Acts As Authentable

Largely based on restful_authentication by Rick Olson. Changes include:

• Bcrypt is used for password storage.
• Specified with RSpec.
• Authentication mechanisms are seperated into modules contained within the plugin.
• Generators are only used for migrations.
• Does not include email verification.

This plugin does not generate controller code for you. Partly because I’m lazy and partly since example code (taken from restful_authentication) can be found in the resources directory of the plugins spec folder.

For a rationale on why SHA1 with individual salts is sub-par to bcrypt read Thomas Ptacek’s article¹.

http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/

Example

Using acts_as_authentable is as easy as:

Installing bcrypt-ruby:

gem install bcrypt-ruby

Installing acts_as_authentable:

./script/plugin install http://acts-as-authentable.googlecode.com/svn/trunk/acts_as_authentable

Annotate the model object you want to be authentable:

class User < ActiveRecord::Base
  acts_as_authentable
end

Creating a migration for adding fields to the authentable model:

./script/generate authentable user

creates a migration:
  db/migrate/XXX_add_authentable_fields_for_users.rb

If you have rspec and rspec_on_rails installed verify the plugin with:

rake spec:plugins

Copyright© 2007 Eivind Uggedal <eu>, released under the MIT license.

NOTE: This description has been extracted from the Plugin README and so the formatting may need updating to make browser friendly