Comments on: 5 Minute Beta Authentication in Rails

By: Micah

Micah — Thu, 26 Feb 2009 03:15:49 +0000

I started following this tutorial today for a new site I’m spinning up. Then, I looked at the comments and saw my smug face from 2 years ago explaining how you should think before shutting out your visitors.

Ah, the innocence of youth…

By: Ilya Radchenko

Ilya Radchenko — Sat, 06 Dec 2008 21:07:53 +0000

I have had a lousy time with restful_authenticated, for some reason I think sessions aren’t working for me. Im either just gona go with a_a_a, or authlogic which looks really good. Looks like the author took the same clean approach that we rubiers love. And we’ll documented. Can’t wait to dig in!

By: Ilya Grigorik

Ilya Grigorik — Sun, 30 Mar 2008 01:39:15 +0000

Cedric, are you volunteering? ;)

By: Cédric DELTHEIL

Cédric DELTHEIL — Tue, 25 Mar 2008 12:36:36 +0000

Thank you guys!

I used this hack with Ilya’s recipe in a customized version of restful_authentication. Wouldn’t it be great to package this stuff in a plugin?!

By: Ilya Grigorik

Ilya Grigorik — Tue, 18 Mar 2008 12:34:25 +0000

Go Cedric, go!

By: BM5k

BM5k — Mon, 17 Mar 2008 09:38:30 +0000

It’s been quite a while, but I wanted to say thanks for this example! I’m using a modified version of Cédric’s code in my project It’s a LOT cleaner and easier than what I was trying to do.

By: Ilya Grigorik

Ilya Grigorik — Thu, 27 Dec 2007 05:01:42 +0000

Cedric, clever stuff and nice pattern! I can think of a few spots where I can refactor my code to take advantage of this approach. :)

By: Cédric DELTHEIL

Cédric DELTHEIL — Fri, 14 Dec 2007 20:42:13 +0000

Hi Ilya. In the approach I described you don’t have to add any additional column since I make use of a virtual attribute on User class (exactly as acts_as_authenticated does with the unencrypted password).

It takes 5 lines of code including the validators:

class User < ActiveRecord::Base # Virtual attribute attr_accessor :beta_key


  validates_presence_of :beta_key, :if => Proc.new { |user| user.new_record? }, :message => “Please type in your beta key”

  validates_each :beta_key, :if => Proc.new { |user| user.new_record? }, :allow_nil => true do |record, attr, value|

    record.errors.add attr, “Invalid key” unless value == BetaKey.generate(record.email)

  end

# … end

Finally it’s quite simple and efficient!

By: Ilya Grigorik

Ilya Grigorik — Fri, 14 Dec 2007 16:25:06 +0000

Cedric, that could certainly work. The only reason I decided against such an approach was due to additional maintenance of the database schemas once you remove the ‘beta’. I didn’t want to store an additional column of data in DB.. Having said that, you can define validations that don’t have to query a database, so you can still your approach as you described it.

By: Cédric DELTHEIL

Cédric DELTHEIL — Tue, 11 Dec 2007 22:53:31 +0000

Hello Ilya. Very helpful article!

Here’s a suggestion. Let’s suppose you have a User model to hold the account information (not very original, isn’t it ?!).

Guarding the sign-up could be viewed as adding validations to User.

So what about creating a beta_key virtual attribute for User (attr_accessor :beta_key) ? This allows to easily implement validators (presence and verification), use the form_for helper with a text field for key and take benefit of the various error message helpers when the validation fails.

I tried this on my own and it works pretty well.