哪个 Rails 身份验证系统更好:AuthLogic、Clearance 或 Devise?
我想实现一个积极开发并带有合理默认值的第三方 Ruby on Rails 身份验证系统。
我已将选择范围缩小到 AuthLogic 和 Clearance(thoughtbot)——任何人都可以左右我的方向吗?就要求而言,据我所知,两者都适用于我的项目。看起来两者的文档/代码示例非常相似,并且都相对容易设置。
有人有偏好吗?我真的很喜欢 AuthLogic 的 OpenID 插件——不知道 Clearance 是否可以做到这一点。
I'd like to implement a third-party Ruby on Rails authentication system that is actively developed and carries sensible defaults.
I've narrowed down my selection to AuthLogic and Clearance (thoughtbot) -- can anyone sway me in either direction? In terms of requirements, both would work for my project from what I can tell. It looks like documentation/code samples in both are fairly similar, and both are relatively easy to setup.
Anyone have a preference? I really like AuthLogic's OpenID plugin -- don't know if Clearance can do that.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
一定要设计:)
https://github.com/plataformatec/devise
Devise for sure :)
https://github.com/plataformatec/devise
我用过restful_authentication gem、authLogic 和 Devise 我喜欢 devise,因为它是基于模型的(堆栈越高越好,也更容易进行 rspec),而且还可以让你在管理员的用户表中放入一个管理员标志并使用它(或使用角色来处理更复杂的事情)。
另一个已成为常见设备的宝石是用于角色的cancan,例如管理员,阅读器、管理器等(无论你想要什么),其语法如下(来自 cancan gem)。
I have used the restful_authentication gem, authLogic and Devise and I like devise 'cos it's model based (higher up the stack is better and easier to rspec) and also lets you just put in an admin flag in the user table for admins and go with that (or use roles for more complex stuff).
Another gem that has become common with devise is cancan for roles, e.g. admin, reader, manager, etc (whatever you want) with syntax like below (from the cancan gem).
您是否已经出于某种原因排除了 Devise?
如果没有,它是最新、最完整的 Rails 身份验证框架。至于 openID 身份验证,请查看 OmniAuth,它与设备无缝集成。
Did you already rule out Devise for some reason?
If not, it's the most current and complete authentication framework for Rails. As for openID authentication, take a look at OmniAuth, which integrates seamlessly with devise.
有关授权的问题通常表述得很糟糕,因为我们都对不同的方面感兴趣。
就我而言,我们有一个开发良好的应用程序(Wagn,请参阅 http://wagn.org),并且它有一个已经内置了自制的身份验证功能。我们正在做的是使应用程序独立于身份验证系统,因此我最感兴趣的是两个维度:
1)提供商接口的 API 是什么以及添加到我的应用程序中是否容易。
我刚刚做了很多工作,通过应用程序使用的一组类或模块方法以及一个用于自行开发的 AR 类(用户类和用户表)的模型来路由所有这些内容。这引出了下一部分:
2)有哪些授权提供程序可用,以及我必须做什么才能将它们加载到我的应用程序中(通常我希望这些授权提供程序位于一个或多个 Rack 中间件中)。
我不需要 Devise,它的作用太多了,我想要一个与外部身份验证提供商的接口。我的应用程序可能提供将参数发布到身份验证服务的表单,但它不会使用其 Rails 视图或控制器。
我怀疑这种情况对于某一类开发人员来说很常见。
Questions about authorization are often poorly formulated because we are all interested in different aspects.
In my case, we have a well developed application (Wagn, see http://wagn.org), and it has a home grown authentication functions built in already. What we are doing is making the application independent of the authentication system, so I am most interested in two dimensions:
1) What is the API for the provider interface and how easy is it to add to my app.
I've just done a lot of work to route all of it through a set of class or module methods that the application uses, and a model for the home grown AR class (a User class and users table) that. This leads to the next part:
2) What authorization providers are available and what do I have to do to load them with my application (typically I would expect these to be in one or more Rack middlewares).
I don't need Devise, it does too much, I want an interface to external auth providers. My app may provide forms that will post parameters to the auth services, but it won't be using their Rails views or controller.
I suspect this situation is common for a certain class of developers.