nitro-auth: Authentication and Authorization for Nitro

nitro-auth provides basic forms-based authentication and role-based authorization for applications built on the Nitro web engine. It is designed to allow easy integration with an application, including declarative authorization rules and easy application-specific rendering of auth-related pages.

nitro-auth is currently version 0.2.0 and is, as you might expect, far from feature-complete. But even so, it hopefully has enough to get you started.

Features

• Persistent Auth::User and Auth::Role objects. nitro-auth only declares the minimum fields necessary for doing authentication (fields like login, password and session_key) and lets the application extend them further.

• Auth::Controller mixin which provides authentication information and

  declarative role-based security to Nitro controllers

  require ‘nitro’ require ‘nitro/auth’

  class MyController < Nitro::Controller

  include Auth::Controller
  
  def list_details
    [...]
  end
  protect :list_details
  
  def edit_details
    [...]
  end
  required_role :edit_details, :manager
  
  def edit_user
    [...]
  end
  administrative :edit_user
  

  end

• Passwords are stored in a salted, hashed form using SHA1 hashes.

• Cookie-based login session persistence.

• Authentication controller uses Nitro templates for easy application integration.

Coming soon

• Challenge-response authentication, including JavaScript client-side challenge-response validation.

Download

See the Nitro Rubyforge Page (rubyforge.org/projects/nitro) for the latest nitro-auth package.

Documentation

(TODO: Get the rdoc up, probably at nitrohq.com/rdoc/nitro-auth) In the meantime, you can see it at www.ysabel.org/ruby/doc/nitro-auth if you’d like to browse.

Requirements

nitro-auth requires Nitro, of course. See NitroHQ (www.nitrohq.com) for current releases of Nitro.

Ruby 1.8.1 and greater

www.ruby-lang.org (Version 1.8.2 is recomended)

Installation

rubygem install (simplest, recommended):

> gem install nitro-auth

zip/tgz install

Unzip/untar and make sure the lib directory is in your path. (Use the gem, trust me, it’s easier.)

Contents

examples/

Examples of using nitro-auth. (Well, really, example right now.)

lib/

nitro-auth library source files.

test/

nitro-auth tests.

Support

The Nitro mailing list is nitro-general@rubyforge.org, and is a good place to start. You can subscribe and/or browse archives at rubyforge.org/mailman/listinfo/nitro-general

You may also drop the author an email at deb@ysabel.org.

TBD: Bug/feature request tracking

License

Copyright © 2005, Deborah ‘Ysabel’ Hooker

nitro-auth is copyrighted free software released under the BSD license. For details consult the LICENSE file.