
2
3


class User
devise :remote_authenticatable
end



Authentication module


To understand a bit better what we are doing here take a look at the following Devise modules:



We have to create a module that performs at least three tasks:



  • Authenticate the resouce using the remote webservice.

  • Return an array of data that will be used to store a reference to the resource in the session.

  • Use this session data to re-build the resource.


Authenticate using the remote resource








1
2
3
4
5
6
7
8
9
10
11


module Devise
module Models
module RemoteAuthenticatable
extend ActiveSupport::Concern

def remote_authentication(authentication_hash)
# Your logic to authenticate with the external webservice
end
end
end
end



Devise::Models::RemoteAuthenticatable#remote_authentication will be used later (in the Warden strategy) to authenticate the resource using the remote webservice. This method performs almost the same function as Devise::Models::DatabaseAuthenticatable#valid_pasword? in the sense that they both have to return a resource instance if the creedentials are valid or false otherwise.


Serialize/Deserialize








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20


module Devise
module Models
module RemoteAuthenticatable
extend ActiveSupport::Concern

module ClassMethods
def serialize_from_session(id)
resource = self.new
resource.id = id
resource
end

def serialize_into_session(record)
[record.id]
end

end
end
end
end



We overwrite Devise::Models::ClassMethods#serialize_into_session and Devise::Models::ClassMethods#serialize_from_session because their implementation is tied to resources using some kind of database backup. In this methods you just have to return an array with data that you’ll use later to re-build the resource instance.


The full code (with comments) of Devise::Models::RemoteAuthenticatable is on this gist


Creating an strategy


Strategies contains the logic used by Warden to authenticate users. They must define an authenticate! method, where the request will be processed. Inside this method you can take several actions:



  • halt! which halts the cascading of strategies.

  • fail! fails the strategy. Calls halt!

  • success! log in a user.

  • And other actions. Take a look at the documentation


Because of the conventions used by Devise, the strategy name has to be the same as the name of the module used to authenticate the resource.


Warden strategy for Devise








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18


module Devise
module Strategies
class RemoteAuthenticatable < Authenticatable
def authenticate!
auth_params = authentication_hash
auth_params[:password] = password

resource = mapping.to.new

return fail! unless resource

if validate(resource){ resource.remote_authentication(auth_params) }
success!(resource)
end
end
end
end
end



The previous code is pretty straightforward. We create a new resource and using Devise::Models::RemoteAuthenticatable#remote_authentication we authenticate it. If the authentication succeeds we mark the request as valid with success!.


Gist with the code, and comments, of this strategy.


Putting everything together


So, to sum up, this solution is composed of:



  • Devise::Models::RemoteAuthenticatable, a module used by Devise to authenticate the resource.

  • Devise::Strategies::RemoteAuthenticatable, a class implementing a Warden strategy.


Finally, don’t forguet to configure Devise (in config/initializers/devise.rb) to use all the stuff we have done here : )


Configure Devise








1
2
3
4


config.warden do |manager|
manager.strategies.add(:remote, Devise::Strategies::RemoteAuthenticatable)
manager.default_strategies(:scope => :user).unshift :remote
end







via 4Trabes http://4trabes.com/2012/10/31/remote-authentication-with-devise/

Comentaris

Entrades populars d'aquest blog

10 alternativas a Cuevana para ver películas online

10 alternativas a Cuevana para ver películas online : Durante este último tiempo, en Cuevana se sucedieron varios “problemas” por los cuales hubo que ajustar algunas cosas antes de tiempo (como el rediseño del sitio), que dejaron a algunos usuarios ciertos problemas para acceder a las películas o series del portal. Pero realmente esto es algo que no incumbe a los usuarios y, como sabemos, existen muchas otras alternativas a Cuevana dando vueltas por Internet, que intentaremos presentar aquí mismo. Los sitios que repasaremos funcionan del mismo modo que Cuevana, mediante la instalación de un plugin que permite visualizar los videos de Megaupload o WUShare, entre otros servicios, en una calidad de imágen realmente excelente. Tal como sucede con el más popular servicio, todos ellos tienen publicidad que en algunos casos resulta insoportable, pero como dice Federico en DotPod “a caballo regalado no se le miran los dientes”. Alternativas a Cuevana 1. Moviezet Posiblemente el mejor clon d...

Learn Composition from the Photography of Henri Cartier-Bresson

“Do you see it?” This question is a photographic mantra. Myron Barnstone , my mentor, repeats this question every day with the hopes that we do “see it.” This obvious question reminds me that even though I have seen Cartier-Bresson’s prints and read his books, there are major parts of his work which remain hidden from public view. Beneath the surface of perfectly timed snap shots is a design sensibility that is rarely challenged by contemporary photographers. Henri Cartier-Bresson. © Martine Franck Words To Know 1:1.5 Ratio: The 35mm negative measures 36mm x 24mm. Mathematically it can be reduced to a 3:2 ratio. Reduced even further it will be referred to as the 1:1.5 Ratio or the 1.5 Rectangle. Eyes: The frame of an image is created by two vertical lines and two horizontal lines. The intersection of these lines is called an eye. The four corners of a negative can be called the “eyes.” This is extremely important because the diagonals connecting these lines will form the breakdown ...

Más de 50 de las mejores herramientas online para profesores

No es una exageración afirmar que hay ciento de aplicaciones educativas por ahí por la red, para todos los gustos y de todos los colores, por lo que es difícil tratar de recogerlas todas en un listado. Sin embargo, algunas destacan más que otras por su innovación y por su capacidad para conseguir adeptos, y esas son las que protagonizan la presente recopilación. Son 50 interesantes herramientas online basadas en las recopilaciones de EduArea , las muchas ya tratadas en Wwwhat’s new y las destacadas por la experiencia. 1. Dropbox : Un disco duro virtual con varios GB gratuitos y al que se accede desde casi cualquier dispositivo. Sin embargo, es muchísimo más que eso, de hecho ya comentamos 20 razones . 2. Google Drive : La evolución de Google Docs que suma a sus múltiples herramientas de creación de documentos, un considerable espacio virtual gratuito. 3. CloudMagic : Una extensión y una app multidispositivo para buscar información simultáneamente en Gmail, Twitter, Facebook, Evernote ...