Comments on: 5 Minute Beta Authentication in Rails

By: Ilya Grigorik

Ilya Grigorik — Sun, 30 Mar 2008 01:39:15 +0000

Cedric, are you volunteering? ;)

By: Cédric DELTHEIL

Cédric DELTHEIL — Tue, 25 Mar 2008 12:36:36 +0000

Thank you guys!

I used this hack with Ilya’s recipe in a customized version of restful_authentication. Wouldn’t it be great to package this stuff in a plugin?!

By: Ilya Grigorik

Ilya Grigorik — Tue, 18 Mar 2008 12:34:25 +0000

Go Cedric, go!

By: BM5k

BM5k — Mon, 17 Mar 2008 09:38:30 +0000

It’s been quite a while, but I wanted to say thanks for this example! I’m using a modified version of Cédric’s code in my project It’s a LOT cleaner and easier than what I was trying to do.

By: Ilya Grigorik

Ilya Grigorik — Thu, 27 Dec 2007 05:01:42 +0000

Cedric, clever stuff and nice pattern! I can think of a few spots where I can refactor my code to take advantage of this approach. :)

By: Cédric DELTHEIL

Cédric DELTHEIL — Fri, 14 Dec 2007 20:42:13 +0000

Hi Ilya. In the approach I described you don’t have to add any additional column since I make use of a virtual attribute on User class (exactly as acts_as_authenticated does with the unencrypted password).

It takes 5 lines of code including the validators:

class User < ActiveRecord::Base # Virtual attribute attr_accessor :beta_key


  validates_presence_of :beta_key, :if => Proc.new { |user| user.new_record? }, :message => “Please type in your beta key”

  validates_each :beta_key, :if => Proc.new { |user| user.new_record? }, :allow_nil => true do |record, attr, value|

    record.errors.add attr, “Invalid key” unless value == BetaKey.generate(record.email)

  end

# … end

Finally it’s quite simple and efficient!

By: Ilya Grigorik

Ilya Grigorik — Fri, 14 Dec 2007 16:25:06 +0000

Cedric, that could certainly work. The only reason I decided against such an approach was due to additional maintenance of the database schemas once you remove the ‘beta’. I didn’t want to store an additional column of data in DB.. Having said that, you can define validations that don’t have to query a database, so you can still your approach as you described it.

By: Cédric DELTHEIL

Cédric DELTHEIL — Tue, 11 Dec 2007 22:53:31 +0000

Hello Ilya. Very helpful article!

Here’s a suggestion. Let’s suppose you have a User model to hold the account information (not very original, isn’t it ?!).

Guarding the sign-up could be viewed as adding validations to User.

So what about creating a beta_key virtual attribute for User (attr_accessor :beta_key) ? This allows to easily implement validators (presence and verification), use the form_for helper with a text field for key and take benefit of the various error message helpers when the validation fails.

I tried this on my own and it works pretty well.

By: Ilya Grigorik

Ilya Grigorik — Tue, 13 Nov 2007 07:39:01 +0000

Tom, my code was extracted from a live application, so most of it should work as is. Having said that, every app. is different, hence it would probably still require some additional glue to make everything work.

You do need to take care of the ‘key’ field in your form. This can be done either through an explicit text-field, or a hidden one which is populated by a URL parameter.

In example above, the key should populate a hidden or an explicit form element in your page. I emailed the keys directly to our beta users as part of a link, hence the http://url/key structure. I wanted to allow quick sign-up with the help of a direct link.

By: Tom Calloway

Tom Calloway — Mon, 12 Nov 2007 03:08:22 +0000

Running Rails 1.2.5. Is this code and documentation complete and well-tested? Or does one need to read in between the lines and create additional code based on experience?

For instance, is it necessary to modify the signup.html to include a form field for ‘key’?

Until I commented out the custom handler, I was always redirected to main/welcome. I added ‘:signup, :login, :index’ to the exceptions list for the before_filter in application.rb

I have not yet been able to verify that the key generated by beta_key.rb is the same as that calculated by the signup method in account_controller. That method does not accept the keys I submit. Is params[:user][:email] correct in the beta_verify assignment in that method or should it be params[:email]? Still, neither worked for me.

Also, the output of beta_key.rb is confusing, since it suggests that the key is actually submitted via the link rather than through a form. If it’s the link, then does the path /beta/#{key} make sense, given the rest of the code?