Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Multiple applications using Authlogic, authenticating users in one database?

I've seen the question asked a few times on the Google groups but no one seems to follow-up with an answer or solution.. Is it possible to use a central database for User creation and authentication from multiple Rails applications using Authlogic?

It isn't an option for me to use OpenID right now, I'd love to but my client does not support it yet.

like image 730
revgum Avatar asked Oct 27 '09 15:10

revgum


3 Answers

It seems that there still hasn't been a solution posted to the original question.

I had a similar problem. I had multiple rails applications and I needed to be able to track users between activity on all of them. So, I wanted to have a single application for managing users and tracking and all the other applications would connect to this user database to authenticate.

I was already using Authlogic for some other projects, so I was hoping that it would be as simple as changing some configuration settings.

Here's My solution:

I created the main user tracking application. There was nothing special about the application. It allowed users to register, log in, log out, etc. Once users were logged in they could then navigate to the other apps.

In the environments.rb file of my user application and every application needing to authenticate with the base application, you need to set up the session key and domain to be the SAME.

config.action_controller.session = {
  :session_key => '_my_app_session',
  :secret      => '_long_secret_session_key_here',
  :domain => ".basedomain.com" 
}

Each of my applications are under their own subdomain, such as app1.basedomain.com app2.basedomain.com I'm not sure if this would work otherwise without some more changes.

In each application, Create the UserSession

class UserSession < Authlogic::Session::Base   
end

and User models.

class User < ActiveRecord::Base
   establish_connection "users_database"
   acts_as_authentic 
end

What is different in this User model is that it now has the establish connection method. the "users_database" is in the database.yml file and points to the database for the central user management application.

I didn't go as far as having log in and log out throughout my sub-applications, but if you did you would have to create the UserSessionsController as well.

In each application that uses authentication, I included some helper methods in the ApplicationController, for example,

   def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find
   end

   def current_user
      return @current_user if defined?(@current_user)
      @current_user = current_user_session && current_user_session.record
   end

   def require_user
     unless current_user
       store_location
       redirect_to 'http://main_user_login_page'
       return false
     end
   end

Then I can use 'require_user' in my controllers where I want authentication just like I can in my main user application.

Hope this helps.

Chase M Gray

like image 142
Chase M Gray Avatar answered Nov 20 '22 20:11

Chase M Gray


From a design point of view, have you thought about creating a system dedicated to handle the user information and authentication. Then have your other applications connect to that system through a secure API, most likely internal. You can keep your databases separated, and keep the user database secure by only allowing access through the API.

like image 2
Aaron Van Bokhoven Avatar answered Nov 20 '22 19:11

Aaron Van Bokhoven


The short answer is "Yes." Sure. Sharing a user model between applications isn't fundamentally different from sharing any other type of model between applications. Heck, you could potentially even pull your user data via REST with ActiveResource if you didn't mind it being a little bit slow.

But if Authlogic and solutions like it aren't a locked-in business constraint, there are other ways to handle SSO (single sign-on) besides just OpenID. Take a look at RubyCAS, Castronaut (maybe with Casablanca for a client), or for a totally different approach, Hancock.

like image 1
SFEley Avatar answered Nov 20 '22 19:11

SFEley