Ember authentication with multiple devise models


#1

Hi Guys,

I would like to create an ember app with a rails backend and 2 “user” models. I will use devise. Right now I am trying out ember-simple-auth but it seems that it supports only 1 devise model, but please correct me if I am wrong.

Is there any other way, best practice to authenticate where I can use 2 “user” models?

Best Wishes, Matt


#2

I recently implemented my own auth system in Ember, after trying out Ember-Simple-Auth with Devise.

I found it much, much simpler to roll my own, and it was a great learning experience, despite the fact that my first iteration was INCREDIBLY clunky.

The argument for this is pretty simple, with Ember constantly improving, and authentication schemes being what they are, you can’t expect a perfect out-of-the-box solution to exist anytime soon.

I used Michael Hartl’s superb Rails Tutorial book (https://www.railstutorial.org/book) to build the authentication / authorization back-end (he builds it piece by piece WITH TESTS in the book), then pieced together what was needed on the ember-side to complete the setup.

I’ll write a brief break down of what needs to be done (someone else please supplement):

BACKEND:

  • A model (or models) for a user needs to contain a secret string, and a hashed password string for authentication
  • A login endpoint should exist in your API that takes a password and username in a POST request and returns the secret key
  • A logged in helper function should be written that checks a request’s headers for a secret key, if the function returns true then the User is logged in and can be found by querying users for a user with that key

FRONTEND:

  • A login action should exist (I put it in the application controller) that makes an ajax post to the login endpoint with a username and password. It then handles successful requests by creating a new User record and calling $.ajaxSetup to add an Auth_key header.
  • You can then authenticate routes by checking for a User record, if it exists the user is logged in and can be transitioned to the route, if not he/she should be redirected to a login page (or handled some other way)

REMEMBER_ME feature:

  • If you want users to be remembered you need to persist the secret_key between sessions. You can do this with cookies or with a model that uses the localstorage adapter (or call local storage outside of the ember store)
  • I then added a before model route to my application route to check for that record, if it existed it called $.setupAjax() if not it just continued as usual

Let me know if anything is unclear and keep in mind this isn’t the best way to do it, however I’ve found it to be a solid start.


#3

Another option besides making a login action on the application controller or route is to actually initialize the user with an application initializer.

When the user logs in, I store the auth token in local storage (can also be saved in a cookie). I have one app initializer which checks if that cookie/key exists, and if so, it does the $.setupAjax.

I have another app initializer, which is set to run after the one above, which defers readiness, and then calls an API end point to get more information about the user, and populates the current user for the application. Once that promise is resolved, I advance readiness. If the token is bad, or expired, I remove from cookie/key and redirect to login.

You can read more about initializers at Ember.Zone, which has a similar example in their article on application initializers.


#4

Hey @bjones2,

I’m building out an Ember CLI app that connects to a rails API, with 2 user types. Is there any way I can pick your brain about your particular solution?

Thanks


#5

My apologies for taking so long to respond to your post, if you still need any help feel free to shoot me an email. I’m actually redoing that particular auth system with a different back-end right now, so I’m pretty sharp on the topic.