I was doing some rails stuff lately and needed some authentication module for my application (such as every other application that I ever used). So I was going to use devise as I always use to bootstrap my authentication module.
But as a unfortunately surprise. The current version of devise doesn't work with the new version of rails. So I had to go to other fast alternative. Searching over the web I came across authlogic. I remember that I was using authlogic at my previous job with one specific web, and it worked ok. For my surprise it worked really well with Rails 4.2.0.beta. The only thing that I found confusing was the documentation. It's not as clear as the devise one. But here we go step by step.
First thing I did was put the gem at the gem file.
gem 'authlogic', '~> 3.4.2'
Then we run bundle install to install dependencies and we are ready to create our model. One can create a model with any field that is needed just remember to include some fields that are necessary for authlogic to operate. such as login, email, crypted_password, password_salt and persistence_token. You can choose to have only login or email. But if you have both fields authlogic will lookup for both. This is an example of my model migration.
class CreateUsers < ActiveRecord::Migration
def change
create_table :users do |t|
t.string :login
t.string :name
t.string :crypted_password
t.string :password_salt
t.string :persistence_token
t.integer :login_count
t.integer :failed_login_count
t.datetime :last_request_at
t.datetime :current_login_at
t.datetime :last_login_at
t.string :current_login_ip
t.string :last_login_ip
t.timestamps null: false
end
end
end
Those last fields are from the documentation module MagicColumns. If you have then at your athlogic model they will be used by the library, but you can simply ignore then.
Then is time to tell that your model itself will use authlogic. For that authlogic provides a method named acts_as_authentic which accepts a block of code for configuration. I really had a hard time to find more information about all the possible options it accepts but the one that I really wanted to use was easy to find. That was how to set the crypto provider to use bcrypt.
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.crypto_provider = Authlogic::CryptoProviders::BCrypt
end
end
Authlogic expect us to create a Session model so it can use it to create and restore our session object for that I just placed over the models folder a class named UserSession that inherits from Authlogic::Session::Base
class UserSession < Authlogic::Session::Base
end
Then It was time to create a controller and a view that would handle the authentication actions. I created then a controller just for that with 3 actions new, create and destroy, just like the rails resource way. and created our form to handle the login properly.
#routes.rb
resource :user_session, only: [:create, :new, :destroy]
class UserSessionsController < ApplicationController
def new
@user = User.new
end
def create
@user_session = UserSession.new params.require(:user)
.permit(:login, :password)
if @user_session.save
redirect_to root_path
else
redirect_to new_user_session_path
end
end
def destroy
current_user_session.destroy
redirect_to new_user_session_path
end
end
<!-- app/views/user_sessions/new.html.erb -->
<%= form_for @user, url: user_session_path, method: :post, html: { class: 'form-horizontal', role: 'form' } do |f| %>
<div class='form-group'>
<%= f.text_field :login, class: 'form-control', placeholder: 'Login' %>
</div>
<div class='form-group'>
<%= f.password_field :password, class: 'form-control', placeholder: 'Password' %>
</div>
<%= f.submit 'Login', class: 'btn btn-primary' %>
<% end %>
<% end %>
Now is time to create our helper methods at the controller so we can access it across our application. For that I just follow what Ryan Bates did on that outdated (but f##### useful) railscasts).
class ApplicationController < ActionController::Base
self.responder = ApplicationResponder
helper_method :current_user_session, :current_user
# ...
private
def current_user_session
@current_user_session ||= UserSession.find
end
def current_user
@current_user ||= current_user_session && current_user_session.user
end
end
We can place that helper method in any part of our app to verify if the user is logged in. and to permit access to certain actions.
Conclusion
It was not hard at all to setup authlogic I can happily use it during all my app development. But to tell the truth I can't wait to go back to devise just for the good documentation and examples. That is the thing that authlogic lacks the most. But it is an good and easy library to setup.