Created: 2008-06-04 22:27
Updated: 2017-05-11 05:50
License: mit



A rails gem/plugin that handles authentication


gem install shuber-authentication --source
script/plugin install git://



Simply call uses_authentication in your model like so:

class User < ActiveRecord::Base
  # Accepts an optional hash of options
  #   :login_field - The field to use for logins (e.g. username or email) (defaults to :email)
  #   :password_field - (defaults to :password)
  #   :hashed_password_field - (defaults to :hashed_password)
  #   :salt_field - (defaults to :salt)
  uses_authentication :login_field => :username

A few helpful methods will now be available for your model:

# Class method that authenticates a user based on a login and password - returns a user instance or false
User.authenticate(login, password)

# Checks if the password passed to it matches the current user instance's password

# Checks if the current user instance's password has just been changed

# Resets the password - will generate a new random password if one is not specified
reset_password(new_password = nil)

# Resets the password and saves - will generate a new random password if one is not specified
reset_password!(new_password = nil)


Simply add before_filter :authentication_required for any actions that require authentication. The :model will then be searched for a record with the id found in the session[options[:session_field]. The result of that query is stored in a controller instance method called current_user. If a record could not be found, the controller's unauthenticated instance method is called which simply redirects with a flash message. You can overwrite this method to change this behavior.

class UsersController < ApplicationController
  before_filter :authentication_required, :only => [:index]

  def index
    render :text =>

A few helpful instance methods are available for your controller:

# Returns the current user or nil if a user is not logged in

# Checks if the current user is authenticated

# Login a user

# Logout the current user

current_user and logged_in? are also helper methods so you can use them in your views.

Controller options

Your controller has a class method called authentication_options which contains a hash with default options. You can change these like so:

class ApplicationController < ActionController::Base
  self.authentication_options.merge!{ :message => 'You are not authenticated', :redirect_to => :new_session_path }

The default controller authentication_options are:

# The type of flash message to use when authentication fails. Defaults to :error.

# The flash message to use when authentication fails. If set to false, no flash is set. Defaults to 'Login to continue'.

# The model to authenticate with. Defaults to 'User'

# The session field name to store the current_user's id. Defaults to "#{options[:model].to_s.underscore}_id".to_sym (e.g. :user_id)

# The path to redirect to if authentication fails. Accepts a string or a symbol representing an instance method to call. 
# Defaults to '/'


Problems, comments, and suggestions all welcome:

Cookies help us deliver our services. By using our services, you agree to our use of cookies Learn more