making things better, making better things

Saturday, May 23, 2009

how I switched from acts_as_authenticated to Clearance

This week I updated the authentication system in an old Rails app from the pre-REST acts_as_authenticated plugin to thoughtbot’s shiny new Clearance gem. What follows isn’t a how-to (because really, who else is going to be making this switch?) but it might be useful for someone. May the Great Gazoogle guide them to these shores.

The first step in switching to Clearance is, well, do what Clearance tells you. Configure the gems (both Clearance and Shoulda, if you’re not using it), vendor them (don’t try to avoid this – Clearance’s Shoulda macros won’t be loaded), run the generator and the migration. Configure HOST, DO_NOT_REPLY, and a root route.

You’ll need to do some work to integrate Clearance with your app, and Clearance’s Cucumber features with yours (if you use them – otherwise you’ll have to do more work for your integration tests). If you have tests it’s mostly pretty straightforward. See the Installation and Usage pages of the wiki for details.

I removed a lot of code generated by acts_as_authenticated: AccountController and its views, most of my User model, and all associated tests. I replaced include statements in User and ApplicationController, and before_filter calls in several controllers, and changed the login and logout routes in my views.


I made my application layout use named routes (did I mention this was an old app?), because something like :controller => 'venues' will trigger an unsuccessful search for Clearance::VenuesController when used in a Clearance view (e.g., the signup form).

Clearance uses flash[:success], flash[:notice], and flash[:failure] for messages to the user. Make sure your views display these.


Clearance creates a migration that adds some columns and indexes. I added this, to preserve my users’ old passwords:

    User.update_all('encrypted_password = crypted_password, email_confirmed = true')

(If you’re moving from an authentication system that already does email confirmation, you’ll want to be more clever here.) I also made the “down” migration remove the indexes that the “up” migration adds, because I had to redo the migration a few times to get the details right.


To test signout, Clearance uses a Cucumber step definition that simulates an HTTP DELETE method via Webrat, using Rails’s “POST with a method parameter” hack. Unfortunately this will trigger Rails’s cross-site forgery protection (CSRP). Add this to config/environments/test.rb:

config.action_controller.allow_forgery_protection = false

Acts_as_authenticated came with test helpers for testing features with logged-in and logged-out users. Clearance comes with Shoulda macros for the same purpose. I didn’t want to have to rewrite all my old tests, so I added a few glue methods to ActiveSupport::TestCase:

  def login_as(symbol)
    @current_user = users(symbol)
  def logout
    @current_user = :false
  def current_user

I probably should have put these in a separate module, but, um, I got lazy.

posted by erik at 3:39 pm  

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress