Expertiza_Wiki - User contributions [en]

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T18:19:41Z

Savidhal: /* Design Patterns */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
[http://en.wikipedia.org/wiki/Factory_%28object-oriented_programming%29 Factory Pattern] 
For every web application application running on the web browser that requires a websocket for communicating with the server, a new thread needs to be spawned that creates a client end of the socket associated with the web app. Spawning this thread can be considered to be similar to instantiating an object for which Factory Pattern can be employed. 
[http://en.wikipedia.org/wiki/Thread_pool_pattern Thread Pool Pattern] 
Servo's primary objective was to provide concurrency. This concurrency can be attained by scheduling tasks which can be run in parallel. Threads help execute these tasks in parallel. Thread Pool Pattern helps manage these thread. For example, one thread could be to accept new requests for websockets, as a result of which new thread would be spawned (client side of websocket) for that application.

==Proposed Test Cases==
==Further Readings==
==References==
<references/>

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T15:51:33Z

Savidhal: /* Design Patterns */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
[http://en.wikipedia.org/wiki/Factory_%28object-oriented_programming%29 Factory Pattern] 
For every web application application running on the web browser that requires a websocket for communicating with the server, a new thread needs to be spawned that creates a client end of the socket associated with the web app. Spawning this thread can be considered to be similar to instantiating an object for which Factory Pattern can be employed.

==Proposed Test Cases==
==Further Readings==
==References==
<references/>

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T15:49:36Z

Savidhal: /* Design Patterns */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
[http://en.wikipedia.org/wiki/Factory_%28object-oriented_programming%29 Factory Pattern] 
For every application requiring a websocket for communicating with the server, a new thread needs to be spawned that creates a client. Spawning this thread can be considered to be similar to instantiating an object for which Factory Pattern can be employed.

==Proposed Test Cases==
==Further Readings==
==References==
<references/>

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T06:41:18Z

Savidhal: /* References */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
==Proposed Test Cases==
==Further Readings==
==References==
<references/>

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T06:40:42Z

Savidhal: /* References */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
==Proposed Test Cases==
==Further Readings==
==References==
<ref />

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T06:40:27Z

Savidhal: /* References */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
==Proposed Test Cases==
==Further Readings==
==References==
</ref>

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T06:40:03Z

Savidhal: /* Background */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
==Proposed Test Cases==
==Further Readings==
==References==

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T06:39:26Z

Savidhal: /* Introduction */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. It is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism. Implementing WebSocket API for the Servo engine would allow a persistent single TCP socket connection to be established between the client and server that will provide bi-directional, full duplex, messages to be instantly exchanged with little overhead resulting in a very low latency connection and supporting interactive, dynamic applications.

===Rust===
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

===WebSocket===
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

===Cargo and Crate===
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Background==
==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
==Proposed Test Cases==
==Further Readings==
==References==

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T06:36:16Z

Savidhal: /* Introduction */

CSC/ECE 517 Spring 2015 M1502 WSRA

2015-04-01T06:31:06Z

Savidhal: /* Implement Rust Websocket */

==Implement Rust Websocket==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo

==Introduction==
==Background==
==Project Description==
==Requirement Analysis==
==Implementation==
==Architecture==
==Component Design==
==Data Design==
==Design Patterns==
==Proposed Test Cases==
==Further Readings==
==References==

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T21:00:41Z

Savidhal:

Implementing the WebSocket API 
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.
 
==Introduction to Mozilla Servo==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found [http://doc.crates.io/guide.html here].

===Including Rust Websocket in Servo===

To include the Rust Websocket<ref>https://github.com/cyderize/rust-websocket</ref> crate in to Servo, an earlier version of the crate needs to be used. This is because of hyper crate dependencies. In hyper 0.3.2, method accesses were modified. Servo runs on a precompiled version of rust, one that supports hyper 0.3.0. Because of the changes in hyper 0.3.2, an earlier version of Rust Websocket that relies on hyper 0.3.0 needed to be used.

The files for implementing the websocket functions can be found in the webidl folder inside of components/script directory. To allow these files to be used, our project needed to make changes to servo to allow the websocket crate to be compiled. The first file change that is necessary lies in components/script/Cargo.toml. The websocket dependency of the correct version needs to be added here.

<pre>
[dependencies]
websocket = "0.11.0"
</pre>

The second file, as described above for adding the websocket crate, is also in components/script. For this section, since the servo component is the main component, the file that needs editing is lib.rs instead of main.rs. The file is modified by adding this line with the other <code> extern </code> lines.

<pre>
extern ...
extern crate websocket;
...
</pre>

Once these files have been modified, return to the base servo directory, and run <code>./mach build</code> to compile the websocket library in to Servo.

== References ==
<references/>

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:58:27Z

Savidhal: /* Including Rust Websocket in Servo */

Implementing the WebSocket API 
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.
 
==Introduction to Mozilla Servo==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found [http://doc.crates.io/guide.html here].

===Including Rust Websocket in Servo===

To include the Rust Websocket<ref>https://github.com/cyderize/rust-websocket</ref> crate in to Servo, an earlier version of the crate needs to be used. This is because of hyper crate dependencies. In hyper 0.3.2, method accesses were modified. Servo runs on a precompiled version of rust, one that supports hyper 0.3.0. Because of the changes in hyper 0.3.2, an earlier version of Rust Websocket that relies on hyper 0.3.0 needed to be used.

The files for implementing the websocket functions can be found in the webidl folder inside of components/script directory. To allow these files to be used, our project needed to make changes to servo to allow the websocket crate to be compiled. The first file change that is necessary lies in components/script/Cargo.toml. The websocket dependency of the correct version needs to be added here.

<pre>
[dependencies]
websocket = "0.11.0"
</pre>

The second file, as described above for adding the websocket crate, is also in components/script. For this section, since the servo component is the main component, the file that needs editing is lib.rs instead of main.rs. The file is modified by adding this line with the other <code> extern </code> lines.

<pre>
extern ...
extern crate websocket;
...
</pre>

Once these files have been modified, return to the base servo directory, and run <code>./mach build</code> to compile the websocket library in to Servo.

== References ==
<references/>

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:55:49Z

Savidhal: /* Introduction to Mozilla Servo */

Implementing the WebSocket API 
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.
 
==Introduction to Mozilla Servo==
Servo<ref> https://github.com/servo/servo </ref> is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchron3ously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found [http://doc.crates.io/guide.html here].

===Including Rust Websocket in Servo===

To include the Rust Websocket crate in to Servo, an earlier version of the crate needs to be used. This is because of hyper crate dependencies. In hyper 0.3.2, method accesses were modified. Servo runs on a precompiled version of rust, one that supports hyper 0.3.0. Because of the changes in hyper 0.3.2, an earlier version of Rust Websocket that relies on hyper 0.3.0 needed to be used.

The files for implementing the websocket functions can be found in the webidl folder inside of components/script directory. To allow these files to be used, our project needed to make changes to servo to allow the websocket crate to be compiled. The first file change that is necessary lies in components/script/Cargo.toml. The websocket dependency of the correct version needs to be added here.

<pre>
[dependencies]
websocket = "0.11.0"
</pre>

The second file, as described above for adding the websocket crate, is also in components/script. For this section, since the servo component is the main component, the file that needs editing is lib.rs instead of main.rs. The file is modified by adding this line with the other <code> extern </code> lines.

<pre>
extern ...
extern crate websocket;
...
</pre>

Once these files have been modified, return to the base servo directory, and run <code>./mach build</code> to compile the websocket library in to Servo.

== References ==
<references/>

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:52:52Z

Savidhal: /* Cargo and Crate */

Implementing the WebSocket API 
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.
 
==Introduction to Mozilla Servo==
Servo is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchron3ously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code> 

Cargo introduces two metadata files with various bits of project information, fetches and builds project's dependencies, invokes rustc or another build tool with the correct parameters to build the project.

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found [http://doc.crates.io/guide.html here].

===Including Rust Websocket in Servo===

To include the Rust Websocket crate in to Servo, an earlier version of the crate needs to be used. This is because of hyper crate dependencies. In hyper 0.3.2, method accesses were modified. Servo runs on a precompiled version of rust, one that supports hyper 0.3.0. Because of the changes in hyper 0.3.2, an earlier version of Rust Websocket that relies on hyper 0.3.0 needed to be used.

The files for implementing the websocket functions can be found in the webidl folder inside of components/script directory. To allow these files to be used, our project needed to make changes to servo to allow the websocket crate to be compiled. The first file change that is necessary lies in components/script/Cargo.toml. The websocket dependency of the correct version needs to be added here.

<pre>
[dependencies]
websocket = "0.11.0"
</pre>

The second file, as described above for adding the websocket crate, is also in components/script. For this section, since the servo component is the main component, the file that needs editing is lib.rs instead of main.rs. The file is modified by adding this line with the other <code> extern </code> lines.

<pre>
extern ...
extern crate websocket;
...
</pre>

Once these files have been modified, return to the base servo directory, and run <code>./mach build</code> to compile the websocket library in to Servo.

== References ==
<references/>

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:30:48Z

Savidhal:

Implementing the WebSocket API 
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.
 
==Introduction to Mozilla Servo==
Servo is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchron3ously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code>

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found [http://doc.crates.io/guide.html here].

===Including Rust Websocket in Servo===

== References ==
<references/>

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:25:46Z

Savidhal:

==M1502: Implementing the WebSocket API==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.

==Introduction to Mozilla Servo==
Servo is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code>

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found [http://doc.crates.io/guide.html here].

===Including Rust Websocket in Servo===

== References ==
<references/>

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:22:38Z

Savidhal:

==M1502: Implementing the WebSocket API==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.

==Introduction to Mozilla Servo==
Servo is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code>

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found here: [http://doc.crates.io/guide.html].

===Including Rust Websocket in Servo===

== References ==
<references/>

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:21:32Z

Savidhal: /* Cargo and Crate */

==M1502: Implementing the WebSocket API==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.

==Introduction to Mozilla Servo==
Servo is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </code>

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found here: [http://doc.crates.io/guide.html].

===Including Rust Websocket in Servo===

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:20:26Z

Savidhal:

==M1502: Implementing the WebSocket API==
This project concentrates on implementing Rust WebSocket API for Mozilla's web browser engine, Servo. The project work involved making the Servo's script depend on WebSocket crate.

==Introduction to Mozilla Servo==
Servo is a Web Browser engine written in [https://github.com/rust-lang/rust Rust]. Servo is an experimental project build that targets new generation of hardware: mobile devices, multi-core processors and high-performance GPUs to obtain power efficiency and maximum parallelism.

==Rust==
Rust <ref> https://github.com/rust-lang/rust </ref> is a Systems programming language built in Rust itself that is fast, memory safe and multithreaded, but does not employ a garbage collector or otherwise impose significant runtime overhead. Rust is able to provide both control over hardware and safety which is not the case with other programming languages like C, C++, Python that provide only either control or safety but not both.

==WebSocket==
WebSockets is a protocol that provides [http://en.wikipedia.org/wiki/Duplex_(telecommunications)#FULL-DUPLEX full-duplex] channel for a TCP connection and makes it possible to open an interactive communication session between the user's browser and a server. With WebSockets, you can send messages to a server and receive event-driven responses without having to request the server for a reply. The [http://dev.w3.org/html5/websockets/ WebSocket] specification defines an API to establish a "socket" connection between a web browser and a server. This establishment involves a handshake following which there is a persistent connection between the client and the server and both parties can start sending data asynchronously.

==Cargo and Crate==
Cargo <ref>http://doc.crates.io/guide.html</ref> is a application level package manager that allows Rust projects to declare their various dependencies. Cargo resembles the Bundler in Rails that is used to run Rails app, install required Gems mentioned in the Gemfile. Gemfile correspond to <code> Cargo.toml </code> file and Gem correspond to <code> Crates </crate>

==Project Description==
The goal of this project was to incorporate the websocket crate in to servo, using the up to date rust websocket crate instructions. To do that, Rust's crate manager and how it interacted with servo's Mach tool was explored.

===The Crate Manager===
To incorporate new crates in to a project in rust, two main tasks are needed. First, depending on the crate that is used, a dependency needs to be added to the relevant Cargo.toml. For servo and websocket, that Cargo.toml is related to the script component, found in servo's components/script folder. To add a dependency to the Cargo.toml file, a couple different methods are available, both with separate advantages.

The first method is the simplest, and allows specification of crate versions through a method similar to Ruby gemfiles. Simply navigate to the <code>[dependencies]</code> section of the Cargo.toml, and add the crate and the version, like this example with websocket:

<pre>
[dependencies]
...
websocket = "0.11.0"
</pre>

You can vary this with other options, like ~, as in Ruby, to specify that the latest crate should be loaded or an exact version.

The second method of adding a dependency allows for far more flexibility. A crate's git repository can be added directly to the Cargo.toml, as well as many options to use particular branches, versions, and revisions.
The syntax for these dependencies is shown below.

<pre>
[dependency.crate_name]
git = "path_to_crate_git"
//other options
</pre>

Other options that are particularly useful include the ability to choose branches and revisions. Each of these options are shown below.

<pre>
branch = "name_of_branch"
rev = "hash_of_commit"
</pre>

The next step for adding a crate to a servo project requires modifying the main.rs or lib.rs, depending on which is being used for the project. Normally, the main.rs is used for the primary package, where other parts of a project may only use a lib.rs. To add a crate in either of these files, use the code shown below.

<pre>
extern crate crate_name
</pre>

Further uses of Cargo and other syntax beyond what is discussed in this article can be found here: [http://doc.crates.io/guide.html].

===Including Rust Websocket in Servo===

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T20:07:03Z

Savidhal:

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T19:57:36Z

Savidhal: /* WebSocket */

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-23T19:56:43Z

Savidhal:

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-22T19:58:29Z

Savidhal:

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-22T19:19:53Z

Savidhal:

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-22T01:27:20Z

Savidhal:

CSC/ECE 517 Spring 2015/oss M1502 GVJ

2015-03-22T01:05:07Z

Savidhal: Created page with "Wiki page for websocket"

Wiki page for websocket

CSC/ECE 517 Spring 2015

2015-03-22T01:04:12Z

Savidhal:

==Writing Assignment 1==
*[[CSC/ECE 517 Spring 2015/ch1a 17 WL]]
*[[CSC/ECE 517 Spring 2015/ch1a 5 ZX]]
*[[CSC/ECE 517 Spring 2015/ch1a 6 TZ]]
*[[CSC/ECE 517 Spring 2015/ch1a 4 RW]]
*[[CSC/ECE 517 Spring 2015/ch1a 7 SA]]
*[[CSC/ECE 517 Spring 2015/ch1a 9 RA]]
*[[CSC/ECE 517 Spring 2015/ch1a 14 RI]]
*[[CSC/ECE 517 Spring 2015/ch1a 1 DZ]]
*[[CSC/ECE 517 Spring 2015/ch1a 20 HA]]
*[[CSC/ECE 517 Spring 2015/ch1a 3 RF]]
*[[CSC/ECE 517 Spring 2015/ch1a 12 LS]]
*[[CSC/ECE 517 Spring 2015/ch1a 13 MA]]
*[[CSC/ECE 517 Spring 2015/ch1a 2 WA]]
*[[CSC/ECE 517 Spring 2015/ch1b 21 QW]]
*[[CSC/ECE 517 Spring 2015/ch1b 23 MS]]
*[[CSC/ECE 517 Spring 2015/ch1b 10 GL]]
*[[CSC/ECE 517 Spring 2015/ch1b 27 VC]]
*[[CSC/ECE 517 Spring 2015/ch1b 22 SF]]
*[[CSC/ECE 517 Spring 2015/ch1b 15 SH]]
*[[CSC/ECE 517 Spring 2015/ch1b 18 AS]]

==Writing Assignment 2==
*[[CSC/ECE 517 Fall 2014/oss E1502 wwj]]
*[[CSC/ECE 517 Fall 2014/oss E1508 MRS]]
*[[CSC/ECE 517 Spring 2015/oss E1504 IMV]]
*[[CSC/ECE 517 Spring 2015/oss E1505 xzl]]
*[[CSC/ECE 517 Spring 2015/oss E1509 lds]]
*[[CSC/ECE 517 Spring 2015/oss E1510 FLP]]
*[[CSC/ECE 517 Spring 2015/oss E1506 SYZ]]
*[[CSC/ECE 517 Spring 2015/oss S1504 AAC]]
*[[CSC/ECE 517 Spring 2015/oss E1507 DG]]
*[[CSC/ECE 517 Spring 2015/oss M1502 GVJ]]

CSC/ECE 517 Spring 2015/ch1b 23 MS

2015-02-19T00:41:23Z

Savidhal: /* [ http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable Timeoutable] */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
Devise is composed of 10 modules that help Devise in providing user management functionality:
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable Database Authenticatable]===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable Omniauthable]===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable Confirmable]===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable Recoverable]===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable Registerable]===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable Rememberable]===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable Trackable]===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable Timeoutable]===
Expires sessions that have not been active in a specified period of time. 

===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable Validatable]===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable Lockable]===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application <ref>http://www.gotealeaf.com/blog/how-to-use-devise-in-rails-for-authentication</ref>==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>"https://github.com/intridea/omniauth"</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

CSC/ECE 517 Spring 2015/ch1b 23 MS

2015-02-19T00:41:01Z

Savidhal: /* Devise Modules */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
Devise is composed of 10 modules that help Devise in providing user management functionality:
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable Database Authenticatable]===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable Omniauthable]===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable Confirmable]===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable Recoverable]===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable Registerable]===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable Rememberable]===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable Trackable]===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===[ http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable Timeoutable]===
Expires sessions that have not been active in a specified period of time. 
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable Validatable]===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===[http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable Lockable]===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application <ref>http://www.gotealeaf.com/blog/how-to-use-devise-in-rails-for-authentication</ref>==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>"https://github.com/intridea/omniauth"</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

CSC/ECE 517 Spring 2015/ch1b 23 MS

2015-02-19T00:29:11Z

Savidhal: /* Example application */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application <ref>http://www.gotealeaf.com/blog/how-to-use-devise-in-rails-for-authentication</ref>==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>"https://github.com/intridea/omniauth"</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

CSC/ECE 517 Spring 2015/ch1b 23 MS

2015-02-18T22:53:48Z

Savidhal:

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>"https://github.com/intridea/omniauth"</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

CSC/ECE 517 Spring 2015/ch1b 23 MS

2015-02-18T22:49:01Z

Savidhal:

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>["https://github.com/intridea/omniauth" asd]</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T20:39:07Z

Savidhal: /* Other Rails Authentication */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>["https://github.com/intridea/omniauth" asd]</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T20:05:19Z

Savidhal:

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>"https://github.com/intridea/omniauth"</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T19:44:28Z

Savidhal: /* Example application */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

==Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>==
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T19:43:46Z

Savidhal: /* Lockable */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

===Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T19:43:01Z

Savidhal: /* Rails-Devise-Pundithttps://github.com/RailsApps/rails-devise-pundit */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

===Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To exemplify, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 
 

==Other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T19:42:05Z

Savidhal: /* Example applications */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example application ==
Consider an application that can be accessed by an end user and a site admin. Since the admin would have extra priviledges, partitioned access would be required. This can be implemented by representing both types of users as seperate models and having their respective controller with appropiate actions.
<pre>
# All administrator controllers should inherit from this controller
class AdminController < ApplicationController
before_action :authenticate_admin!
end

# All end-user controllers should inherit from this controller
class EndUserController < ApplicationController
before_action :authenticate_user!
end
</pre>

An alternate implementaton method would be to have just one user(model) but with an <code>admin</code> flag set to true for the admin in the model record.
<pre>
class ApplicationController < ActionController::Base
before_filer :authenticate_user!
end

# All administrative controllers should inherit from this controller
class AdminController < ApplicationController
before_filter :ensure_admin!

private

def ensure_admin!
unless current_user.admin?
sign_out current_user

redirect_to root_path

return false
end
end
end
</pre>
With this way specific controllers can have private methods. In this case, the private method checks if the user is an admin or not. Only if the user is an admin, can they access AdminController actions

===Rails-Devise-Pundit<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
Pundit extends the Devise funtionailty by providing authorization services in addition to the authentication funtionality provided by Devise. Pundit can be used to implement user roles, and limit access to pages based on user role.
To list, Pundit can provide following features: 
* An admin can see a list of users 
* An admin can change a user’s role 
* An ordinary user can’t see a list of users 
* An ordinary user can’t change their role 
* An ordinary user can’t see (or edit) another user’s profile 
* An ordinary user can see (and edit) their own user profile 

==Other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T18:21:48Z

Savidhal: /* Method: authenticate_user! */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
The above statements requires the user to be logged in before they can access the controller actions. To make exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==Other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T18:13:57Z

Savidhal: /* Devise */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
To list, Rails can provide the following functionality for a Rails app:
 
* Sign up (create account) 
* Login 
* “Forgot password?” feature 
* “Remember me” (stay logged in) feature 
* Edit account (edit user profile) 
* Validate user details while regestiring 
* Confirm user registration

Current Version: 3.4.1 
First Release: 5 years ago 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==Other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T18:02:21Z

Savidhal: /* other Rails Authentication */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==Other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T18:00:59Z

Savidhal: /* Method: user_session */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T18:00:42Z

Savidhal: /* Method: user_session */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.
 

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T17:57:31Z

Savidhal: /* Devise Methods */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T17:54:30Z

Savidhal: /* Setup Devise */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
 to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T17:52:54Z

Savidhal: /* Setup Devise */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form . 

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
 to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T17:52:32Z

Savidhal: /* Setup Devise */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>To create config files. 

 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form .

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
 to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T17:52:09Z

Savidhal: /* Setup Devise */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre> 

To create config files. 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form .

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
 to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T17:51:33Z

Savidhal: /* Setup Devise */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre>
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>
To create config files. 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form .

==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
 to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>

User:Mdong3

2015-02-18T17:50:21Z

Savidhal: /* Devise */

Devise 

'''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users.

The topic write up for this page can be found [https://docs.google.com/a/ncsu.edu/document/d/1Ay5OOUkcLMC-FH61fAm3cNvB3Uyk2hJ09vHnRgqwL-k/edit here].

== Introduction ==
=== Security Background===
Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack"<ref>http://www.primeon.com/press/article001.php</ref>.Security depends on the people using the framework, and sometimes on the development method.
There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

===User Authentication Process ===
User Authentication is responsible for the following actions:
*Signup: create a new user. This user will have to register with a username, password (which will be encrypted in the database), email, and other relevant details.
*Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again.
*Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session.
*Logout: allow the user to sign out and set the authenticated userID in session file to nil.
 

== Getting Started ==
===Devise===
Devise is a flexible authentication solution for Rails helping developers save time and effort while implementing authentication mechanisms from start. User authentication is a major component of most of the web applications, primarily to determine if the user is in fact, who it is declared to be. Devise is based on Warden<ref>https://github.com/hassox/warden/wiki</ref>. (Customized [https://github.com/rack/rack Rack] middleware that provides authentication for rack applications). Rack can be considered a middleware between web server such as Mongreal, WEBrick and frameworks such as Rails, Sinatra. 
Current Version: 3.4.1 
First Release: 5 years ago 
 

===Setup Devise===
Once you have created a Rails app using the "rails new <app name>" command we first need to add a line to the "Gemfile" using the following command:
<pre>echo "gem 'devise'" >> Gemfile</pre> 
And then install the gem using:
<pre>bundle install</pre>
The Gem will be installed for your rails application. Then run the following commands:
<pre>
rails generate devise:install
</pre>
To create config files. 

<pre>
rails generate devise user
</pre>
To create model(User) class and routes and to also associate the 'User' model with 'Devise'. 
 
<pre>
rake db:migrate
</pre>
To run the migration and create the table with certain fields appropriate for user authentication. The result should be something like:
<pre>
== 20150217043439 DeviseCreateUsers: migrating ================================
-- create_table(:users)
-> 0.0178s
-- add_index(:users, :email, {:unique=>true})
-> 0.0010s
-- add_index(:users, :reset_password_token, {:unique=>true})
-> 0.0055s
== 20150217043439 DeviseCreateUsers: migrated (0.0255s) =======================
</pre>
 
<pre>
rails generate devise:views users
</pre>To create the directory /app/views/users with all the devise views, such as login form, registration form .
==Devise Methods==
Devise provides classes, models, views, controllers, views, helpers, routes. However, these functionality are exposed in only a small number of helper methods, not all of these components would be required to know. Some of the important Devise helper methods provided are:
 
====Method: authenticate_user!====
The authenticate_user! method is a class method that can be called from a controller only. The method determines if the user has access to all or a specific set of controller actions. This method is invoked via a before_filter, for example: 
<pre>
class UsersController < ApplicationController
before_filter :authenticate_user!
end
</pre>
 to make make any exceptions for accessing any actions without authentications we can update the above statement as:
<pre>
before_action :authenticate_user!, except: [:show]
</pre>
In the above example, user authentication would be required to call any actions in the controller except the show action.
So if the root in the <code>config/routes.rb</code> field is set to obtain any view belonging to the UsersController in this case, the Sign in page will be loaded before any of the actions can be accessed. Once the user is authenticate, the required action is obtained.
 

====Method: current_user====
The current_user method is used to return the model class to whom the signed in user belongs. The method returns nil if a user has not yet signed in.
The <authenticate_user!> will make sure that the current_user method would never return nil. 

====Method: user_signed_in?====
Checks if the current_user method returns a non nil value. 

====Method: sign_in(@user) and sign_out(@user)====
The sign_in(@user) and the sign_out(@user) are useful to login or logout a newly created user.
 

====Method: user_session====
This method returns metadata regarding the logged in user.

==Devise Modules==
===Database Authenticatable===
Ensures that the user has entered the correct password and also to encrypt and stores the password in the database when the user registers for the first time. The authentication can be done both through POST requests or HTTP Basic Authentication. 
Example: <pre>User.find(1).valid_password?('password123') # returns true/false </pre>
===Omniauthable===
Adds OmniAuth (https://github.com/intridea/omniauth) support. 
===Confirmable===
Sends confirmation emails to Users following successful registration. This is to prevent bot registrations. 
Example: <pre>User.find(1).confirm! # returns true unless it's already confirmed
User.find(1).confirmed? # true/false
User.find(1).send_confirmation_instructions # manually send instructions</pre>
===Recoverable===
Resets the user password and sends reset instructions. 
Example: <pre># resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions </pre>
===Registerable===
Handles signing up users through a registration process, also allowing them to edit and destroy their account. 
Helps user to register themselves and also to make changes to their login credentials including deleting their account.
===Rememberable===
Cookie handling module to manage generating and clearing of tokens for remembering the user. 
Example :<pre>User.find(1).remember_me! # regenerating the token
User.find(1).forget_me! # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)</pre>

===Trackable===
Tracks login details for a specific user using log in count, last log in, IP address. These details help Site admin to investigate any unusual activity. 
===Timeoutable===
Expires sessions that have not been active in a specified period of time. 
===Validatable===
Provides validations of email and password to make sure that the log in details follow a given format. These can be modified to have customized validations. 
Example :<pre>#email_required? ⇒ Boolean protected
#password_required? ⇒ Boolean protected</pre>
===Lockable===
Locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 

== Example applications ==
=== Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref> ===
Rails 4.2 starter app with Devise for authentication.
====What is implemented====
• Home page 
• Navigation bar 
• Sign up (create account) 
• Login 
• “Forgot password?” feature 
• “Remember me” (stay logged in) feature 
• Edit account (edit user profile) 
• List of users 
==== Installing ====
To build the example application, run:
<pre>rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a Rails app named <code>rails-devise</code>. 
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”. 
As for additional preferences: 
• If you plan to deploy to Heroku, select “Unicorn" as your production web server. 
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL" 
• The example application uses the default “ERB” Rails template engine. 
• If you are a beginner, for test framework, select “None”. 
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling. 
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production. 
• The example uses "Devise with default modules". 

===Devise and Pundit and Rails<ref>https://github.com/RailsApps/rails-devise-pundit</ref>===
It extends the rails-devise example application to add authorization with Pundit.
====What is implemented====
It adds authorization with Pundit, showing how to implement user roles, and limit access to pages based on user role. 
• an admin can see a list of users 
• an admin can change a user’s role 
• an ordinary user can’t see a list of users 
• an ordinary user can’t change their role 
• an ordinary user can’t see (or edit) another user’s profile 
• an ordinary user can see (and edit) their own user profile 

====Installing====
To build the example application, run:
<pre>rails new rails-devise-pundit -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb</pre>
This will create a new Rails app named <code>rails-devise-pundit</code>. 
Then, select “Build a RailsApps example application”. After that, select ”8) rails-devise-pundit”. 
The following steps are the same as Devise and Rails.

==other Rails Authentication==
OmniAuth<ref>https://github.com/intridea/omniauth</ref>: A generalized Rack framework for multiple-provider authentication. 
Authlogic<ref>https://github.com/binarylogic/authlogic</ref>: A clean, simple, and unobtrusive ruby authentication solution. 
Restful-authentication<ref>https://github.com/technoweenie/restful-authentication</ref>: Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in. 

==Conclusion==
Devise is the most popular Rails Authentication tools. It provides a full gamut of features, and can be configured to meet most requirements. Devise often interacts with Warden which does not provide helper methods, controller classes, views, configuration options and log in failure handling. All of these things are what Devise supplies. So if you need to extend or augment Devise, you may need to implement a customized Strategy class for your own.
== References ==
<references/>