Project

googleapps-auth

0.02
No commit activity in last 3 years
No release in over 3 years
googleapps-authlivingsocial/rails-googleapps-authHomepageDocumentationSource CodeBug TrackerWiki
Use Google Apps as an Authentication Provider
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
12,405
Stars
14
Forks
9
Watchers
64
 Releases
Current version
0.1.0
Total releases
3
First release
2011-05-03
Latest release
2012-05-21
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
1
Merged Pull Requests
1
Pull Request Acceptance Rate
33%
 Development
Primary Language
Ruby
Average date of last 50 commits
2011-06-14
Reverse Dependencies
0

 Dependencies

Development

actionpack
~> 3.0
activemodel
~> 3.0
activesupport
~> 3.0
railties
~> 3.0
rspec-rails
= 2.5.0

Runtime

actionpack
>= 2.3.5
ruby-openid
= 2.1.8
 Project Readme

Rails-GoogleApps-Auth

rails-googleapps-auth is a Rails plugin for OpenID auth against Google apps for your domain accounts. There are a few unique issues when dealing with authenticating against Google's Apps-For-Your-Domain accounts, which is why this plugin was created (instead of using a more general plugin).

Usage

Installation

Gem

gem "googleapps-auth", "0.1.0", :require => "googleapps_auth"

Configuration

The path to a certificate file must be configured before you start making requests to Google Apps. Due to short comings of net/https, the default behavior is to silently fallback to VERIFY_NONE when faced with a ssl cert.

This is bad for many reasons but most notably, it can fall prey to man-in-the middle attacks.

The following line in a rails initializer will enable the plugin for use:

GoogleAppsAuth.certificate_authority_file = File.join(::Rails.root, "file.pem")

Otherwise the authetication methods will raise GoogleAppsAuth::CertificateAuthorityFileError errors.

To set your Google Apps domain for all instances at initialization, rather than at call time, use:

GoogleAppsAuth.default_domain = "example.com"

If you do not specify an Apps domain either via default_domain, or by the :domain argument to google_apps_auth_begin, you'll be prompted by Google to select which of your accounts to sign in with. This will allow users to log into your Rails app using either their Google account or ANY Google Apps domain account.

Authenticating Users

Create a new controller.

class AuthController < ApplicationController
    def login
        # User will immediately be redirected to Google to log in, and redirected back to the 'finish' action when done.

    # Override defaults:
        google_apps_auth_begin :domain => "example.com", :return_action => 'finish', :attrs => [:email]

        # Or use no args at all (domain defaults to nil, return_action defaults to 'finish')
        # google_apps_auth_begin
    end

def logout
    reset_session
    redirect_to :back
end

    def finish
        response = google_apps_auth_finish
        if response.failed? or response.canceled?
            flash[:notice] = "Could not authenticate: #{response.error}"
        else
            # start a session, log user in.  AX values are arrays, get first.
            session[:user] = response[:email].first
            flash[:notice] = "Thanks for logging in, #{response[:email].first}"
        end
        redirect_to :back
    end
end

To log users in, just redirect them to your controller's login action. Additionally, you will need to add routes for your two actions in your config/routes.rb file:

resources :auth do
  collection do
    get 'login'
    get 'logout'
    get 'finish'
  end
end

Additionally, a memory store is used by default, but if you will have many users authenticating you should use a different OpenID::Store by adding a store protected method to your controller:

require 'openid/store/memory' # or 'openid/store/filesystem'

class AuthController < ApplicationController

    ...

    protected
    def store
        OpenID::Store::Memcache.new(MemCache.new('localhost:11211'))
        # or OpenID::Store::Filesystem.new(Rails.root.join('tmp/openids'))
    end
end

##Requiring Authentication in Controllers To require that a user is authentication in order to perform certain actions, add the following helpers to ApplicationController:

class ApplicationController < ActionController::Base

...

    def login_required
        if session[:user]
            return true
        end
        flash[:warning] = 'Login required.'
        session[:return_to] = request.fullpath
        redirect_to :controller => "auth", :action => "login"
        return false
    end

    def current_user
        session[:user]
    end
end

Then at the top of each controller, specify the actions you wish to protect -- pick just one of the following before_filter for each controller:

class YourController < ApplicationController
    # Protect every action in this controller
    before_filter :login_required
    
    # Protect just these actions
    before_filter :login_required, :only => [:monkeywith]
    
    # Protect everything else, but allow these to be unauthenticated
    before_filter :login_required, :except => [:justlooking]
end

Further Reading

Alternative

An alternative to this module is the full open_id_authentication plugin, which may be useful if you plan to authenticate against other identity providers than Google.