Getting started with Sorcery  

10 May 2012
William Notowidagdo Kiranatama Staff
Knowledge
rails

Sorcery is an autentication library for Rails 3. Compared to other library in the same category, Sorcery does not generates code for your MVC. And that is the first thing that make me want to try this lib.

Installation

Add Sorcery to your Gemfile

gem 'sorcery'

and run

$ bundle install

Then generate the core migration, initializer file, and the 'User' model

$ rails generate sorcery:install
rake db:migrate

User sign-up

Now let's 'continue to create User sign-up feature.

The users_controller file

class UsersController < ApplicationController
  def new
    @user = User.new
  end

  def create
    @user = User.new(params[:user])
    if @user.save
      redirect_to posts_url, :notice => "Signed up!"
    else
      render :new
    end
  end
end

The model

class User < ActiveRecord::Base
  authenticates_with_sorcery!

  attr_accessible :username, :email, :password, :password_confirmation

  validates_confirmation_of :password
  validates_presence_of :password, :on => :create
  validates_presence_of :username
  validates_uniqueness_of :username
end

Add this in your routes.rb

get 'signup' => 'users#new', :as => 'signup'

Don't forget to create the view file. Run the server, fire up your browser and go to '/signup' and you will be presented a login form.

Sign-in and out

Start with the Sessions controller

class SessionsController < ApplicationController
  def create
    user = login(params[:username], params[:password])
    if user
      redirect_back_or_to posts_url, :notice => "Logged in!"
    else
      flash.now.alert = "Email or password was invalid"
      render :new
    end
  end

  def destroy
    logout
    redirect_to posts_url, :notice => "Logged out!"
  end
end

On 'create' we call login method to authenticates by sending username and password. The login method is one of the many Sorcery library method you could use right away from your controller.

Continue to create the sign-in form then add this to your routes.rb

get 'signin' => 'sessions#new', :as => 'signin'
get 'signout' => 'sessions#destroy', :as => 'signout'

Now add this code to your application_controller

before_filter :require_login

protected

def not_authenticated
  redirect_to login_url, :alert => "Please login first."
end

You just added code that will block any unauthenticated user to any path, meaning that if your try to visit the Sign-in or Sign-up form, you shall be denied.

The only method in sessions_controller that need to be protected from unauthenticated user is the destroy method.

class SessionsController < ApplicationController
  skip_before_filter :require_login, :except => [:destroy]
...

We also need to skip the require_login on Sign-in and Sign-up process otherwise nobody could sign-in or sign-up, add this to users_controller file.

class UsersController < ApplicationController
  skip_before_filter :require_login
...

From the application_controller code, you might notice the not_authenticated method. It is there to configure where the unauthenticated user should be redirected whenever they tried to access protected path.

Done!

You know how to use Devise and Authlogic, now you can add Sorcery to your authencation stacks. A simple, clean authentication method which support many authetication feature and also external authentication provider such as Twitter or Facebook.