May 30 2008

Rails Help, Please? (How to create a login/account system)

I hope some of you reading this are Ruby On Rails experts and have a moment to help me out …

The problem in a nutshell:

What Rails generator/plugin should I use to create a user account / login system, preferably with OpenID, in a new app?

The gory details:

I haven’t done any Rails work in quite a while. The app I was working on was circa Rails 1.0. I’ve now updated all my gems so I have Rails 2.0.2. Of course the app doesn’t work: it crashes and burns immediately with Ruby errors in the generated code. Not surprising since I’m sure a lot has changed since 1.0.

So I thought I’d start over by generating a fresh Rails app, and then start moving pieces of my app over. But I’m immediately stuck at the first step, setting up a user account/login system.

(Which is a hurdle every newbie runs into, right? Because nearly every web app needs this, but it’s strangely the one area where DHH, the Man With An Opinion On Everything, didn’t have enough of an opinion to settle on a standard account system. So instead, chaos reigns.)

What I’ve done so far is —

1. Looked in my brand new copy of The Rails Way. There’s a whole chapter on Login and Authentication, yay. They say that the best authentication plugin is Acts As Authenticated. (Actually they say there are two best ones, but then they never reveal what the other is.)

2. Typed “script/plugin install acts_as_authenticated” as it says in the book. And get an error, no such plugin.

3. Looked up Acts As Authenticated online. The readme on the author’s website starts with a big warning that it’s deprecated and not maintained. Huh? Why is my $50 hot-off-the-press Rails book pushing an obsolete library?

4. I really want OpenID support anyway. There’s an openid-login-generator gem, so I installed and ran that. All it did was create one (1) migration file, nothing else. WTF?

5. After much searching I found that the ruby-openid library, which I already have, contains in its examples subdirectory a Rails generator. I just have to copy it into the right place, and run the “generate” script. So I did that. It generated scaffolding and such. Hooray.

6. I tried to run my app and, as the directions say, went to /account/login. Blam. Ruby errors. First it complained about “end_form_tag”, which it turns out was deprecated in Rails 1.2 and removed in 2.0; I found out how to fix that, and next it died in the generated AccountController scaffolding itself, saying OpenID::FilesystemStore doesn’t exist. Which it doesn’t—looks like that class was renamed OpenID::Storage::Filesystem. So the example code isn’t even compatible with the library it’s part of! Looks like no one’s updated it in quite some time.

7. I look at the clock (11:30PM), sigh, and decide to give up and ask Teh Lazywebz for help. But my battery dies while I’m typing this, so I don’t actually post it till the next morning.

This entry was posted on Friday, May 30th, 2008 at 8:00 AM and is filed under Computers, Web. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

9 Responses to “Rails Help, Please? (How to create a login/account system)”

  • toto Says:
    May 30th, 2008 at 8:29 AM

    For authentication you would want to use the successor of acts_as_authenticted:
    restful-authentication (http://github.com/technoweenie/restful-authentication/tree/master).

    Because most Rails apps are using REST they went to restful-authentication. You should, by all means, not use the acts_as_authenticated plugin, because it contains a security bug, that allows unauthorized access.

    Reply
  • Sebastian Says:
    May 30th, 2008 at 8:48 AM

    I second using restful-authentication, although I have heard complains that it doesn’t really do the new sexy migrations and doesn’t really work to well with 2.0.2… Haven’t really tested myself yet though so I can’t say that for sure! You could also write something from scratch, although reinventing the wheel doesn’t always make a lot of sense.

    Reply
  • Brian Deterling Says:
    May 30th, 2008 at 8:48 AM

    I’m relatively new to Rails and I hit the same issue you did and ended up using restful-authentication as the previous commenter suggested. I didn’t have any problems with it.

    Reply
  • Ryan E Says:
    May 30th, 2008 at 9:15 AM

    I think you’re going to see a unanimous verdict here: restful-authentication. Not too long ago I started a new Rails project on 2.0.1 (I think) and restful-authentication worked great. I’m probably also going to be retrofitting it onto a project that was started in Rails 1.2.x and upgraded to 2.0.2.

    Reply
  • Ivar Vasara Says:
    May 30th, 2008 at 9:22 AM

    Hereis a great step-by-step tutorial on integrating restful authentication and openID.

    Reply
  • Milan Iliev Says:
    May 30th, 2008 at 9:32 AM

    I recently implemented an authorization system using restful-authentication in Rails 2.0.2 in about six hours. +1.

    Reply
  • shanec Says:
    May 30th, 2008 at 10:24 AM

    Railscasts.com has some great tutorials on restful authentication and OpenID authentication.

    Reply
  • Jens Alfke Says:
    May 30th, 2008 at 10:49 AM

    Thanks a lot, everyone! It’s nice to see such unanimity … makes it easy for me to figure out what to do.

    Special thanks to Ivar for the link to the great tutorial. There’s a lot of stuff to paste in, but I’m nearly done. (Someone should really package up that entire tutorial as a plugin, shouldn’t they?)

    Reply
  • Richard Henry Says:
    July 12th, 2008 at 10:02 AM

    Do you mind if I pose a question for you Jens… is The Rails Way worth using? What’s your experience with the rest of it? I’m hunting for a decent Rails book, something that would help a guy interesting in moving from PHP, but a total Rails n00b…

    Reply

Leave a Reply