The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
$ bundle add authentication-zero
If you are using Rails < 7.2, you must use version 3.
$ bundle add authentication-zero --version "~> 3"
If you are using Rails < 7.1, you must use version 2.
$ bundle add authentication-zero --version "~> 2"
$ rails generate authentication
Since Authentication Zero generates this code into your application instead of building these modules into the gem itself, you now have complete freedom to modify the authentication system, so it works best with your use case. The one caveat with using a generated authentication system is it will not be updated after it's been generated. Therefore, as improvements are made to the output of rails generate authentication
, it becomes your responsibility to determine if these changes need to be ported into your application. Security-related and other important improvements will be explicitly and clearly marked in the CHANGELOG.md
file and upgrade notes.
Use before_action :require_sudo
in controllers with sensitive information, it will ask for your password on the first access or after 30 minutes.
Some artifacts are generated in the application, which makes it possible to implement row-level multitenancy applications. The Current.account
is set using the current user account.
You should follow some steps to make it work:
account_id
to each scoped table. ex: rails g migration add_account_to_projects account:references
.include AccountScoped
to scoped models. It set up the account relationship and default scope using the current account.Set Current.account
through the URL. http://myapp.com/:account_id
. (optional)
require_relative "../lib/account_middleware"
to config/application.rb
.config.middleware.use AccountMiddleware
to your application class.To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/lazaronixon/authentication-zero. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
The gem is available as open source under the terms of the MIT License.
Everyone interacting in the AuthenticationZero project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.