Skip to content

Rails 6 Shared Authentication with Devise and Devise-JWT (Vanila Web Page AND RestAPI)

License

Notifications You must be signed in to change notification settings

balamuruganky/shared_authentication_devise_and_jwt

Repository files navigation

Goal

  • Web application shall create a shared authentication platform with Devise for both API and non-API usage.
  • Web application shall handle 4 type of users.
    • Guest user (No login required)
    • Clients (Login required and allowed to deal with some models)
    • Supervisior (Login required and allowed to view, export all the records. No create and delete is allowed)
    • Super admin (Full control including record deletion through rails-admin dashboard)
  • Super admin shall create user and user can reset password or access forgot password option.

Live demo:

https://still-journey-99004.herokuapp.com/

Gems used:

Authentication

- devise
- devise-jwt
- cancancan
- rack-cors

Dashboard

- rails_admin

UI

- jquery-rails
- toastr-rails
- devise-i18n
- gravatar_image_tag
- font-awesome-sass
- bootstrap

Setup:

- Rails version : 6.0.2.2
- Ruby version  : 2.6.3
- Database	  : sqlite3

Development environment setup

- yarn install --check-files
- rake db:drop
- rake db:create
- rake db:migrate
- rake db:seed
- rake assets:precompile

Start the appilcation

rails s

Default credentials

Super Admin

- Usename  : [email protected]
- Password : default

Client

- Username : [email protected]
- Password : default

Supervisor

- Username : [email protected]
- Password : default

Setup email credential (for dev puposes only)

- EDITOR="vim --wait" rails credentials:edit --environment development

Edit the below content as per your gmail creditials. Gmail is used as SMTP gateway.

gmail:
  mail_username: [email protected]
  mail_password: your_password

Turn on Gmail "Less secure app access" to use Gmail as gateway. For more details, please go through this (https://support.google.com/cloudidentity/answer/6260879?hl=en). Please note, "Your account is vulnerable because you allow apps and devices that use less secure sign-in technology to access your account." (Copied from Google).

Testing:

To open the website : http://127.0.0.1:3000

API test using CuRL

Sign in
-------
curl -X POST -v -H 'Content-Type: application/json' https://still-journey-99004.herokuapp.com/api/auth/sign_in -d '{"user" : {"email": "[email protected]", "password": "default" }}'

Access Customers.json
----------------------
curl -X GET -v -H 'Content-Type: application/json' -H 'Authorization: Bearer <Token returned from sign_in api>' https://still-journey-99004.herokuapp.com/api/v1/customers

Sign out
--------
curl -X DELETE -v -H 'Content-Type: application/json' https://still-journey-99004.herokuapp.com/api/auth/sign_out -d '{"authenticity_token" : "<Token returned from sign_in api>" }'

Note : Replace the token returned from 'api/auth/sign_in' to <Token returned from sign_in api>

API test using AJAX

  Sign in
  -------
  $.ajax({
    type: "POST",
    dataType: "json",
    url: "http://127.0.0.1:3000/api/auth/sign_in",
    data: {
      user: {
        email: "[email protected]",
        password: "default"
      }
    },
    success: function(data, textStatus, request) {
      localStorage.token = data.token;
      console.log('Got a token from the server! Token: ' + data.resource.email + " " + localStorage.token);
    },
    error: function() {
      alert("Login Failed");
    }
  });

  Access Customers.json
  ---------------------

  $.ajax({
    type: 'GET',
    url: 'http://127.0.0.1:3000/api/v1/customers',
    beforeSend: function(xhr) {
      if (localStorage.token) {
        xhr.setRequestHeader('Authorization', 'Bearer ' + localStorage.token);
      }
    },
    success: function(data) {
      console.log('Hello ' + JSON.stringify(data) + '! You have successfully accessed to /api/v1/customers.');
    },
    error: function() {
      alert("Sorry, you are not logged in.");
    }
  });

  Sign out
  --------

  $.post(
      "http://127.0.0.1:3000/api/auth/sign_out",
      {
          'authenticity_token': localStorage.token,
          '_method': 'DELETE'
      }
  ).done(function(data) {
      localStorage.clear();
      console.log('sign_out status : ' + data.status);
  }).fail(function() {
      alert("Logout Failed");
  });

Please use the html file, available in "misc_test" folder for AJAX based API test.

TODOs:

*) Dockerize the application for development environment
*) Dockerize the production application with heroku support

About

Rails 6 Shared Authentication with Devise and Devise-JWT (Vanila Web Page AND RestAPI)

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published