0.0
The project is in a healthy, maintained state
Authentication solution for Ruby on Rails
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
 Dependencies

Runtime

~> 1.2.9
~> 3.1.16
~> 4.0.0
 Project Readme

Authenticatable

RuboCop Github Action RSpec codecov MIT License

Authenticatable is an authentication solution for Rails, created with inspiration from gems like Devise, Authlogic & Clearance.

Security measures:

  • Strong password encryption with bcrypt() hashing algorithm.
  • Protection against timing/enumeration attacks by hashing the password even if a user record isn't found.

Supported Rails/Ruby versions

Tests run against Rails versions ~> 5.2.0, ~> 6.0.0, ~> 6.1.0 and ~> 7.0.0.alpha under Ruby versions 2.6, 2.7 and 3.0

Installation

Add the following line to Gemfile:

gem "authenticatable", github: "kiqr/authenticatable" # Temporary use master as source before stable release.

and run bundle install from your terminal to install it.

After you've installed the gem, you can run the generator to create an initializer file that allows further configuration:

$ rails g authenticatable:install

Getting started

The first step is to create an authenticatable model. To generate an authenticatable model run the following command:

$ rails g authenticatable NAME

This will generate a model with the given NAME (if one does not exist) with configuration for authenticatable, a migration file and routes. The output should be something similar to:

foo@bar:~$ rails g authenticatable user
Running via Spring preloader in process 99920
      invoke  active_record
      create    db/migrate/20210909215956_authenticatable_create_users.rb
      create    app/models/user.rb
      invoke    test_unit
      create      test/models/user_test.rb
      create      test/fixtures/users.yml
      insert    app/models/user.rb
       route    authenticatable :users

Securing your application

To set up a controller with authentication, just add the before_action authenticate_{scope}!. To require a User to be signed in:

before_action :authenticate_user! # Block unauthenticated requests to the current controller

To restrict your whole application to signed-in users, you can add the before_action above to your ApplicationController.

Contributing

If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.

Versioning

This library aims to adhere to Semantic Versioning 2.0.0. Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, that version should be immediately yanked and/or a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions. As a result of this policy, you can (and should) specify a dependency on this gem using the Pessimistic Version Constraint with two digits of precision. For example:

gem "authenticatable", "~> 1.0"

License

The gem is available as open source under the terms of the MIT License.