Software Development |
Ruby on Rails
altered_beast Authentication
altered_beast uses several plugins and gems as the basis for its authentication:
- brain_buster plugin
- ruby-openid gem
- open_id_authentication plugin
- acts_as_state_machine plugin
- restful_authentication plugin
brain_buster plugin
I discuss the brain_buster plugin more deeply on a separate page. Suffice to say that it is disabled by default but if enabled it provides a logic captcha.
open_id_authentication plugin
rails's open_id_authentication provides a wrapper around the ruby-openid gem.
altered_beast user acts_as_state_machine
restful_authentication plugin
The restful_authentication plugin provides a foundation for securely managing user authentication:
- Login / logout
- Secure password handling
- Account activation by validating email
- Account approval / disabling by admin
- Rudimentary hooks for authorization and access control.
acts_as_state_machine
restful_authentication plugin uses the acts_as_state_machine plugin to manage the user's states.
Notifications
app/models/user_mailer.rb is where the user notifications emails are created.
Salt
A salt is a set of random bits used, in conjunction with a password or passphrase, as the inputs to a key derivation function. The output is the encrypted version of the password. If the salt is large enough a salted password makes a simple dictionary attack against the encrypted values impractical.
Salts are all over altered_beast. Salt values are set in and/or use in:
- app\models\user\validation.rb
- initializers\site_keys.rb
- db\schema.rb
- spec\fixtures\users.yml
- spec\model_stubs.rb
- vendor\plugins\brain_buster\examples\lib\brain_buster_functional_example.rb
- vendor\plugins\brain_buster\lib\brain_buster_system.rb
- vendor\plugins\brain_buster\README.markdown
- vendor\plugins\open_id_authentication\generators\open_id_authentication_tables\templates\migration.rb
- vendor\plugins\open_id_authentication\generators
\upgrade_open_id_authentication_tables\templates\migration.rb - vendor\plugins\open_id_authentication\lib\open_id_authentication\db_store.rb
- vendor\plugins\restful_authentication\generators\authenticated\authenticated_generator.rb
- vendor\plugins\restful_authentication\generators\authenticated\templates\migration.rb
- vendor\plugins\restful_authentication\generators\authenticated\templates\model.rb
- vendor\plugins\restful_authentication\generators\authenticated\templates\site_keys.rb
- vendor\plugins\restful_authentication\generators\authenticated\templates\spec\fixtures\users.yml
- vendor\plugins\restful_authentication\lib\authentication\by_password.rb
References
Fernandez, O. (2008). The Rails Way. NJ: Addison-Wesley.