Thincloud::Authentication
Description
A Rails Engine to provide authentication for Thincloud applications.
Requirements
This gem requires Rails 3.2+ and has been tested on the following versions:
- 3.2
This gem has been tested against the following Ruby versions:
- MRI 1.9.2
- MRI 1.9.3
- MRI 2.0.0
- JRuby 1.6+ (with
JRUBY_OPTS=--1.9
) - Rubinius 2.0.0dev (with
RBXOPT=-X19
)
This gem has been tested against the following database versions:
- MySQL 5.0, 5.5
- PostgreSQL 9.1, 9.2
- SQLite 3
Installation
Add this line to your application's Gemfile:
gem "thincloud-authentication"
- Run
bundle
- Copy the migrations and prepare your databases:
$ rake thincloud_authentication:install:migrations db:migrate db:test:prepare
- Mount the engine in your
config/routes.rb
file:
mount Thincloud::Authentication::Engine => "/auth", as: "auth_engine"
Using the example above, you may now login or signup at http://lvh.me:3000/auth.
Prerequisites
The following must be true for thincloud-authentication
to operate properly:
- A
root_url
must be defined inconfig/routes.rb
- A
User
model must exist
Configuration
The Thincloud::Authentication
module accepts a configure
block with options to customize the engine behavior.
Layouts
Set the layout
option to customize the layout used by all thincloud-authentication views:
Thincloud::Authentication.configure do |config|
config.layout = "other"
end
Mailers
Set the mailer_sender
option to customize the "From" address of the emails sent from the system:
Thincloud::Authentication.configure do |config|
config.mailer_sender = "app@example.com"
end
Cookies
Set the cookie_options
option to customize the options that get passed to the authentication cookies:
Thincloud::Authentication.configure do |config|
config.cookie_options = { secure: true, domain: :all }
end
Additional provider strategies
- Require the
omniauth-#{provider}
gem before thethincloud-authentication
gem in theGemfile
:
gem "omniauth-linkedin"
gem "omniauth-stripe-connect"
gem "thincloud-authentication"
- Add a key to the
providers
hash with the name of the strategy, followed by additional options forrequire
,scopes
andfields
as needed. Additionally, you will need to provide environment variables (prefixed with the provider name), with theconsumer_key
andconsumer_secret
values from your OAuth provider.
To enable the LinkedIn and Stripe Connect providers:
- Provide values for following environment variables:
ENV["LINKEDIN_CONSUMER_KEY"]
ENV["LINKEDIN_CONSUMER_SECRET"]
ENV["STRIPE_CONNECT_CONSUMER_KEY"]
ENV["STRIPE_CONNECT_CONSUMER_SECRET"]
- Add the file
config/initializers/thincloud_authentication.rb
with the following contents:
Thincloud::Authentication.configure do |config|
config.providers = {
linkedin: {
scopes: "r_emailaddress r_basicprofile",
fields: ["id", "email-address", "first-name", "last-name", "headline",
"industry", "picture-url", "location", "public-profile-url"]
},
stripe_connect: {
require: "omniauth-stripe-connect",
scopes: "read_write"
}
}
end
Vanity Routes
If you want to customize the routes (remove the /auth
prefix), you may add the following to your config/routes.rb
file:
get "signup", to: "thincloud/authentication/registrations#new", as: "signup"
get "login", to: "thincloud/authentication/sessions#new", as: "login"
delete "logout", to: "thincloud/authentication/sessions#destroy", as: "logout"
Using the example above, you will have the following routes locally:
-
signup_url
points to "/signup" -
login_url
points to "/login" -
logout_url
points to "/logout" - Make sure to use thedelete
method to logout.
Redirection
You can customize the paths used to redirect users after login, logout, registration and email verification by overriding the corresponding methods in your ApplicationController, or specific controllers, as needed.
-
after_login_path
is used after the user logs in. -
after_logout_path
is used after the user logs out. -
after_registration_path
is used after the user registers. -
after_verification_path
is used after the user verifies their email. -
after_password_update_path
is used after the user updates their password.
Working with Identities
Thincloud Authentication provides a few service objects to assist with creating and updating Identities:
-
CreateInvitationForUser.call(user, name: "Test Name", email: "test@test.com")
is used to create a new Identity for a user and send an email with an invitation URL which allows the user to choose a password. -
UpdateIdentityPassword.call(identity, password: "s3kr1tz!", password_confirmation: "s3kr1tz!")
is used to update the password for an existing Identity.
Both of the methods above will return true
or false
.
TODO
- Add multiple, configurable strategy options
- Add a configuration option to customize the mailers
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a Pull Request
License
- Freely distributable and licensed under the MIT license.
- Copyright (c) 2012 New Leaders (opensource@newleaders.com)
- https://newleaders.com