Let’s say you are a large organization and want to deploy a web app for your employees without making them remember a new password. Assume you don’t have anything cool like LDAP to act as a single point of authentication. What do you do?
This is exactly what I did recently for a organization that wanted their thousands of people to be able to use an application I wrote for them, but didn’t want to bother with a new authentication system.
I whipped up a simple Rails plugin to authenticate against their IMAP server. Anyone in the organization can login, and a user in my app is created the first time they successfully do. We now have it running on three apps in the organization.
Install the plugin as an SVN external:
or the “regular” way:
The plugin expects a Rails Model with a
username column. Then put the simple declaration in and specify your host:
is a true/false setting which changes whether the included < code >authenticate() method calls < code >find_by_username() or < code >find_or_create_by_username()
is for when your IMAP server (mail.example.com) is not what is in your email addresses (firstname.lastname@example.org).
is a true/false setting which changes whether to strip or append the
:default_domain to/from each username.
While this plugin takes care of the actual authentication, it doesn’t provide any interfaces for your users. I’ve been using it with Rick Olson’s restful_authentication plugin. You do have to rip some code out and substitute ‘username’ for ‘login’ in a few places (my personal preference).
Any questions? Suggestions? If you find this useful, drop me a line!
John Nunemaker — February 07, 2007
Vincent Palmer — February 08, 2007
Your “regular” way still includes the -x btw
Arash — February 17, 2007
Installed it, but now am getting an error “`const_missing’: uninitialized constant Net::IMAP::SSL (NameError)” when I try to script/server
Daniel Morrison — February 19, 2007
@arash: Are you trying to use it with SSL? The code doesn’t currently support this (it should, check back tomorrow, and I’ll package something up).
As for your error, it could be from OpenSSL not being installed. If you email me the error, I’d be glad to help you out (change the first dot to an @ in my URL).
@vincent: Thanks, I’ve made the change.
Ron Sweeney — February 21, 2007
Fantastic Idea! Can’t wait to give this a shot…
Paul Groves — February 07, 2008
Daniel Morrison — February 08, 2008
Paul: Glad you like! Thanks for the comment.
Josh Merchant — April 18, 2008
Awesome idea. Great for pitching enterprise rails apps.
Added it to my project… however experienced some problems.
I don’t know how your particular IMAP server responded to your request, however using a standard email one caused some issues. Even though the login credentials were right, it still seemed to return false.
Wasn’t a big deal to fix.. just thought you might be interested in the solution:
login = imap.authenticate(‘LOGIN’, username, password)
if login[:name] == ‘OK’
Works like a charm :-)