Foyer

Authentication layer for Rails apps that identify users via a single sign on server that is configured as an OmniAuth provider

Installation

gem 'foyer'

Setup and Configuration

Setup as normal the omniauth gem. Remember to include in routes.rb the implementating controller action that will call the sign_in method:

Rails.application.routes.draw do
  match '/auth/:provider/callback', to: 'omniauth_callbacks#callback', via: [:get, :post]
  match '/auth/failure', to: 'omniauth_callbacks#failure', via: :get
end

You may extend the provided Foyer::OmniauthCallbacksController, as described later in this document, to facilitate the implementation.

Then in your ApplicationController:

class ApplicationController < ActionController::Base
  include Foyer::Controller::Helpers

  # Require authentication for all routes.
  before_action authenticate_user!

  set_user_finder do |user_id|
    # Code for retrieving a user from your database here
    # e.g.:
    #
    #  User.find_by_id(user_id)
  end
end

You can also configure the user finder in an initializer:

# config/initializers/foyer.rb
Foyer.user_finder = lambda { |user_id| ... }

Besides Foyer.user_finder there are some additional configuration settings:

Foyer.identity_provider # The slug name of the omniauth provider your app uses
Foyer.session_key # The key where Foyer will store user data in the session

Currently, the session is the only store available.

Usage

In Controllers

Once the setup is complete, you will have the following methods available in controllers that include Foyer::Controller::Helpers:

authenticate_user! - Before filter that redirects unauthenticated users 
                      to omniauth

sign_in(user) - Pass a user object to this method to sign that user in.
                User object must respond to #id

current_user - The authenticated user or nil if no user is authenticated

user_signed_in? - Predicate method to test if a user is authenticated

user_session - Access the current user's session data

sign_out - Signs out the authenticated user by clearing the session

In Views

current_user and user_signed_in? are available as helper methods in views.

Routes

This gem sets up a routing helper authenticate which allows you to set a constraint on routes so that only logged in users can access them. Example:

Rails.application.routes.draw do
  authenticate do
    get :some_page, to: 'authenticated_users#some_page'
  end
  get :some_page, to: 'unauthenticated_users#some_page'
end

authenticate also accepts a guard as an optional argument. The guard should be a lambda that accepts 1 argument, the authenticated user. Example:

Rails.application.routes.draw do
  authenticate lambda { |u| u.admin? } do
    namespace :admin do
      ...
    end
  end
end

Omniauth Callbacks Controller

For convience, there is a Foyer::OmniauthCallbacksController that includes the Controller::Helpers plus some additional useful helpers. You can inherit from it in your application.

Example:

class OmniauthCallbacksController < Foyer::OmniauthCallbacksController
  def failure
    redirect_to root_path, notice: 'Authentication failed!'
  end

  def callback
    user = User.find_or_initialize_by(uid: auth_hash.uid.to_s) do |u|
      u.email = auth_hash.info.email
    end

    user.token = auth_hash.credentials.token
    user.refresh_token = auth_hash.credentials.refresh_token

    if user.new_record?
      redirect_to origin || welcome_path
    else
      redirect_to after_sign_in_path
    end

    user.save
    sign_in user
  end
end

Contributing

Fork it ( http://github.com/GaggleAMP/foyer/fork )
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request

foyer

Development

Runtime