by: Daniel Gaytan at: December 4th, 2009
The authentication system has always been a headache for almost all developers until libraries and frameworks came to the rescue! Tons of ways to authenticate a user were developed for the frameworks of many languages, and for most of us, worrying about a hack-attempt through a login form is a thing of the past. However, since most of us now use authentication systems that were written by another programmer, it is important that we evaluate all the options, and be sure we choose one that fits our needs.
I was surfing the web recently, and found a great authentication system for Rails, one of the most used web frameworks around the world. It’s called Devise, and it is a very flexible rack-based authentication system that works on top of Warden, a general rack authentication framework for Rails. That makes Devise a great option to use.
Almost all rails authentication systems work by setting up a table with one specific model and one specific way to authenticate, either by a site-specific username/password, OpenID, email notification, or 3rd-party site account which you have already access to. Devise, since it has been developed on top of Warden, and since it has learned from the experiences of Authlogic and Clearance (two of the authentication systems most widely used with Rails), has the ability to change of strategy whenever the project needs it.
Devise relies on the 7 strategies (or modules):
Authenticatable: responsible for encrypting passwords and validating of a user while signing in
Confirmable: responsible for verifying whether an account is already confirmed to sign in
Recoverable: in case a user forgot his information, it is responsible for the process of recovering it
Rememberable: manages the remembering of a user from a cookie
Timeoutable: expires sessions in a certain period of time
Trackable: tracks sign in count, timestamps and ip
Validatable: creates all needed validations for email and password
Due to the fact that Devise was developed for being flexible, if you need to handle invitations, you just have to set up a new strategy.
One of the reason that I like Devise is because it allows Rails developers to take an agile approach. It’s flexible enough to allow us to change the authentication process whenever the client (invariably) changes their mind down the road. And it does so in a way that is simple and hassle-free.
