Rebecca Le sevenseacat

Box 6.1. Roll your own authentication system

Virtually all web applications require a login and authentication system of some sort. As a result, most web frameworks have a plethora of options for implementing such systems, and Rails is no exception. Examples of authentication and authorization systems include Clearance, Authlogic, Devise, and CanCan (as well as non-Rails-specific solutions built on top of OpenID or OAuth). It’s reasonable to ask why we should reinvent the wheel. Why not just use an off-the-shelf solution instead of rolling our own?

For one, practical experience shows that authentication on most sites requires extensive customization, and modifying a third-party product is often more work than writing the system from scratch. In addition, off-the-shelf systems can be “black boxes”, with potentially mysterious innards; when you write your own system, you are far more likely to understand it. Moreover, recent additions to Rails (Section 6.3) make it easy to write a custom authentication system

	Started GET "/knowledge-base/CSVLOAD:*out:example.org:1002" for ::1 at 2016-05-27 18:57:46 +0800
	User Load (1.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 18]]
	Processing by ResourcesController#show as
	Parameters: {"id"=>"CSVLOAD:*out:example"}

	irb(main):004:0* o = OpenStruct.new(foo: "bar")
	=> #<OpenStruct foo="bar">
	irb(main):005:0> o.method(:to_json).source_location
	=> ["/Users/becky/.gem/ruby/2.3.0/gems/activesupport-4.2.6/lib/active_support/core_ext/object/json.rb", 31]
	irb(main):006:0>

	class ResourceSearchForm
	include ActiveModel::Model

	attr_accessor :keywords, :categories, :types, :start_date, :end_date

	def model_name
	ActiveModel::Name.new(self, nil, "search")
	end

	def initialize(params)

	class Community < ActiveRecord::Base
	include PgSearch
	pg_search_scope :search, against: [:name], using: {tsearch: {prefix: true, any_word: true}}
	end

	irb(main):002:0> User.create(name: "Test User")
	(0.2ms) begin transaction
	SQL (0.4ms) INSERT INTO "users" ("name", "created_at", "updated_at") VALUES (?, ?, ?) [["name", "Test User"], ["created_at", "2015-08-21 08:09:17.255844"], ["updated_at", "2015-08-21 08:09:17.255844"]]
	D, [2015-08-21T16:09:17.455977 #53701] DEBUG -- : SOLR Request (189.4ms) [ path=update parameters={} ]
	(2.0ms) commit transaction
	=> #<User id: 1, name: "Test User", created_at: "2015-08-21 08:09:17", updated_at: "2015-08-21 08:09:17">

	irb(main):003:0> User.search { fulltext "User" }
	D, [2015-08-21T16:09:25.324005 #53701] DEBUG -- : SOLR Request (37.5ms) [ path=select parameters={fq: ["type:User"], q: "User", fl: "* score", qf: "name_text", defType: "edismax", start: 0, rows: 30} ]
	=> <Sunspot::Search:{:fq=>["type:User"], :q=>"User", :fl=>"* score", :qf=>"name_text", :defType=>"edismax", :start=>0, :rows=>30}>

	# spec/web/views/books/new_spec.rb
	require 'spec_helper'
	require_relative '../../../../apps/web/views/books/new'

	class NewBookParams < Lotus::Action::Params
	param :book do
	param :title, presence: true
	param :author, presence: true
	end
	end

	iex(1)> defmodule Something do
	...(1)> def something(foo) when foo > 0, do: true
	...(1)> end
	{:module, Something,
	<<70, 79, 82, 49, 0, 0, 4, 176, 66, 69, 65, 77, 69, 120, 68, 99, 0, 0, 0, 118, 131, 104, 2, 100, 0, 14, 101, 108, 105, 120, 105, 114, 95, 100, 111, 99, 115, 95, 118, 49, 108, 0, 0, 0, 2, 104, 2, ...>>,
	{:something, 1}}
	iex(2)> Something.something(0)
	** (FunctionClauseError) no function clause matching in Something.something/1
	iex:2: Something.something(0)
	iex(2)> Something.something(1)

	def attributes_protected_by_default
	super - ['id']
	end

	.NET
	CSS
	HTML
	Java
	JavaScript
	PHP
	Ruby
	SQL