Mais conteúdo relacionado Semelhante a devise tutorial - 2011 rubyconf taiwan (20) devise tutorial - 2011 rubyconf taiwan3. AGENDA
• OminiAuth Client Application
providers: Facebook, Twitter, Github
• OpenID Client Application
providers: Google, Yahoo, Google Apps
• LDAP Client Application
providers: Localhost OpenLDAP
• CAS Client Application
providers: Localhost CAS
5. ABOUT AUTHENTICATION
• authenticationand
authorization are two things
• authentication is just an
identity token / ticket
• canuse multi authentication
providers on one site
• oneuser can have many
authentications
6. Oauth
customer devise
providers
OpenID
providers
LDAP
omniauth
providers
3rd party
providers
CAS username
server /password
DEVISE - OMNIAUTH WAY
9. users managers
Model: User Model: Manager
has_many :authentications, :as => :resource has_many :authentications, :as => :resource
has_one :profile, :as => :resource has_one :profile, :as => :resource
id integer id integer
email string email string
encrypted_password string encrypted_password string
reset_password_token string reset_password_token string
reset_password_sent_at datetime reset_password_sent_at datetime
remember_created_at datetime remember_created_at datetime
sign_in_count integer sign_in_count integer
current_sign_in_at datetime current_sign_in_at datetime
last_sign_in_at datetime last_sign_in_at datetime
current_sign_in_ip string current_sign_in_ip string
last_sign_in_ip string last_sign_in_ip string
created_at datetime created_at datetime
updated_at datetime updated_at datetime
authentications profiles
Model: Authentication Model: Profile
belongs_to :resource, :polymorphic => true belongs_to :resource, :polymorphic => true
id integer id integer
resource_id integer resource_id integer
resource_type string resource_type string
provider string first_name string
uid string last_name string
uname string fullname string
umail string nickname string
created_at datetime created_at datetime
updated_at datetime updated_at datetime
POSSIBLE DB SCHEMA
11. FEATURES OF DEVISE
• rack - simple and fast
• strategies - logical and flexible
• modularity - maintainable rails engine
• multi-models - signed in at the same time
• extensions - diversity
• authentication scheme with general user’s needs
12. BUILDED IN MODULES
• Database authenticatable • Rememberable
• Token authenticatable • Trackable
• Omniauthable • Timeoutable
• Confirmable • Validatable
• Recoverable • Lockable
• Registerable • Encryptalbe
13. EXTENSION MODULES
• ORM
• Encryption
• Authentication
• UI enhancement
• https://github.com/plataformatec/devise/wiki/Extensions
14. FILTERS & HELPERS
• authenticate_user!
• user_signed_in?
• current_user
• user_session
• user_root_path
17. NEW RAILS APP
• rails new devise_tutorial -JTd mysql
• cd devise_tutorial
• vim Gemfile
• bundle install
• rails generate scaffold page title:string content:text
• rake db:create
• rake db:migrate
• rails server
bundle exec unicorn -p 3000
• tail -f log/development.log
19. DEPLOY TO HEROKU
• git checkout heroku
• heroku keys:add
• heroku create
• git push heroku master
• heroku rake db:setup
• heroku open
21. DEVISE CUSTOMIZATION
• config - set configurations for devise
• migrations - set database fields
• models - select modules, set attributes
• routes - set uri mapping
• controllers - set filters and redirects
• views - set html and css
22. rake middleware
use ActionDispatch::Static
use Rack::Lock
use ActiveSupport::Cache::Strategy::LocalCache
use Rack::Runtime
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::RemoteIp
use Rack::Sendfile
use ActionDispatch::Callbacks
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use ActionDispatch::ParamsParser
use Rack::MethodOverride
use ActionDispatch::Head
use ActionDispatch::BestStandardsSupport
use Warden::Manager
run DeviseTutorial::Application.routes
24. rake routes
manager_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"management", :action=>"show"}
new_manager_session GET /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"}
manager_session POST /managers/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"}
destroy_manager_session DELETE /managers/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"}
manager_password POST /managers/password(.:format) {:controller=>"devise/passwords", :action=>"create"}
new_manager_password GET /managers/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"}
edit_manager_password GET /managers/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"}
PUT /managers/password(.:format) {:controller=>"devise/passwords", :action=>"update"}
cancel_manager_registration GET /managers/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"}
manager_registration POST /managers(.:format) {:controller=>"devise/registrations", :action=>"create"}
new_manager_registration GET /managers/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"}
edit_manager_registration GET /managers/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"}
PUT /managers(.:format) {:controller=>"devise/registrations", :action=>"update"}
DELETE /managers(.:format) {:controller=>"devise/registrations", :action=>"destroy"}
user_root GET /pages/:id(.:format) {:controller=>"pages", :id=>"dashboard", :action=>"show"}
new_user_session GET /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"new"}
user_session POST /users/sign_in(.:format) {:controller=>"devise/sessions", :action=>"create"}
destroy_user_session DELETE /users/sign_out(.:format) {:controller=>"devise/sessions", :action=>"destroy"}
user_password POST /users/password(.:format) {:controller=>"devise/passwords", :action=>"create"}
new_user_password GET /users/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"}
edit_user_password GET /users/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"}
PUT /users/password(.:format) {:controller=>"devise/passwords", :action=>"update"}
cancel_user_registration GET /users/cancel(.:format) {:controller=>"devise/registrations", :action=>"cancel"}
user_registration POST /users(.:format) {:controller=>"devise/registrations", :action=>"create"}
new_user_registration GET /users/sign_up(.:format) {:controller=>"devise/registrations", :action=>"new"}
edit_user_registration GET /users/edit(.:format) {:controller=>"devise/registrations", :action=>"edit"}
PUT /users(.:format) {:controller=>"devise/registrations", :action=>"update"}
DELETE /users(.:format) {:controller=>"devise/registrations", :action=>"destroy"}
root /(.:format) {:controller=>"pages", :action=>"show"}
26. users
Model: User
has_many :authentications, :as => :resource authentications
has_one :profile, :as => :resource
Model: Authentication
id integer belongs_to :resource, :polymorphic => true
email string
encrypted_password string id integer
reset_password_token string resource_id integer
reset_password_sent_at datetime resource_type string
remember_created_at datetime provider string
sign_in_count integer uid string
current_sign_in_at datetime uname string
last_sign_in_at datetime umail string
current_sign_in_ip string created_at datetime
last_sign_in_ip string updated_at datetime
created_at datetime
updated_at datetime
PROVIDER - USER DB SCHEMA
28. OMNIAUTH MIDDLEWARES
rake middleware
use ActionDispatch::Static
......
use ActionDispatch::BestStandardsSupport
use Warden::Manager
use OmniAuth::Strategies::Facebook
use OmniAuth::Strategies::Twitter
use OmniAuth::Strategies::GitHub
use OmniAuth::Strategies::OpenID
use OmniAuth::Strategies::OpenID
use OmniAuth::Strategies::OpenID
use OmniAuth::Strategies::GoogleApps
use OmniAuth::Strategies::GoogleApps
run DeviseTutorial::Application.routes
29. DEVISE OMNIAUTH ROUTES
• /users/auth/:provider(.:format)
{ :controller => "users/omniauth_callbacks",
:action => "passthru" }
• user_omniauth_callback
/users/auth/:action/callback(.:format)
{ :controller => "users/omniauth_callbacks",
:action => /facebook|twitter|github/ }
30. NEEDS OF OAUTH
• create new app record for each client site
• app id and app secret are required
• callback url must match
• access token / error message will append to callback url
• specific yaml pattern for user auth data
31. ---
provider: facebook
uid: "1290347368"
credentials:
token: 49923..........6RqGc
user_info:
nickname: tsechingho
email: tsechingho@gmail.com
first_name: Tse-Ching
last_name: Ho
name: Tse-Ching Ho
image: http://graph.facebook.com/1290347368/picture?type=square
urls:
Facebook: http://www.facebook.com/tsechingho
Website:
extra:
user_hash:
id: "1290347368"
name: Tse-Ching Ho
first_name: Tse-Ching
last_name: Ho
link: http://www.facebook.com/tsechingho
username: tsechingho
hometown:
id: "110922325599480"
name: Taichung, Taiwan
35. facebook.com
FACEBOOK USER PANEL
http://www.facebook.com/settings?tab=applications
https://developers.facebook.com/docs/reference/api/permissions/
36. FACEBOOK OAUTH WORK
FLOW
facebook.com
• ca_file / ca_path
• /users/auth/facebook
• users/omniauth_callbacks#passthru
• https://www.facebook.com/connect/uiserver.php
• /users/auth/facebook/callback?code=xxxxxx
41. TWITTER OAUTH WORK
FLOW api.twitter.com
• /users/auth/twitter
• users/omniauth_callbacks#passthru
• https://api.twitter.com/oauth/authenticate
• /users/auth/twitter/callback?code=xxxxxx
• twitter auth data is too big for cookies session store
• no email in user auth data
43. github.com
NEW GITHUB APP
https://github.com/account/applications/new
46. GITHUB OAUTH WORK FLOW
github.com
• /users/auth/github
• users/omniauth_callbacks#passthru
• https://github.com/login/oauth/authorize
• /users/auth/github/callback?code=xxxxxx
50. GOOGLE OPENID WORK
FLOW
• ca_file / open_id_store
• /users/auth/google
• users/omniauth_callbacks#passthru
• https://www.google.com/accounts/o8/ud
• https://accounts.google.com/o/openid2/auth
• https://www.google.com/accounts/o8/id?id=xxxxxx
• /users/auth/google/callback
53. YAHOO OPENID WORK
FLOW
• ca_file / open_id_store
• /users/auth/yahoo
• users/omniauth_callbacks#passthru
• https://open.login.yahooapis.com/openid/op/auth
• https://login.yahoo.com/config/login
• https://me.yahoo.com/a/xxxxxx
• /users/auth/yahoo/callback
55. SIGN IN GOOGLE ACCOUNT
http://www.google.com/enterprise/marketplace/
http://developer.googleapps.com/marketplace/getting-started
56. GOOGLE APPS OPENID
WORK FLOW
• ca_file / open_id_store
• /users/auth/gmail
• users/omniauth_callbacks#passthru
• https://www.google.com/accounts/o8/ud?source=gmail.com
• https://accounts.google.com/o/openid2/auth
• https://www.google.com/accounts/o8/id?id=xxxxxx
• /users/auth/gmail/callback
66. ONE USER
MULTI MAILS
MULTI PROVIDERS