"before_filter :authenticate_user!" on ApplicationController

[Marcelo Silveira]

Hey Guys,

I usually place the authentication before filter on my
ApplicationController to follow a "deny,allow" security policy and
make all the other controllers inherit it.

While trying this with Devise I ran into a redirect problem. It seems
to be due to devise's controllers inheriting ApplicationController
thus having the authenticate_user! filter in chain. This create an
infinite loop of redirects to the sign in page.

Am I missing something or is it really an issue?

Thanks,
Marcelo

[José Valim]

It appears to be an issue.

I can think of two solutions:

1) You can create a module or another controller that inherits from ApplicationController and then your protected controllers should use it;

2) We can create a method that tells when a controller is a devise controller, so you could do:

before_filter :authenticate_user!, :unless => proc { |c| c.devise_controller? }

Could you please open an issue?

Thanks!

--
José Valim

[José Valim]

Ok, already fixed that. :authenticate_user! should work by default in
the next release.
For all the other filters you can use before_filter :foo, :unless
=> :devise_controller?

[Marcelo Silveira]

Hey José,

Thanks for fixing it. I just noticed the 0.4.2 release.

Another question ... have you thought on people migrating from another authentication solutions (authlogic, restful_authentication, clearance, etc?)?

On the top of my head I can only think on the different password encryption strategies ... is there any other aspect of it I might be leaving behind?

In the case I'm right, what would you think about the development of some encryption adapters which would allow people from another solutions to migrate to devise?

Thanks,
Marcelo

[José Valim]

Marcelo,

I personally have no interest in developing such kind of features, but I would accept patches gladly.

Regards,

--
José Valim

[Marcelo Silveira]

Hi José,

Two things.

First. Would you mind to take a look on what I've done so far? I
basically moved the Authenticatable encryption method into a new class
under the Encryptors module and added a config option to the
initializer. This way new classes can be created under the Encryptors
module to handle different encryption strategies.
http://github.com/mhfs/devise/commit/fdea519df86d999201ed8cc0d5b7230c3f47e43f

Second. During my tests it seemed to me the config default values
don't get overwritten by the values specified in the initializer. Do
you know anything about it?

Thanks,
Marcelo

On Nov 6, 3:32 pm, José Valim <jose.va...@gmail.com> wrote:
> Marcelo,
>
> I personally have no interest in developing such kind of features, but I
> would accept patches gladly.
>
> Regards,
>
>
>
> On Fri, Nov 6, 2009 at 3:31 PM, Marcelo Silveira <gra...@gmail.com> wrote:
> > Hey José,
>
> > Thanks for fixing it. I just noticed the 0.4.2 release.
>
> > Another question ... have you thought on people migrating from another
> > authentication solutions (authlogic, restful_authentication, clearance,
> > etc?)?
>
> > On the top of my head I can only think on the different password encryption
> > strategies ... is there any other aspect of it I might be leaving behind?
>
> > In the case I'm right, what would you think about the development of some
> > encryption adapters which would allow people from another solutions to
> > migrate to devise?
>
> > Thanks,
> > Marcelo
>

[José Valim]

On Mon, Nov 9, 2009 at 7:07 PM, Marcelo Silveira <gra...@gmail.com> wrote:

Hi José,

Two things.

First. Would you mind to take a look on what I've done so far?

It looks excellent, thanks!

When you finish, please tell me that I will work on the merge!

Second. During my tests it seemed to me the config default values
don't get overwritten by the values specified in the initializer. Do
you know anything about it?

It may be possible, I will fix that in a couple hours.

Thanks!

--
José Valim

[José Valim]

Just one small issue:

http://github.com/mhfs/devise/blob/fdea519df86d999201ed8cc0d5b7230c3f47e43f/lib/devise/models/encryptors/sha1.rb#L24

Devise stretches should be retrieved from the model. :)

--
José Valim

[José Valim]

Ah, and there is not need to let encryptors inside models namespace, they could simply be Devise::Encryptors::Sha1!

Thanks!

--
José Valim

[Marcelo F Silveira]

Hmmmm ... so it seems I'll need to add it to the encryptor_params. I was trying to come up with a way of figuring out the model class form within the encryptor class but doesn't look like a good idea.

Thanks for the feedback.

Tomorrow I'll get back to you.

What do you prefer? Patch or Pull Request?

Thanks,

Marcelo

[José Valim]

I think pull request is easier for both os us! I would just ask that, instead of really doing a pull request, open an issue with a link to your repo. So we can address priorities properly. :)

Thank you!

--
José Valim

[Marcelo Silveira]

Hey José,

I think I'm done. Created the issue as you requested (#30).

If you find any problems let me know.

Cheers,
Marcelo

On Nov 9, 11:07 pm, José Valim <jose.va...@gmail.com> wrote:
> I think pull request is easier for both os us! I would just ask that,
> instead of really doing a pull request, open an issue with a link to your
> repo. So we can address priorities properly. :)
>
> Thank you!
>
> On Mon, Nov 9, 2009 at 10:57 PM, Marcelo F Silveira <gra...@gmail.com>wrote:
>
>
>
> > Hmmmm ... so it seems I'll need to add it to the encryptor_params. I was
> > trying to come up with a way of figuring out the model class form within the
> > encryptor class but doesn't look like a good idea.
>
> > Thanks for the feedback.
>
> > Tomorrow I'll get back to you.
>
> > What do you prefer? Patch or Pull Request?
>
> > Thanks,
> > Marcelo
>
> > On Nov 9, 2009, at 7:42 PM, José Valim wrote:
>
> > Just one small issue:
>

> >http://github.com/mhfs/devise/blob/fdea519df86d999201ed8cc0d5b7230c3f...

>
> > Devise stretches should be retrieved from the model. :)
>

[José Valim]

Excellent, I will take a look as soon as I get home!

Thanks!

--
José Valim