A introductory talk about Warden, a Ruby Rack authentication framework, to the Melbourne Ruby Users Group

1. Warden
General Rack Authentication

2. Many Web Apps Need

3. 1. A User

4. 2. A way to associate it
with a request

5. Many Solutions Exist
• •
Restful Authentication Basic Auth
• •
AuthLogic Digest
• •
Merbful Authentication LAPD
• •
Merb-Auth CAS
• Home Grown
• OpenID

6. Why Another One?

7. Rack

8. Rack Router

9. class SimpleRack
include Rack::Router::Routable
def initialize
prepare do |r|
r.map quot;/quot;, :to => router { |c| c.map quot;/helloquot;, :to => ChildApp }
r.map quot;/helloquot;, :to => ParentApp
r.map quot;/onequot;, :to => lambda { |env| do_one(env) }
r.map quot;/twoquot;, :to => lambda { |env| do_two(env) }
end
end
def do_one(env)
# Stuff
end
def do_two(env)
# Stuff
end
end

10. Mountable Apps

11. How Will Your
Authentication Cope?

12. Apps Usually Need a
“User”

13. Current Breed Will
Conflict Between Apps

16. Warden
• Injects a very lazy proxy into the request
• Proxy follows around in the request
• Does nothing until you ask it
• Authenticates Requests for any kind of
“User”
• Provides a mechanism for Authentication
• Available in all downstream Rack parts

17. Authenticating
(Logging In)
env['warden'].authenticate :password
env['warden'].authenticate! :password, :basic, :open_id
env['warden'].authenticated? :password

18. Accessing The User
env['warden'].user

19. Logging Out
env['warden'].logout

20. Authentication Logic
• Strategy Based
• Packagable
• Sharable between discrete Apps
• Simple

21. Strategy
Warden::Strategies.add(:password) do
def valid?
params[:username] || params[:password]
end
def authenticate!
u = User.authenticate(params[:username], params[:password])
u.nil? ? fail!(quot;Could not log inquot;) : success!(u)
end
end

22. Strategies
• Multiple Strategies
• Strategies Cascade
env['warden'].authenticate! :password, :basic, :open_id

23. Failure
throw(:warden)
throw(:warden, :some => :option)
Drops out to a “Failure Application”

24. Rack Setup
Rack::Builder.new do
use Rack::Session::Cookie
use Warden::Manager do |manager|
manager.default_strategies :password, :basic
manager.failure_app = BadAuthenticationEndsUpHere
end
run SomeApp
end

25. Session Integration
Warden::Manager.serialize_into_session{ |user| user.id }
Warden::Manager.serialize_from_session{ |key| User.get(id)}

26. Other Features
• Callbacks
• User Scopes - Multiple Users / session
• Authenticated Session Data
• Locks Session per user

27. Rails Integration
config/initializers/warden.rb
Rails.configuration.middleware.use Warden::Manager do |manager|
manager.default_strategies :password
manager.failure_app = LoginController
end
# Rails needs the action to be passed in with the params
Warden::Manager.before_failure do |env, opts|
request = env[quot;action_controller.rescue.requestquot;]
request.params[quot;actionquot;] = quot;unauthenticatedquot;
end
# Session Serialization & Strategies

28. More Information
• http://github.com/hassox/warden
• http://wiki.github.com/hassox/warden