Janus is an authentication engine for Ruby on Rails 3+ to painlessly handle users in your apps. It comes with everything needed, from the migrations to the controllers, plus some different strategies to keep user signed in.
Janus also tries to be somewhat compatible with Devise's API and conventions, because there was no reason to change it completely. Thought there are some differences, like controllers and views being required in your apps, and emails being sent from the controllers and never from the models.
full auth system with strategies and hooks;
scoped auth for parallel authentications (like
abstract controllers and mailer ready to use;
generators to have everything generated automatically;
use only what you need at anytime.
As for the strategies and hooks:
DatabaseAuthenticatable to auth users with passwords (plus registration and password reset);
RemoteAuthenticatable to keep users signed in across top level domains;
TokenAuthenticatable to auth users with unique tokens;
Confirmable to have users confirm their emails upon registration;
Rememberable to keep users authentified;
First add the janus gem to your Gemfile, then run
bundle to install it:
gem 'janus' gem 'bcrypt' # gem 'scrypt'
You also need either the bcrypt or scrypt gems, depending on which library you want to use to encrypt the passwords. Janus uses bcrypt by default, to be compatible with Devise, but you may prefer scrypt, which is stronger.
janus:install generator to setup janus in your app:
$ rails generate janus:install
If you are running Rails 4.1+ you must add a
secret_pepper to your
config/secrets.yml file after generating a secure token with
# config/secrets.yml development: secret_key_base: "..." secret_pepper: "..." test: secret_key_base: "..." secret_pepper: "..." production: secret_key_base: ENV["SECRET_KEY_BASE"] secret_pepper: ENV["SECRET_PEPPER"]
If you are running a previous version of Rails, then you should edit
config/initializers/janus.rb to use an environment variable instead of the generated token.
Then create your first authenticatable resource, let's say
$ rails generate janus:resource user
You may notice that Janus also generates all the controllers and views. This is because you will eventually need those to customize some behavior and having them around from the beginning is great.
You may run the routes rake task, to see what routes were added by Janus.
Helpers & Filters
- authenticate_user! - user_signed_in? - current_user
You may customize the strategies for the
janus:resource generator, like an AdminUser that may only be created and managed from the console:
$ rails generate janus:resource AdminUser session password remember
Here is the list of all the current strategies:
session— get users signed in and out (email/password combinaison)
remember— keep users signed in across sessions
registration— get users registered
confirmation— emails may be confirmed after registration
password— reset password (using an email exchanged token)
track— track current and previous user's sign in date and IP
remote— keeps users signed in different top level domains
token— get users signed in (with an unique token)
Reconfirmable when email changes.
Rememberable across top level domains.
Omniauthable (or shall we let the user do it himself?)
Providing an OAuth 1.0 service whould be cool.
Janus is distributed under the MIT-License.
Julien Portalier <[email protected]>