Janus

Janus is an authentication engine for Ruby on Rails 3+ to painlessly handle users in your apps. It comes with everything needed, from the migrations to the controllers, plus some different strategies to keep user signed in.

Janus also tries to be somewhat compatible with Devise's API and conventions, because there was no reason to change it completely. Thought there are some differences, like controllers and views being required in your apps, and emails being sent from the controllers and never from the models.

Features

  • full auth system with strategies and hooks;

  • scoped auth for parallel authentications (like users, admin_users, etc.);

  • abstract controllers ready to use;

  • generators to have everything generated automatically;

  • use only what you need at anytime.

As for the strategies and hooks:

Getting Started

First add the janus gem to your Gemfile, then run `bundle` to install it:

gem 'janus'
gem 'bcrypt-ruby'
# gem 'scrypt'

You'll also need either the `bcrypt-ruby` or scrypt` gems, depending on which library you want to use to encrypt the passwords. Janus uses bcrypt by default, to be compatible with Devise, but you may prefer scrypt, which is stronger.

Run the janus:install generator to setup janus in your app:

$ rails generate janus:install

Then create your first authenticatable resource, let's say User:

$ rails generate janus:resource user

You may notice that Janus also generates all the controllers and views. This is because you will eventually need those to customize some behavior and having them around from the beginning is great.

You may run the routes rake task, to see what routes were added by Janus.

Helpers & Filters

- authenticate_user!
- user_signed_in?
- current_user

Strategies

You may customize the strategies for the janus:resource generator, like an AdminUser that may only be created and managed from the console:

$ rails generate janus:resource AdminUser session password remember

Here is the list of all the current strategies:

  • session — get users signed in and out (email/password combinaison)

  • remember — keep users signed in across sessions

  • registration — get users registered

  • confirmation — emails may be confirmed after registration

  • password — reset password (using an email exchanged token)

  • track — track current and previous user's sign in date and IP

  • remote — keeps users signed in different top level domains

TODO

  • Differenciate mailers per resource, by looking for User::Mailer or AdminUser::Mailer classes.

  • Reconfirmable when email changes.

  • Simple configuration to use scrypt instead of bcrypt for password encryption.

  • TokenAuthenticatable strategy.

  • Rememberable across top level domains.

  • Omniauthable (or shall we let the user do it himself?)

  • Providing an OAuth 1.0 service whould be cool.

License

Janus is distributed under the MIT-License.

Credits

Most of the API and some code like password encryption is copied from Devise: github.com/plataformatec/devise.git and Warden: github.com/hassox/warden

  • Julien Portalier <julien@portalier.com>