Basic authorization and authentication rails app

This project is intended to provide the base of a web app that can authenticate via Devise using Facebook, while using a role authorization mechanism with cancan.

The purpose is to reuse and save time for developing backends. Great for a quick hackaton setup to integrate with Heroku.

Versions

It was planned over Rails 3.2.11 (the newest & latest supported by Heroku at the time). When developed it worked over:

devise 2.2.3 omniauth-facebook 1.4.1 cancan 1.6.9

Authentication config with devise

Introduce your FACEBOOK app credentials in config/environments/development.rb and modify your preferences in config/initializers/devise.rb

The User model contains the next fields:

first_name, string last_name, string uid, string (to store the external id) created_at, datetime updated_at, datetime

The current Devise config adds the next ones:

email, string encrypted_password, string reset_password_token, string reset_password_sent_at, datetime remember_created_at, datetime sign_in_count, integer current_sign_in_at, datetime last_sign_in_at, datetime current_sing_in_ip, string last_sign_in_ip, string

Normally, your user table will need other fields so just add migrations on top of it as needed.

Custom routes for signin, signup and logout are specified in config/routes.rb

Authorization config with cancan

The cancan configuration is built on top of a Roles table, which has a ‘has_and_belongs_to_many’ relationship with the Users table.

As an example and to get the app functional right away an ‘admin’ role and a dummy admin user was created in db/seeds.rb. Please modify this to set your default admin user.

The app/models/ability.rb file considers only an admin and a guest user. The admin one has management access to all resources, while the guest user gets read access to all resources. You can define more complex rules as you scale your app in here :)

Setup

  1. Clone this repository

  2. Create and configure your facebook app in developers.facebook.com/apps . Make sure you check the ‘website with facebook login’ option and type your local server address with something like ‘localhost:3000’ so you can test.

  3. Edit the config/environments/development.rb file with your Facebook app key and secret.

  4. Configure your database and run the migrations.

  5. Test your Facebook signup by launching your server and entering the /signup path. Eg. localhost:3000/signup -> Signin with Facebook

Questions

To get more custom fucntionality, please check the valuable documentation that is provided in the gems’ repositories: