lazaronixon / authentication-zero

An authentication system generator for Rails applications.
MIT License
1.65k stars 52 forks source link
api auth authentication generator rails rails-authentication ruby security token

Authentication Zero

The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.

Installation

$ bundle add authentication-zero

If you are using Rails < 7.2, you must use version 3.

$ bundle add authentication-zero --version "~> 3"

If you are using Rails < 7.1, you must use version 2.

$ bundle add authentication-zero --version "~> 2"

Usage

$ rails generate authentication

Developer responsibilities

Since Authentication Zero generates this code into your application instead of building these modules into the gem itself, you now have complete freedom to modify the authentication system, so it works best with your use case. The one caveat with using a generated authentication system is it will not be updated after it's been generated. Therefore, as improvements are made to the output of rails generate authentication, it becomes your responsibility to determine if these changes need to be ported into your application. Security-related and other important improvements will be explicitly and clearly marked in the CHANGELOG.md file and upgrade notes.

Features

Essential

More

Generated code

Sudoable

Use before_action :require_sudo in controllers with sensitive information, it will ask for your password on the first access or after 30 minutes.

Tenantable

Some artifacts are generated in the application, which makes it possible to implement row-level multitenancy applications. The Current.account is set using the current user account.

You should follow some steps to make it work:

Set Current.account through the URL. http://myapp.com/:account_id. (optional)

Development

To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/lazaronixon/authentication-zero. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the AuthenticationZero project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.