This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Ruby on Rails Authentication Cheatsheet

From OWASP
Revision as of 14:31, 28 February 2018 by ZaurMolotnikov (talk | contribs) (Authentication in Ruby on Rails Cheat Sheet)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Secure user authentication in ruby on rails is discussed here.


Implementing authentication in a typical Rails application is made easy with devise gem.

Install it using: 

   gem 'devise'

Then install it to the user model: 

   rails generate devise:install

Next, specify which resources (routes) require authenticated access in your routes, config/routes.rb: 

    Rails.application.routes.draw do
      authenticate :user do
        resources :something do  # these resource require authentication
         ...
        end
      end
  
      devise_for :users # sign-up/-in/out routes

      root to: 'static#home' # no authentication required
  
    end

To make authentication secure, enforce higher password complexity and allow TLS connections only.

Retrieved from "https://wiki.owasp.org/index.php?title=Ruby_on_Rails_Authentication_Cheatsheet&oldid=238172"