/rails3-mongoid-omniauth

An example Rails 3.2 app with Mongoid for data, OmniAuth for authentication. With a tutorial.

Primary LanguageRuby

Rails Application for Omniauth with Mongoid Rails App for Omniauth with Mongoid

For a Rails 4.1 example application with OmniAuth, see the rails-omniauth application, with an OmniAuth Tutorial.

This is a Rails 3.2 example application for Omniauth with Mongoid.

  • OmniAuth manages authentication using a service provider such as Twitter or Facebook.
  • MongoDB is used as a datastore with the Mongoid gem for quick development without schemas or migrations.
  • Service Providers: Facebook, Twitter, GitHub, LinkedIn, and many more.
  • Gems: Mongoid and OmniAuth plus optional jQuery, Haml, RSpec and Cucumber.

You can build this application in only a few minutes using the Rails Composer tool.

Follow on Twitter Follow on Twitter

Follow the project on Twitter: @rails_apps. Please tweet some praise if you like what you’ve found.

What Is Implemented — and What Is Not

This is a demonstration application that allows you to visit a home page and see a list of users. You can log in using a service provider such as Twitter and view a profile for each user. You can customize this app as you need.

Single Provider or Multiple Providers?

This application is designed for sign-in with a single provider. For example, you may be creating an application just for Twitter users. Alternatively, it’s possible to create an application that lets a user log in using multiple providers. For these more complex applications, see other examples and tutorials listed below.

When to use Devise?

Devise provides authentication using username (or email address) and password. If you don’t need the option of using a username/password, that is, if you wish to have all your users sign in using a service provider’s account (such as Twitter or Facebook), there’s no need to use Devise. Devise can be used in conjunction with the OmniAuth gem when you need to offer users the option of signing up for access to a website using an email address. For example, combine Devise with OmniAuth to accommodate users who want to log in with various service providers (Twitter, Facebook, etc.) as well as users who don’t have external accounts and want to sign up with just an email address. See suggestions below for tutorials and examples that combine Devise with OmniAuth.

The Email Problem

You don’t need to ask a visitor for an email address when you build an application that allows a user to log in using a service provider such as Twitter or Facebook. You may consider that an advantage: if a user is logged in with Twitter or Facebook, they don’t need to enter an email address and password to access your application. However, the lack of an email address may be a business drawback, if you want the opportunity to stay in contact with the user by email. Some service providers provide the user’s email address to your application (Facebook). Some service providers only provide the email address at the user’s option (GitHub supplies it if the user has provided a public email address). And other service providers do not provide the email address at all (Twitter, Meetup, LinkedIn).

This example app shows how to request an email address from the user when he or she first requests access to your application. It is easy to remove this feature if you don’t require it.

Similar Examples and Tutorials

This is one in a series of Rails example apps and tutorials from the RailsApps Project. See a list of additional Rails examples, tutorials, and starter apps.

Obtaining API Keys

Before installing the application, you may wish to contact the service provider you’ll use to obtain any required API keys. The example assumes you will be using Twitter.

Twitter

Visit https://dev.twitter.com/apps/new to register your application. When you register your application, use the following values:

Application Website Callback URL Notes
http://example.com http://127.0.0.1:3000/ http://localhost:3000/ doesn’t work

Facebook

Visit http://developers.facebook.com/setup to register your application.

GitHub

Visit https://github.com/settings/applications/new to register your application.

Dependencies

Before running this app, you will need:

  • The Ruby language (version 1.9.3 or 2.0.0)
  • The Rails gem (version 3.2.13)
  • A working installation of MongoDB (version 2.0.0 or newer)

See the article Installing Rails for advice about updating Rails and your development environment.

Installing MongoDB

If you don’t have MongoDB installed on your computer, you’ll need to install it and set it up to be always running on your computer (run at launch).

On Mac OS X, the easiest way to install MongoDB is to install Homebrew and then run the following:

brew install mongodb

Homebrew will provide post-installation instructions to get MongoDB running. The last line of the installation output shows you the MongoDB install location (for example, /usr/local/Cellar/mongodb/1.8.0-x86_64). You’ll find the MongoDB configuration file there. After an installation using Homebrew, the default data directory will be /usr/local/var/mongodb.

On the Debian GNU/Linux operating system, as of March 2013, the latest stable version is MongoDB 2.0.0. With MongoDB 2.0.0, the Mongoid gem must be version 3.0.×. See the Mongoid installation instructions. Change your Gemfile to use an earlier Mongoid version:

gem 'mongoid', '~> 3.0.1'

Getting the Application

You have several options for getting the code.

Fork

If you’d like to add features (or bug fixes) to improve the example application, you can fork the GitHub repo and make pull requests. Your code contributions are welcome!

Clone

If you want to copy and customize the app with changes that are only useful for your own project, you can clone the GitHub repo. You’ll need to search-and-replace the project name throughout the application. You probably should generate the app instead (see below). To clone:

$ git clone git://github.com/RailsApps/rails3-mongoid-omniauth.git

You’ll need git on your machine. See Rails and Git.

Generate

If you want to use the project as a starter app, use the Rails Composer tool to generate a new version of the example app. You’ll be able to give it your own project name when you generate the app. Generating the application gives you many additional options.

To build the example application, run the command:

$ rails new rails3-mongoid-omniauth -m https://raw.github.com/RailsApps/rails-composer/master/composer-Rails3_2.rb -T -O

Use the -T -O flags to skip Test::Unit files and Active Record files.

The $ character indicates a shell prompt; don’t include it when you run the command.

This creates a new Rails app named rails3-mongoid-omniauth on your computer.

You’ll see a prompt:

question  Install an example application?
      1)  I want to build my own application
      2)  membership/subscription/saas
      3)  rails-prelaunch-signup
      4)  rails3-bootstrap-devise-cancan
      5)  rails3-devise-rspec-cucumber
      6)  rails3-mongoid-devise
      7)  rails3-mongoid-omniauth
      8)  rails3-subdomains

Choose rails3-mongoid-omniauth. The Rails Composer tool may give you other options (other choices may have been added since these notes were written).

The application generator template will ask you for additional preferences:

 question  Web server for development?
       1)  WEBrick (default)
       2)  Thin
       3)  Unicorn
       4)  Puma
 question  Web server for production?
       1)  Same as development
       2)  Thin
       3)  Unicorn
       4)  Puma
 question  Template engine?
       1)  ERB
       2)  Haml
       3)  Slim
   extras  Set a robots.txt file to ban spiders? (y/n)
   extras  Use or create a project-specific rvm gemset? (y/n)
   extras  Create a GitHub repository? (y/n)

Web Servers

Use the default WEBrick server for convenience. If you plan to deploy to Heroku, select “thin” as your production webserver.

Template Engine

The example application uses the default “ERB” Rails template engine. Optionally, you can use another template engine, such as Haml or Slim. See instructions for Haml and Rails.

Other Choices

Set a robots.txt file to ban spiders if you want to keep your new site out of Google search results.

It is a good idea to use rvm, the Ruby Version Manager, and create a project-specific rvm gemset (not available on Windows). See Installing Rails.

If you choose to create a GitHub repository, the generator will prompt you for a GitHub username and password.

Troubleshooting

If you get an error “OpenSSL certificate verify failed” or “Gem::RemoteFetcher::FetchError: SSL_connect” see the article OpenSSL errors and Rails.

If you get an error like this:

Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.
    composer  Running 'after bundler' callbacks.
The template [...] could not be loaded.
Error: You have already activated ..., but your Gemfile requires ....
Using bundle exec may solve this.

It’s due to conflicting gem versions. See the article Rails Error: “You have already activated (…)”.

Other problems? Check the issues.

Edit the README

If you’re storing the app in a GitHub repository, please edit the README files to add a description of the app and your contact info. If you don’t change the README, people will think I am the author of your version of the application.

Getting Started

Install the Required Gems

Check the Gemfile to see which gems are used by this application.

If you used the Rails Composer tool to generate the example app, the application template script has already run the bundle install command.

If not, you should run the bundle install command to install the required gems on your computer:

$ bundle install

You can check which gems are installed on your computer with:

$ gem list

Keep in mind that you have installed these gems locally. When you deploy the app to another server, the same gems (and versions) must be available.

I recommend using rvm, the Ruby Version Manager, to create a project-specific gemset for the application. See the article Installing Rails.

Configure Mongoid

Mongoid provides access to the MongoDB database from Rails.

You can use the default configuration found in the file config/mongoid.yml.

If you want to see what’s in your MongoDB databases, I recommend using the MongoHub app (for Mac OS X).

Configure Email

This example application doesn’t send email messages. However, if you want your application to send email messages you must configure the application for your email account. See the article Send Email with Rails.

Configuration File

The application uses the figaro gem to set environment variables. Credentials for your service provider account are set in the config/application.yml file. The .gitignore file prevents the config/application.yml file from being saved in the git repository so your credentials are kept private. See the article Rails Environment Variables for more information.

Modify the file config/application.yml:

# Add account credentials and API keys here.
# See http://railsapps.github.io/rails-environment-variables.html
# This file should be listed in .gitignore to keep your settings secret!
# Each entry sets a local environment variable and overrides ENV variables in the Unix shell.
# For example, setting:
# GMAIL_USERNAME: Your_Gmail_Username
# makes 'Your_Gmail_Username' available as ENV["GMAIL_USERNAME"]
# Add application configuration variables here, as shown below.
#
ADMIN_NAME: First User
ADMIN_EMAIL: user@example.com
ADMIN_PASSWORD: changeme
OMNIAUTH_PROVIDER_KEY: Your_OmniAuth_Provider_Key
OMNIAUTH_PROVIDER_SECRET: Your_OmniAuth_Provider_Secret

The ADMIN_NAME, ADMIN_EMAIL, and ADMIN_PASSWORD settings are not used in this application.

You’ll obtain an API key and secret token for the service provider you’ll use. For most service providers, you need to register your application and obtain API keys to use their authentication service.

All configuration values in the config/application.yml file are available anywhere in the application as environment variables. For example, ENV["OMNIAUTH_PROVIDER_KEY"] will return the string “Your_OmniAuth_Provider_Key”.

If you prefer, you can delete the config/application.yml file and set each value as an environment variable in the Unix shell.

Set Up Configuration for OmniAuth

This app uses OmniAuth for user management and authentication. OmniAuth is at https://github.com/intridea/omniauth.

You’ll need an OmniAuth initialization file config/initializers/omniauth.rb set up for the service provider you’ll use. You’ll set the API key and secret token in the config/application.yml file and initialize OmniAuth with the config/initializers/omniauth.rb file.

For Twitter:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter, ENV['OMNIAUTH_PROVIDER_KEY'], ENV['OMNIAUTH_PROVIDER_SECRET']
end

For Facebook:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['OMNIAUTH_PROVIDER_KEY'], ENV['OMNIAUTH_PROVIDER_SECRET']
end

For others, see Module: OmniAuth::Strategies.

You can replace ENV["OMNIAUTH_PROVIDER_KEY"] and ENV["OMNIAUTH_PROVIDER_SECRET"] with your API key and secret token. However, committing the file to a public GitHub repository will expose your access codes. Instead, we advise to set the provider API key and secret token in the config/application.yml file. Recording sensitive information in the config/initializers/omniauth.rb file might expose it publicly on a GitHub repo. See the article Rails Environment Variables for more information.

Set Up a Database Seed File

The db/seeds.rb file initializes the database with default values. This application doesn’t need to initialize the datastore. If you customize the application and wish to initialize the datastore, you can use the db/seeds.rb file.

Set the Database

If you add anything to the db/seeds.rb file, you can initialize the datastore by running the commands:

$ rake db:seed

Use rake db:reseed if you want to empty and reseed the database. Or you can use rake db:drop and rake db:setup. The equivalent task for Rails with ActiveRecord is rake db:reset which will be available in Mongoid 4.0.

Set the database for running tests:

$ rake db:test:prepare

If you’re not using rvm, the Ruby Version Manager, you should preface each rake command with bundle exec. You don’t need to use bundle exec if you are using rvm version 1.11.0 or newer.

Change your Application’s Secret Token

If you’ve used the Rails Composer tool to generate the application, the application’s secret token will be unique, just as with any Rails application generated with the rails new command.

However, if you’ve cloned the application directly from GitHub, it is crucial that you change the application’s secret token before deploying your application in production mode. Otherwise, people could change their session information, and potentially access your site without your permission. Your secret token should be at least 30 characters long and completely random.

Get a unique secret token:

rake secret

Edit your config/initializers/secret_token.rb file to add the secret token:

Rails3MongoidOmniauth::Application.config.secret_token = '...some really long, random string...'

Test the App

You can check that your app runs properly by entering the command

$ rails server

To see your application in action, open a browser window and navigate to http://localhost:3000/. You should see the default user listed on the home page. When you click on the user’s name, you should be required to log in before seeing the user’s profile page.

If you test the app by starting the web server and then leave the server running while you install new gems, you’ll have to restart the server to see any changes. The same is true for changes to configuration files in the config folder. This can be confusing to new Rails developers because you can change files in the app folders without restarting the server. Stop the server each time after testing and you will avoid this issue.

Deploy to Heroku

For your convenience, here are instructions for deploying your app to Heroku. Heroku provides low cost, easily configured Rails application hosting.

Testing

No RSpec unit tests or Cucumber scenarios and step definitions are provided.

After installing the application, run rake -T to check that rake tasks for RSpec and Cucumber are available.

Run rake spec to run all RSpec tests.

Run rake cucumber (or more simply, cucumber) to run all Cucumber scenarios.

Please send the author a message, create an issue, or submit a pull request if you can contribute RSpec or Cucumber files.

Troubleshooting

Problems? Check the issues.

Problems with “Certificate Verify Failed”

Are you getting an error “OpenSSL certificate verify failed” when you try to generate a new Rails app from an application template? See suggestions to resolve the error Certificate Verify Failed.

Documentation and Support

Ryan Bates offers a Railscast on Simple OmniAuth. You can find documentation for OmniAuth at https://github.com/intridea/omniauth. There is an active OmniAuth mailing list and you can submit OmniAuth issues at GitHub.

Issues

Please create a issue on GitHub if you identify any problems or have suggestions for improvements.

Where to Get Help

Your best source for help with problems is Stack Overflow. Your issue may have been encountered and addressed by others.

You can also try Rails Hotline, a free telephone hotline for Rails help staffed by volunteers.

Contributing

If you make improvements to this application, please share with others.

Send the author a message, create an issue, or fork the project and submit a pull request.

If you add functionality to this application, create an alternative implementation, or build an application that is similar, please contact me and I’ll add a note to the README so that others can find your work.

Credits

Daniel Kehoe implemented the application and wrote the tutorial.

Is the app useful to you? Follow the project on Twitter: @rails_apps
and tweet some praise. I’d love to know you were helped out by what I’ve put together.

MIT License

MIT License

Copyright © 2012-13 Daniel Kehoe

Useful Links

Getting Started Articles Tutorials
Ruby on Rails Analytics for Rails Rails Bootstrap
What is Ruby on Rails? Heroku and Rails Rails Foundation
Learn Ruby on Rails JavaScript and Rails RSpec Tutorial
Rails Tutorial Rails Environment Variables Rails Devise Tutorial
Ruby on Rails Tutorial for Beginners Git and GitHub with Rails Devise RSpec
Install Ruby on Rails Send Email with Rails Devise Bootstrap
Install Ruby on Rails – Mac OS X Haml and Rails Rails Membership Site with Stripe
Install Ruby on Rails – Ubuntu Rails Application Layout Rails Subscription Site with Recurly
Ruby on Rails – Nitrous.io HTML5 Boilerplate for Rails Startup Prelaunch Signup Application
Update Rails Example Gemfiles for Rails
Rails Composer Rails Application Templates
Rails Examples Rails Product Planning
Rails Starter Apps Rails Project Management