Janus

Janus is an authentication engine for Ruby on Rails 3+ to painlessly handle users in your apps. It comes with everything needed, from the migrations to the controllers, plus some different strategies to keep user signed in.

Janus also tries to be somewhat compatible with Devise’s API and conventions, because there was no reason to change it completely. Thought there are some differences, like controllers and views being required in your apps, and emails being sent from the controllers and never from the models.

Features

• full auth system with strategies and hooks;

• scoped auth for parallel authentications (like users, admin_users, etc.);

• abstract controllers and mailer ready to use;

• generators to have everything generated automatically;

• use only what you need at anytime.

As for the strategies and hooks:

• DatabaseAuthenticatable to auth users with passwords (plus registration and password reset);

• RemoteAuthenticatable to keep users signed in across top level domains;

• TokenAuthenticatable to auth users with unique tokens;

• Confirmable to have users confirm their emails upon registration;

• Rememberable to keep users authentified;

• Trackable

Getting Started

First add the janus gem to your Gemfile, then run bundle to install it:

gem 'janus'
gem 'bcrypt'
# gem 'scrypt'

You also need either the bcrypt or scrypt gems, depending on which library you want to use to encrypt the passwords. Janus uses bcrypt by default, to be compatible with Devise, but you may prefer scrypt, which is stronger.

Run the janus:install generator to setup janus in your app:

$ rails generate janus:install

If you are running Rails 4.1+ you must add a secret_pepper to your config/secrets.yml file after generating a secure token with rake secret:

# config/secrets.yml
development:
  secret_key_base: "..."
  secret_pepper: "..."
test:
  secret_key_base: "..."
  secret_pepper: "..."
production:
  secret_key_base: ENV["SECRET_KEY_BASE"]
  secret_pepper: ENV["SECRET_PEPPER"]

If you are running a previous version of Rails, then you should edit config/initializers/janus.rb to use an environment variable instead of the generated token.

Then create your first authenticatable resource, let’s say User:

$ rails generate janus:resource user

You may notice that Janus also generates all the controllers and views. This is because you will eventually need those to customize some behavior and having them around from the beginning is great.

You may run the routes rake task, to see what routes were added by Janus.

Helpers & Filters

- authenticate_user!
- user_signed_in?
- current_user

Strategies

You may customize the strategies for the janus:resource generator, like an AdminUser that may only be created and managed from the console:

$ rails generate janus:resource AdminUser session password remember

Here is the list of all the current strategies:

• session — get users signed in and out (email/password combinaison)

• remember — keep users signed in across sessions

• registration — get users registered

• confirmation — emails may be confirmed after registration

• password — reset password (using an email exchanged token)

• track — track current and previous user’s sign in date and IP

• remote — keeps users signed in different top level domains

• token — get users signed in (with an unique token)

TODO

• Reconfirmable when email changes.

• Rememberable across top level domains.

• Omniauthable (or shall we let the user do it himself?)

• Providing an OAuth 1.0 service whould be cool.

License

Janus is distributed under the MIT-License.

Credits

Most of the API and some code like password encryption is copied from Devise: github.com/plataformatec/devise.git and Warden: github.com/hassox/warden

• Julien Portalier <julien@portalier.com>