Rails RESTful Authentication Example Application

August 13, 2008

FOR RAILS 3.0: A newer and more current Rails authentication example app shows how to set up Rails with the Devise authentication gem. It’s got a detailed Rails authentication tutorial plus an application template that can be used to generate a starter app. It shows how to use RSpec and Cucumber for testing with Devise as well. There’s a similar example app that shows how to set up Devise for authentication with the Mongoid gem and MongoDB database for quick development without schemas or migrations.

UPDATE: Rails has advanced since this application was released in mid-2008. As of February 2010, Rails is currently at version 2.3.5 (and Rails 3 is in beta). Several Rails gems are now available that provide a turnkey authentication solution, including Authlogic, Devise, and Clearance. You can also look at Technoweenie’s restful-authentication generator. The Ruby Toolbox page for Rails Authentication shows which are most popular. I personally recommend Devise.

I’ve released an open source Rails application that provides an example of RESTful Authentication.

It provides a complete system for managing users, including sign up and verification of a new user’s email address, login with role-based access control, and a system of resetting forgotten passwords, all using a RESTful architecture.

You can easily customize the application for your own needs.

You can obtain the source code here:

It is based on recommendations from the forum discussion Restful Authentication With All the Bells and Whistles.


Open Source Social Network Apps for Rails

April 18, 2008

I’ve been looking for a Rails example app that demonstrates “best practice” development techniques and provides basic features, to be used as a “skeleton” starting point for development of a new project.

I’m primarily interested in finding an app that is written for Rails 2.0, that implements a RESTful architecture, and uses RSpec for specifications/testing. Optimally, it should implement authentication (using restful_authentication) and authorization, provide an interface for users to manage their accounts (or profiles), and provide a rudimentary administrative interface for adding or deleting users. I’ve looked at a number of open source apps (see the post Survey of Rails Example Applications).

There are three open source social network apps for Rails that come close to fulfilling my requirements. I’ll compare them here.

LovdbyLess is a social network platform from the development firm Less Everything. It is hosted on GitHub at stevenbristol/lovd-by-less. It is RESTful and uses Rails 2.0 but not RSpec or restful_authentication.

RailsCoders is the example app from the book Practical Rails Social Networking Sites, published by Apress. It’s a full-featured app and it is RESTful. The author chose to implement his own authentication (using RESTful principles) rather than using the restful_authentication plugin. The app was written for Rails 1.2.3, not Rails 2.0, but an upgrade is relatively easy. It has Test::Unit tests but not RSpec specifications/tests. As of April 11, 2008, it is hosted on GitHub at abradburne/railscoders, where the author has begun work on a new version of the app.

The authors Michael Hartl and Aurelius Prochazka built a social network app named RailsSpace for a book of the same name. RailsSpace doesn’t meet my minimal requirements (not Rails 2.0, not RESTful, no RSpec) but Michael Hartl is taking the lead in developing a new social network app named Insoshi, which improves on RailsSpace. It is hosted on GitHub and development has been funded by Y Combinator, a venture capital incubator. Insoshi is a Rails 2.0 app, full-featured and RESTful, uses restful_authentication and RSpec, and thus meets my requirements.


Rails Tutorial Showing RESTful Authentication

February 22, 2008

This tutorial, Restful Authentication with all the bells and whistles, uses Rails 2.0.2 and accommodates user account activation, changing passwords, forgotten passwords, enabling/disabling users, roles and OpenID.

It has advantages over the Caboose Sample rails application because it is accompanied by extensive community discussion, which serves as documentation. It is also more full-featured and up-to-date.

It’s missing any testing (no Test::Unit or rspec). Otherwise, it could be a good starting point for a Rails example app.

UPDATE: Rails has advanced since this discussion was relevant. As of February 2010, Rails is currently at version 2.3.5 (and Rails 3 is in beta). Several Rails gems are now available that provide a turnkey authentication solution, including Authlogic, Devise, and Clearance. You can also look at Technoweenie’s restful-authentication generator. The Ruby Toolbox page for Rails Authentication shows which are most popular. I personally recommend Devise and the Devise Example Application.


How to Tell if a Rails Example is Up-to-Date

February 19, 2008

Do you check the “sell-by” date on a carton of milk before you buy it? Unfortunately, there is no date on a Rails app to indicate if it has been written with recent best practices in mind. So check for a sour smell. Here are some indicators I look for.

First, is it RESTful? More than anything else, a RESTful architecture makes an app easier to understand, customize, and maintain. To determine if the developer used a RESTful architecture, look at the code for the controllers. If there are any methods other than index, show, new, create, edit, update, and destroy the developer has strayed from RESTful purity.

Second, has the app been written or updated for use with Rails 2.0? If you’re beginning a project, you’ll want to start with Rails 2.0. Some things are done a little differently in Rails 2.0. If you’re using an example app as a guide, make sure it’s a good example of how to do things with Rails 2.0.

To determine if the developer wrote for Rails 2.0:

In the config/environment.rb file, look for
RAILS_GEM_VERSION = '2.0.2'

Look for the folder config/initializers. Before Rails 2.0, the config/environment.rb file was cluttered with bits of initialization code. With Rails 2.0, we are encouraged to move initialization code to separate files in the config/initializers folder.

Take a look at the files in the Views folder. With Rails 2.0, the recommended practice is to use the file extension .html.rb. You don’t have to do that, but it is now recommended.

Finally, here is a script that will check a rails app to determine if it is compatible with Rails 2.0:

http://pastie.caboo.se/99900.txt?key=krcevozww61drdeza13e3a


Survey of Rails Example Applications

February 18, 2008

UPDATE FOR RAILS 3.0: After seeing what was available, I began developing my own Rails example apps. They’ve become quite popular, judging from the number of Rails developers visiting the GitHub repo. Each is accompanied by a detailed tutorial and an application template that can be used to generate a starter app. You can find them here.

THE ORIGINAL POST (from February 18, 2008):

I’m a firm believer that, as software developers, we always are standing on the toes of those who have gone before us.

So, in that spirit, I’m looking around for Rails example apps that I can use as a starting point for my own.

Many Rails books introduce Rails development through the process of building an example application. The best-documented Rails example apps are the ones in the books. I’ve looked through the books I have at hand. Most of the apps in the books are overly simple (for example, no authentication) or dated (no RESTful architecture).

I looked closely at RailsSpace. The authors Michael Hartl and Aurelius Prochazka fully document the steps to building a typical social networking web site. It is a full-featured app that is more complete than most tutorial applications. Unfortunately, the book was written before RESTful architectures became de rigueur. Only one part of the app is RESTful. Otherwise it might be suitable. UPDATE: Michael Hartl, one of the authors of RailsSpace, is leading development of an open source social network app, named Insoshi, which improves on RailsSpace.

I also looked at RailsCoders, the example app from the book Practical Rails Social Networking Sites, published by Apress. It’s a full-featured app and it is RESTful. The author chose to implement his own authentication (using RESTful principles); I would prefer to use the restful_authentication plugin. The app was written for Rails 1.2.3, not Rails 2.0, but an upgrade is relatively easy.

How about open source projects? I looked at a few.

I’ve used the Caboose Sample rails application on other projects, so that’s a potential starting point. The downside? It’s complex and not well documented. (The authors warn, “much of the code is targeted at an intermediate/advanced level”.)

A promising beginning point appears to be the Altered Beast forums application, a newer version of Beast. It’s RESTful. It uses Rails 2.0, rspec, and restful_authentication (with the acts_as_state_machine option). I also liked LovdbyLess, a free open source social network platform. It uses Rails 2.0 but not rspec or restful_authentication.

I posted here to ask for more recommendations.

UPDATE: I found an interesting example app named Jumpstart from the people at Relevance Inc. There’s also kickstart-rails from Mislav Marohnić. And I found RailsStarterApp from David Andrew Thompson and Six Hour Startup.

UPDATE: There’s a new site (announced here) that provides a gallery of open source rails applications. Great idea! And a good place to look for apps that can be studied, adapted, or improved.

UPDATE: I’ve released my own Rails RESTful Authentication Example Application.


Looking for a Rails Example App

February 17, 2008

I’m about to start a new development project. For my beginning point, I’d like to use a well-thought-out “best practice” open source Rails web application.

I’m not aware of any open source Rails app that completely matches my requirements. I’m looking for an app that was developed in Rails 2.0, implements a RESTful architecture, and uses RSpec for specifications/testing. And optimally, it would already have authentication and authorization worked out using the restful_authentication plugin.

I’m going to start searching and see what I find.