plus a route that in the future can be used to handle authentication failures

Plus a route that in the future can be used to handle

This preview shows page 182 - 184 out of 517 pages.

, plus a route that in the future can be used to handle authentication failures (for example, user types wrong Twitter password or denies access to our app). Middle (b): Line 3 skips the before_filter that we added to ApplicationController in Figure 5.7 . Note that we must delete line 7 in Figure 5.7 since we don’t have a login path to redirect to in this example. Upon successful login of a given user, the create action remembers that user’s primary key (ID) in the session until the destroy action is called to forget it. Bottom (c): The @current_user variable (set in line 6 of ApplicationController , Figure 5.7 ) can be used by a login partial to display an appropriate message. The partial could be included from application.html.haml with render :partial=>’sessions/login’ .
Image of page 182
There are three aspects to managing third-party authentication in Rails. The first is how to actually authenticate the user via a third party. We will use the excellent OmniAuth gem, which abstracts away the entire process in Figure 5.8 by allowing developers to create a strategy for each third-party auth provider. A strategy handles all the interactions with the authentication provider (steps 2–4 in Figure 5.8 ) and ultimately performs an HTTP POST to the URI /auth/ provider /callback in your app. The data included with the POST indicate the success or failure of the authentication process, and if successful, the access token(s) that your app can use to get additional information about the logged-in user. As of this writing, strategies are available for Facebook, Twitter, Google Apps, and many others, each available as a gem named omniauth- provider . We will use Twitter as an example, so add both gem ’omniauth’ and gem ’omniauth-twitter’ to your Gemfile and run bundle install --without production as usual. You will then need to create a twitter development application and configure the omniauth gem with a twitter provider in config/initializers/omniauth.rb . Details in the omniauth-twitter set up instructions on GitHub. Once completed add the code from Figure 5.10 (a) to your config/routes.rb file, which specify some routes that the OmniAuth strategy will use when it completes the authentication with Twitter. The second aspect of handling authentication is keeping track of whether the current user has been authenticated. You may have already guessed that this information can be stored in the session[] . However, we should keep session management separate from the other concerns of the app, since the session may not be relevant if our app is used in a service-oriented architecture setting. To that end, Figure 5.10 (b) shows how we can “create” a session when a user successfully authenticates herself (lines 3–9) and “destroy” it when she logs out (lines 11–15). The “scare quotes” are there because the only thing actually being created or destroyed is the value of session[:user_id] , which is set to the primary key of the logged-in user during the session and nil at other times. Figure 5.10 (c) shows how this check is abstracted by a before_filter in ApplicationController
Image of page 183
Image of page 184

You've reached the end of your free preview.

Want to read all 517 pages?

  • Spring '19
  • Dr.Marcos

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors