16. Warden
• Injects a very lazy proxy into the request
• Proxy follows around in the request
• Does nothing until you ask it
• Authenticates Requests for any kind of
“User”
• Provides a mechanism for Authentication
• Available in all downstream Rack parts
21. Strategy
Warden::Strategies.add(:password) do
def valid?
params[:username] || params[:password]
end
def authenticate!
u = User.authenticate(params[:username], params[:password])
u.nil? ? fail!(quot;Could not log inquot;) : success!(u)
end
end
24. Rack Setup
Rack::Builder.new do
use Rack::Session::Cookie
use Warden::Manager do |manager|
manager.default_strategies :password, :basic
manager.failure_app = BadAuthenticationEndsUpHere
end
run SomeApp
end
26. Other Features
• Callbacks
• User Scopes - Multiple Users / session
• Authenticated Session Data
• Locks Session per user
27. Rails Integration
config/initializers/warden.rb
Rails.configuration.middleware.use Warden::Manager do |manager|
manager.default_strategies :password
manager.failure_app = LoginController
end
# Rails needs the action to be passed in with the params
Warden::Manager.before_failure do |env, opts|
request = env[quot;action_controller.rescue.requestquot;]
request.params[quot;actionquot;] = quot;unauthenticatedquot;
end
# Session Serialization & Strategies