# OmniAuth Identity2 (fork of omniauth-identity)
The OmniAuth Identity2 gem provides a way for applications to utilize a
traditional login/password based authentication system without the need
to give up the simple authentication flow provided by OmniAuth. Identity
is designed on purpose to be as featureless as possible: it provides the
basic construct for user management and then gets out of the way.
## Note about this fork
The official `omniauth-identity` gem has gone stale. With no disrespect
to the maintainers who have generously volunteered their time and energy,
they appear to have moved on and are not responding to issues and pull
requests, or offers to add additional maintainers to the main project.
Whilst the original `omniauth-identity` still *works* per se, primiarly
because it's relatively small and simple piece of code, there are
inevitably small issues that need attending to, especially security updates
to dependencies.
Therefore, the goal of this repository is to create a new home for a modern,
yet **compatible** version of the identity strategy, where issues can be raised
and addressed, and contributions welcome.
The new name of **omniauth-identity2** is to allow for the code to be distributed
via RubyGems, whilst being familiar enough so that developers will realise
that it's an up-to-date version of the `omniauth-identity` gem.
### Compatibility with omniauth-identity
The goal is to maintain backward compatibility as closely as possible so that
developers need only change a single entry in their gemfile to
`omniauth-identity2` and existing code will work.
However, the Ruby ecosystem has evolved since 2010 when the upstream repo was
created and there instances where it may be necessary to drop support for
integrations that are no longer maintained. For example, MongoMapper integration
has been removed from this gem.
If and when new features are added they will be labelled as omniauth-identity2
specific.
## Usage
This can be a bit hard to understand the first time. Luckily, Ryan Bates made
a [Railscast](http://railscasts.com/episodes/304-omniauth-identity) about it!
You use `omniauth-identity2` just like you would any other OmniAuth provider: as a
Rack middleware. The basic setup for a email/password authentication would
look something like this:
```ruby
use OmniAuth::Builder do
provider :identity, :fields => [:email]
end
```
Next, you need to create a model (called `Identity by default`) that will be
able to persist the information provided by the user. Luckily for you, there
are pre-built models for popular ORMs that make this dead simple.
**Note:** OmniAuth Identity is different from many other user authentication
systems in that it is *not* built to store authentication information in your primary
`User` model. Instead, the `Identity` model should be **associated** with your
`User` model giving you maximum flexibility to include other authentication
strategies such as Facebook, Twitter, etc.
### ActiveRecord
Just subclass `OmniAuth::Identity::Models::ActiveRecord` and provide fields
in the database for all of the fields you are using.
```ruby
class Identity < OmniAuth::Identity::Models::ActiveRecord
# Add whatever you like!
end
```
### Mongoid
Include the `OmniAuth::Identity::Models::Mongoid` mixin and specify
fields that you will need.
```ruby
class Identity
include Mongoid::Document
include OmniAuth::Identity::Models::Mongoid
field :email, type: String
field :name, type: String
field :password_digest, type: String
end
```
### MongoMapper
Unfortunately MongoMapper is **not supported** in `omniauth-identity2` as a result of it
not being maintained for several years.
It wasn't possible to include Mongoid *and* MongoMapper due to incompatible gem version
requirements. Therefore precedence was given to Mongoid as it is significantly more
popular and actively maintained.
### DataMapper
Include the `OmniAuth::Identity::Models::DataMapper` mixin and specify
fields that you will need.
```ruby
class Identity
include DataMapper::Resource
include OmniAuth::Identity::Models::DataMapper
property :id, Serial
property :email, String
property :password_digest, Text
attr_accessor :password_confirmation
end
```
### CouchPotato
Include the `OmniAuth::Identity::Models::CouchPotatoModule` mixin and specify fields that you will need.
```ruby
class Identity
include CouchPotato::Persistence
include OmniAuth::Identity::Models::CouchPotatoModule
property :email
property :password_digest
def self.where search_hash
CouchPotato.database.view Identity.by_email(:key => search_hash)
end
view :by_email, :key => :email
end
```
Once you've got an Identity persistence model and the strategy up and
running, you can point users to `/auth/identity` and it will request
that they log in or give them the opportunity to sign up for an account.
Once they have authenticated with their identity, OmniAuth will call
through to `/auth/identity/callback` with the same kinds of information
it would had the user authenticated through an external provider.
Simple!
## Custom Auth Model
To use a class other than the default, specify the :model option to a
different class.
```ruby
use OmniAuth::Builder do
provider :identity, :fields => [:email], :model => MyCustomClass
end
```
## Customizing Registration Failure
To use your own custom registration form, create a form that POSTs to
'/auth/identity/register' with 'password', 'password_confirmation', and your
other fields.
```erb
<%= form_tag '/auth/identity/register' do |f| %>
Create an Account
<%= text_field_tag :email %>
<%= password_field_tag :password %>
<%= password_field_tag :password_confirmation %>
<%= submit_tag %>
<% end %>
```
Beware not to nest your form parameters within a namespace. This strategy
looks for the form parameters at the top level of the post params. If you are
using [simple\_form](https://github.com/plataformatec/simple_form), then you
can avoid the params nesting by specifying :input_html.
```erb
<%= simple_form_for @identity, :url => '/auth/identity/register' do |f| %>
Create an Account
<%# specify :input_html to avoid params nesting %>
<%= f.input :email, :input_html => {:name => 'email'} %>
<%= f.input :password, :as => 'password', :input_html => {:name => 'password'} %>
<%= f.input :password_confirmation, :label => "Confirm Password", :as => 'password', :input_html => {:name => 'password_confirmation'} %>
<% end %>
```
Next you'll need to let OmniAuth know what action to call when a registration
fails. In your OmniAuth configuration, specify any valid rack endpoint in the
:on_failed_registration option.
```ruby
use OmniAuth::Builder do
provider :identity,
:fields => [:email],
:on_failed_registration => UsersController.action(:new)
end
```
For more information on rack endpoints, check out [this
introduction](http://library.edgecase.com/Rails/2011/01/04/rails-routing-and-rack-endpoints.html)
and
[ActionController::Metal](http://rubydoc.info/docs/rails/ActionController/Metal)
## Customizing Locate Conditions
You can customize the way that matching records are found when authenticating.
For example, for a site with multiple domains, you may wish to scope the search
within a particular subdomain. To do so, add :locate_conditions to your config.
The default value is:
```ruby
:locate_conditions => lambda { |req| { model.auth_key => req['auth_key']} }
```
locate_conditions takes a Proc object, and must return a hash. The resulting hash is used
as a parameter in the locate method for your ORM. The proc is evaluated in the
callback context, and has access to the Identity model (using `model`) and receives the request
object as a parameter. Note that model.auth_key defaults to 'email', but is also configurable.
Note: Be careful when customizing locate_conditions. The best way to modify the conditions is
to copy the default value, and then add to the hash. Removing the default condition will almost
always break things!
## License
MIT License. See LICENSE for details.
## Copyright
Copyright (c) 2020- Andrew Roberts, and Jellybooks Ltd.
Copyright (c) 2010-2015 Michael Bleigh, and Intridea, Inc.