devise and rails

of 22/22
Devise, OmniAuth, and Facebook A tutorial on how to setup basic rails security using Facebook for authentication

Post on 18-May-2015




0 download

Embed Size (px)


A step by step process to setup


  • 1. Devise, OmniAuth, and FacebookA tutorial on how to setup basic rails security using Facebook for authentication

2. Setup Create your basic application> rvm use [email protected]> rails new MyGreatApp Add devise to your gemfilegem devise Run bundler again> bundle install 3. Generate User Model Generate devise modules> rails generate devise:install Generate User model> rails generate devise User 4. Update Routes and Configuration Add the following line to config/environments/development.rbconfig.action_mailer.default_url_options = { :host => localhost:3000 } Add a default route to config/routes.rbroot :to => home#index Add some flash notices into the base template

Disable model loading when compiling assets. Add the following toconfig/application.rbconfig.assets.initialize_on_precompile = false 5. Generated User Modelclass User < ActiveRecord::Base # Include default devise modules. Others available are:# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and:omniauthable devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable # Setup accessible (or protected) attributes for your model attr_accessible :email, :password, :password_confirmation, :remember_meend 6. Generated Migrationclass DeviseCreateUsers < ActiveRecord::Migrationdef changecreate_table(:users) do |t|t.database_authenticatable :null => falset.recoverablet.rememberablet.trackablet.timestampsendadd_index :users, :email,:unique => trueadd_index :users, :reset_password_token, :unique => trueendend 7. Add before filter Add a before filter to app/controllers/application_controller.rb This will protect all your actions. Use an except filter in places you dont need> before_filter :authenticate_user! Create a home controller> rails generate controller home Add a method and view for index Remove index.html from public 8. Run the application and try it out 9. Congratulations You now have the basic devise working See for more detailed informationabout what you can do 10. Add Facebook Now everybody wants the ability to sign in using Facebook Add omniauth-facebook to your gemfile.gem omniauth-facebook Do a Bundle install 11. Configure Devise Go into the config/initializers/devise.rb and addrequire "omniauth-facebook"config.omniauth :facebook, "APP_ID", "APP_SECRET Go to to get moreinformation about options include scopes and display options. Go to Facebook and generate a developer key Go to select to create a new app 12. Configure the Facebook App 13. Set App Domain, Website and capture IDs 14. Finish configuration Take the keys generated by Facebook and put them into config/devise.rb Add Omniauth to your User object.devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :omniauthable 15. Setup callbacks When Facebook returns to the application there are some routes that areneeded. Create a Users:OmniauthCallbackController in the app/controllers/usersfolder. Will show this file on the next slide Add a route to the new controller by updatating the devise_for inconfig/routes.rbdevise_for :users, :controllers => { :omniauth_callbacks =>"users/omniauth_callbacks" } 16. Users::OmniauthCallbacksControllerclass Users::OmniauthCallbacksController < Devise::OmniauthCallbacksControllerdef facebook# You need to implement the method below in your [email protected] = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user) if @user.persisted? flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook" sign_in_and_redirect @user, :event => :authentication else session["devise.facebook_data"] = request.env["omniauth.auth"] redirect_to new_user_registration_url end enddef passthrurender :file => "#{Rails.root}/public/404.html", :status => 404, :layout => falseendend 17. Add finder to User modeldef self.find_for_facebook_oauth(access_token, signed_in_resource=nil) data = access_token.extra.raw_info if user = User.where(:email => user else # Create a user with a stub password. User.create!(:email =>, :password => Devise.friendly_token[0,20]) end end 18. Run 19. Connect 20. Grant Access 21. Done 22. More