@davydovanton and I are going to be working on an authentication solution for Hanami. We want something that’s as easy to use as devise, but done in a Hanami way (with less magic).
Talking with @jodosha and @davydovanton, we think it’s good to start with session management. That is, the very first iteration will not have user sign up, only user log in / log out. From there we can iterate and add support for omniauth, and traditional in-app email sign up.
After that, other nice-to-have features, for me, would be confirmations & password resets. Do other agree?
What other features should we add? We want to keep it as lean as possible, and iterate quickly.
In general, I want to see hanami (CLI?) app wich will create files with all actions and view in auth application instead “magic” controllers like in devise.
Generators
In general, I see something like this:
hanami g auth model # => account model with some methods
hanami g auth app # => new hanami auth app with config
hanami g auth base # => sessions#create, sessions#delete, etc
hanami g auth reset-password # => actions for this logic
hanami g auth oauth # => all for auth app
Also, we should generate specs with tests for each generated action.
Model
I think we need to set account as a default model.
Generated fields:
password_hash
email (commented)
login (commented)
Now I’m working on simple Authentication module with simple methods (authenticate!, current_account, etc).
Unfortunately I don’t have an example of Tachiban in action yet. I’m planning on using it right after I release it. Although the code in Tachiban was extracted and from an app in production and slightly expanded in some cases to be more flexible.
Hi, I’ve recently developed an interest in hanami and decided to build a pet project in it. One of the first things I looked for was an authentication framework. Here is my 2cents.
Tachiban seems to currently be the only serious attempt, however I decided to skip it because it seems to be early in development and, more importantly, invents it’s own session management instead of leveraging warden gem (https://github.com/hassox/warden). I decided to roll my own with warden and bcrypt since it’s very easy. I’ve even done it a few times in the past in rails apps, skipping over devise for simplicity.
I would just like to suggest that any auth framework really should leverage both warden and bcrypt since they are both very mature, battle tested and actively maintained gems that fit into hanami philosophy. I was considering extracting the authentication from my pet app into a gem once it’s finished but I’d be even happier to just contribute to an existing gem following the same philosophy.
FWIW I had no intention of reinventing the wheel or replacing any existing solutions, but rather to learn the concepts of authentication and authorization as well as any related subjects. For me, the best way was to try to do it myself as much as possible. In the process I ended up with Tachiban. Admittedly there’s a long road ahead since it’s still a WIP, but I’ll continue to work on it as much as my schedule permits it to complete the set goals.
Yes, warden is very much maintained. It’s just a very mature and stable library with little need for modifications which is why there is not much activity. Also, since it’s a pure rack implementation it doesn’t get affected by new releases of Rails. Besides, Devise depends on it so it will stay live for at least as long as Devise itself is live.
I’ve got user registration, log in and log out nearly working in my pet app with bcrypt and warden. It’s going a bit slowly since I’m basically learning Hanami along the way but I’m almost done with the first version. After that I’ll extract just the authentication into a separate project so you can see it. It might be useful as an example app to play around in.
One of the benefits of basing it on warden is, of course, the existing ecosystem. I.e. omniauth was mentioned which should be pretty easy to add through warden: https://github.com/hassox/warden_omniauth.
FWIW I had no intention of reinventing the wheel or replacing any existing solutions, but rather to learn the concepts of authentication and authorization as well as any related subjects. For me, the best way was to try to do it myself as much as possible. In the process I ended up with Tachiban. Admittedly there’s a long road ahead since it’s still a WIP, but I’ll continue to work on it as much as my schedule permits it to complete the set goals.
You’re definitely right, doing things from scratch is the best way to learn, I often do that as well. However, when I’m done, if there is a better existing solution that satisfies all requirements I also often delete my code and switch to the existing solution. Of course, if you have plans for implementing a different feature set not supported by existing solutions then it also makes sense to build from scratch.
Hi all, It’s been 2 years, any progress on authentication library development? I’d be happy to help with an existing project if there is one (all seem to be abandoned) for such a popular feature.
if you are interested, you’re welcome to help with Tachiban. I was pressed for time with other projects up until now, but I plan to continue with it as of now since we’re using it in our next application. There is a dedicated channel on gitter.
Rodauth by Jeremy Evans looks super advanced and flexible enough that it should integrate well into any Rack-based web framework, including Hanami.
I would first give that a decent try before creating a Hanami-specific solution, especially because being web framework agnostic means Rubyists using different frameworks can focus on a single solution.