padrino-framework icon indicating copy to clipboard operation
padrino-framework copied to clipboard

Published 20 hours ago verified publisher icon padrino

Standalone Padrino authentication solution

Open achiurizo opened this issue 13 years ago • 27 comments

padrino-admin has a pretty good start on this. I think it be good if we can extract that out into its own(like merb-auth) so users can swap the authentication in an out. Maybe we could have it be like Devise for Padrino/Sinatra ?

achiurizo avatar Apr 11 '11 18:04 achiurizo

sounds great. I think this would be awesome. I'll see if I can extract something similar to devise thats based on warden.

jacquescrocker avatar Apr 11 '11 18:04 jacquescrocker

Really excited about this idea. I would love a Devise type solution (but in the sinatra style). padrino-warden is a good start but I could see something warden based but being modular and potentially more full featured.

nesquena avatar Apr 28 '11 06:04 nesquena

That would be cool!

pepe avatar Apr 28 '11 20:04 pepe

Most excellent and definitely needed. Being new to Padrino that was one of the first items I was looking for. Warden integration by default would be best.

wayneeseguin avatar May 09 '11 14:05 wayneeseguin

+1

I don't really need an authentication solution but imho the admin app would become more useful if you could create it without any auth stuff included.

rbq avatar May 09 '11 15:05 rbq

Mmm this is pretty difficult because auth stuff is managed by:

  1. account.rb # that fits each orm
  2. sessions.rb # that handle Account.authenticate

So if you want to replace builtin auth the only thing to do in (99% of cases) is change only:

# account.rb
def self.authenticate
  my_own_auth
end

DAddYE avatar May 09 '11 19:05 DAddYE

Shouldn't we take #384 into account, or has this gaping insecurity been addressed?

rakaur avatar May 13 '11 13:05 rakaur

+1

myabc avatar Jul 06 '11 14:07 myabc

+1

amacgregor avatar Feb 03 '12 00:02 amacgregor

What's about using the padrino-warden and porting the devise for rails to padrino?

snowyu avatar Mar 01 '12 09:03 snowyu

This should be similar or built on-top of padrino-warden. In my app I would like to specify the User model, login/logout paths, and authentication param names.

postmodern avatar Aug 08 '12 01:08 postmodern

+1

viacoffee avatar Dec 13 '12 03:12 viacoffee

How about this? https://github.com/maxjustus/sinatra-authentication#readme

ghost avatar Dec 18 '12 17:12 ghost

+1

ainformatico avatar Dec 20 '12 09:12 ainformatico

:+1: Similar: #132 #428. @lenzcom sinatra-authentication looks nice but it mixes authentication with authorisation and those should preferably be separated.

dariocravero avatar Dec 28 '12 03:12 dariocravero

What about if next version will come with a simple http basic auth and a couple of api to unplug it and add devise or sinatra-auth ?

DAddYE avatar Dec 29 '12 06:12 DAddYE

I would support sinatra-warden. sinatra-authentication does not use warden, so I don't trust it too much. Didn't Devise go Rails only?

postmodern avatar Dec 29 '12 07:12 postmodern

@DAddYE what you're proposing makes sense since it would simplify the offering and allow for better reusability. Even more, with a clear interface adding new solutions or integrating existing ones would be way easier. If it gains too much relevance we could even add them as part of the generator or put them on the plugins.

@postmodern yes, Devise is tied with Rails. Why not choosing padrino-warden instead (it's already based on sinatra-warden) and help making it better if it needs to?

dariocravero avatar Dec 29 '12 16:12 dariocravero

I think an authentication API like @DAddYE said would make sense. That way people can plug & play whatever authentication library they want. Essentially it would just be hooks that other auth libraries could use?

viacoffee avatar Dec 29 '12 16:12 viacoffee

The API sounds great, but using padrino admin auth too. I', thinking a way where they both can live together. The new awesome API can use by default the padrino admin auth, I think that means moving the admin auth templates outside the admin app, what do you think?

ainformatico avatar Dec 29 '12 19:12 ainformatico

@dariocravero Oops, turns out one of my padrino projects is already using padrino-warden with dm-is-authenticatable.

postmodern avatar Dec 30 '12 03:12 postmodern

I've used padrino-warden without issue several times and it works really well as a basic solution. Seems like that + dm-is-authenticatable is a great combination.

nesquena avatar Dec 30 '12 08:12 nesquena

padrino-warden is what I used and what inspired me to open this issue. The difference is that instead of using the gem I duplicated the code into my app so I can make more in-depth changes. This gives me control over the paths, parameters expected, and models that are associated with authentication. What I end up doing too is breaking out the authentication into its own 'subapp' with my other apps referencing that when authentication is needed. This felt like a nice way to make it a more 'drop-in' authentication solution that padrino can generate for you.

achiurizo avatar Dec 30 '12 18:12 achiurizo

@dariocravero: yes, you're right. that must be a flexible aspect of such a system..

ghost avatar Jan 04 '13 17:01 ghost

@ujifgc I know you put some effort behind this here https://github.com/ujifgc/padrino-auth just wanted record for later review in this issue. I don't think we should release a 1.0 without completing a reasonable authentication solution and this looks like a good start.

nesquena avatar Oct 19 '14 04:10 nesquena

:+1:

On Sun, Oct 19, 2014 at 6:01 AM, Nathan Esquenazi [email protected] wrote:

@ujifgc https://github.com/ujifgc I know you put some effort behind this here https://github.com/ujifgc/padrino-auth just wanted record for later review. I don't think we should release a 1.0 without completing a reasonable authentication solution and this looks like a good start.

— Reply to this email directly or view it on GitHub https://github.com/padrino/padrino-framework/issues/468#issuecomment-59638646 .

dariocravero avatar Oct 19 '14 11:10 dariocravero

:+1:

pchaganti avatar Jul 15 '15 14:07 pchaganti