User talk:Mdong3: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
(Created page with "<font size="6"><b>Devise</b></font><br> '''Devise <ref>https://github.com/plataformatec/devise</ref>''' is a Rails gem used for authenticating and managing users. The topic wri...")
 
No edit summary
Line 17: Line 17:


== Getting Start ==
== Getting Start ==
 
===Devise===
Devise a flexible authentication solution for Rails based on Warden<ref>https://github.com/hassox/warden/wiki</ref>.<br>
Current Version:3.4.1<br>
First Release : 5 years ago<br>
===Methods===


== Example applications ==
== Example applications ==

Revision as of 01:54, 17 February 2015

Devise

Devise <ref>https://github.com/plataformatec/devise</ref> is a Rails gem used for authenticating and managing users.

The topic writeup for this page can be found here.

Introduction

Security Background

Web applications are relatively easy to attack, as they are simple to understand and manipulate. The Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack".Security depends on the people using the framework, and sometimes on the development method. There are several ways to ensure security: Encryption, LDAP, Rails Authentication, Rails Authorization, Rails Captcha, Security Tools and Spam Detection. And devise is for Rails Authentication.

User Authentication

how the user authentication process works. Signup: create a new user. This user is going to register with a username, password (which will be encrypted in the database), email, etc. Login: allow a user to sign in with her/his valid username and password. The authentication process happens by matching the username and password in the database, allowing the user access to the protected actions only if the given information matches the recorded values successfully. If not, the user will be redirected to the login page again. Access Restriction: create a session to hold the authenticated user ID after login, so navigation through additional protected actions can be done easily by just checking the userID in the current session. Logout: allow the user to sign out and set the authenticated userID in session file to nil.

Getting Start

Devise

Devise a flexible authentication solution for Rails based on Warden<ref>https://github.com/hassox/warden/wiki</ref>.
Current Version:3.4.1
First Release : 5 years ago

Methods

Example applications

Devise and Rails<ref>https://github.com/RailsApps/rails-devise/</ref>

Rails 4.2 starter app with Devise for authentication:
Features include:
• Home page
• Navigation bar
• Sign up (create account)
• Login
• “Forgot password?” feature
• “Remember me” (stay logged in) feature
• Edit account (edit user profile)
• List of users

Installing

To build the example application, run:

rails new rails-devise -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb

This will create a Rails app named rails-devise.
Then, select “Build a RailsApps example application”. After that, select”6) rails-devise”.
As for additional preferences:
• If you plan to deploy to Heroku, select “Unicorn" as your production web server.
• Use “SQLite" for development on Mac or Linux. If you plan to deploy to Heroku, use “PostgreSQL"
• The example application uses the default “ERB” Rails template engine.
• If you are a beginner, for test framework, select “None”.
• if you choose either “Foundation" or “Bootstrap", it will automatically install Devise views with attractive styling.
• “Gmail" is for development if you have one. if your site will be heavily used, then choose “SendGrid" or “Mandrill" for production.
• The example uses "Devise with default modules".


References

<references/>