This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Ruby on Rails Authentication Cheatsheet"
From OWASP
(Authentication in Ruby on Rails Cheat Sheet) |
(Created the cheat sheet) (Tag: Visual edit) |
||
| Line 2: | Line 2: | ||
'''Secure user authentication in ruby on rails''' is discussed here. | '''Secure user authentication in ruby on rails''' is discussed here. | ||
| − | + | Implementing authentication in a typical Rails application is made easy and secure with devise gem. | |
| − | Implementing authentication in a typical Rails application is made easy with devise gem. | ||
Install it using: | Install it using: | ||
| Line 15: | Line 14: | ||
Next, specify which resources (routes) require authenticated access in your routes, config/routes.rb: | Next, specify which resources (routes) require authenticated access in your routes, config/routes.rb: | ||
| − | + | <syntaxhighlight lang="ruby" line="line"> | |
Rails.application.routes.draw do | Rails.application.routes.draw do | ||
authenticate :user do | authenticate :user do | ||
Revision as of 14:34, 28 February 2018
Secure user authentication in ruby on rails is discussed here.
Implementing authentication in a typical Rails application is made easy and secure with devise gem.
Install it using:
gem 'devise'
Then install it to the user model:
rails generate devise:install
Next, specify which resources (routes) require authenticated access in your routes, config/routes.rb:
Rails.application.routes.draw do
authenticate :user do
resources :something do # these resource require authentication
...
end
end
devise_for :users # sign-up/-in/out routes
root to: 'static#home' # no authentication required
endTo make authentication secure, enforce higher password complexity and allow TLS connections only.
