Authentication with Devise and Warden, part 1: Up and Running
We’ve moved!
Hey everyone, all my tech blog posts are now at my personal blog at http://blog.twoalex.com. I’ll keep blogging about Mealstrom here, but you should hop on over there to check out the latest and greatest about technology (and food) in general.
Hello, pretty nice post about Devise. It’s a great explanation, I especially liked the “Bumps in the Road” part. I’d like to help with two simple tips:
* The :authenticate! filter is gonna work only when you have just one resource to authenticate. Whenever you’re dealing with many resources, you need to use the specific authenticate_*! methods:
before_filter :authenticate_user!
* In the last versions of Devise (not sure which version it was added) you have some options that let you use different keys to authenticate the user, not just the :email. The first is the :authentication_keys configuration, that is actually the params coming from the form that will be used for authentication. And its complement is the find_for_authentication class method you can override to find the user based on these conditions:
def self.find_for_authentication(conditions)
find(:first, :conditions => conditions)
end
Hope that might be useful =)
And thanks again for the great post. I Look forward to see the second part.
Carlos
Hey Carlos,
Thanks! I’ve really enjoyed working with Devise — thank you for the great gem. I’m glad to be able to contribute something useful back to the community.
You make two very good points. I’ve updated the post to include your note about authenticate! v. authenticate_*! — while I’m using only one resource, I want to cover as full a range of features with my blog posts (and multiple resources is a very cool feature).
As far as authentication_keys go, I saw that options when I set up Devise, but that feature didn’t seem to allow exactly what I wanted to do. If I read the code right, all the keys you specify are required to log in, so if you added username to email and password it would require all three.
Since each user on our sites will have a username, I want to offer the ability to log in using either a username or an email (entered interchangeably into the same field) along with the appropriate password. Since it’s probably an infrequent need, I wouldn’t expect that behavior to be supported out of the box; it seems like a great case for a custom strategy. (That’s actually the example I’m planning to use in the next entry to describe how to create your own strategies. Vacation allowing, I’m hoping to get the next entry out before the new year.)
Thanks again for your feedback!
Alex
Thanks! This is very helpful. I’ve decided to try working with Devise and this gave me some good background to get up and running. I would love to see a similar post about integrating Devise with Facebook Connect which will be my next step….
Hi Alex,
Thanks for the great post! It was really helpful when first trying to install Devise. Any chance of you doing a post on how to add a new strategy for logging in using a username or email?
So far, all I’ve found is that the strategy should be added to Warden (I thought it was supposed to be added to Devise), but I don’t know where/how to add and setup the code. (I’m still quite new to Rails.)
Anyway, it would be great if you could do a follow-up post on that, but I’m not sure how busy you are or what else you’ve got planned.
Either way, thanks again for the helpful post!