
Security News
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Monban is designed to be a very simple and extensible user authentication library for rails. Its goal is to give all the power to the developer instead of forcing them to make Monban work with their system.
Monban makes authentication simple:
Monban doesn't do the following:
You can read the full documentation at rubydoc
Monban was designed to work with Rails > 4.0. Add this line to your Gemfile:
gem 'monban'
Then inside of your ApplicationController add the following:
include Monban::ControllerHelpers
And you're ready to start designing your authentication system.
If you'd like a good starting point for building an app using Monban, it is suggested to use the monban generators
Monban does currently have some out-of-the-box expectations, but you can configure and change any of these:
User
create
, id
, and find_by
email
and password_digest
column on your User
If you're trying to sign up a User in a console you won't be able to call User#new or User#create because the User model does not know how to encrypt passwords. You should instead use the sign up service in order to create the user:
Monban.config.sign_up_service.new(email: "foo@example.com", password: "password").perform
Monban doesn't add validations to your user model unless you're using monban generators so it's suggested to add the following validations:
validates :email, presence: true, uniqueness: true
validates :password_digest, presence: true
In addition to that you'll want to add the following to your config/locale/en.yml
:
en:
activerecord:
attributes:
user:
password_digest: "Password"
Which will generate the error message Password can't be blank
instead of Password digest can't be blank
.
It is suggested you add something like this to your application layout:
<% if signed_in? %>
<%= link_to "Sign out", session_path, method: :delete %>
<% else %>
<%= link_to "Sign in", new_session_path %>
<%= link_to "Sign up", new_user_path %>
<% end %>
If you want to introduce a Guest object when a user is not signed in, you can override Monban's current_user
method in your ApplicationController
:
def current_user
super || Guest.new
end
In app/models/
, define a Guest
class:
class Guest
def name
"Guest"
end
end
This article on the Null Object Pattern provides a good explanation of why you might want to do this.
If you want to use I18n for the notice instructing users to sign in when they try to access an unauthorized page you can do so with the following configuration:
Monban.configure do |config|
config.sign_in_notice = -> { I18n.t("sign_in_notice") }
end
It is suggested to store this file at config/initializers/monban.rb
Monban provides the following controller methods:
sign_in(user)
sign_out
sign_up(user_params)
authenticate(user, password)
authenticate_session(session_params)
reset_password(user, password)
These helpers:
current_user
signed_in?
And this filter:
require_login
To authorize users in config/routes.rb
:
require "monban/constraints/signed_in"
require "monban/constraints/signed_out"
Blog::Application.routes.draw do
constraints Monban::Constraints::SignedIn.new do
root "dashboards#show", as: :dashboard
end
constraints Monban::Constraints::SignedOut.new do
root "landings#show"
end
end
Monban provides the following:
Monban.test_mode!
Which will change password hashing method to provide plaintext responses instead of using BCrypt. This will allow you to write factories using the password_digest field:
FactoryBot.define do
factory :user do
username 'wombat'
password_digest 'password'
end
end
A couple of convenience methods are available in your tests. In order to set this up you'll want to add the following to rails_helper.rb
or if that doesn't exist spec_helper.rb
Monban.test_mode!
RSpec.configure do |config|
config.include Monban::Test::Helpers, type: :feature
config.after :each do
Monban.test_reset!
end
end
Then you can use any of the test helpers in your scenarios
feature "A feature spec" do
scenario "that requires login" do
user = create(:user)
sign_in(user)
# do something
sign_out
# do something else
end
end
Similar to clearance's backdoor you can visit a path and sign in quickly via
user = create(:user)
visit dashboard_path(as: user)
To enable this functionality you'll want to add the following to config/environments/test.rb
:
config.middleware.insert_after Warden::Manager, Monban::BackDoor
If you'd like to find your User model by a field other than id
, insert the
middleware with a block that accepts the as
query parameter and returns an
instance of your User model:
config.middleware.insert_after Warden::Manager, Monban::BackDoor do |user_param|
User.find_by(username: user_param)
end
If you are going to write controller tests, helpers are provided for those as well:
Monban.test_mode!
RSpec.configure do |config|
config.include Monban::Test::ControllerHelpers, type: :controller
config.after :each do
Monban.test_reset!
end
end
require 'spec_helper'
describe ProtectedController do
describe "GET 'index'" do
it "returns http success when signed in" do
user = create(:user)
sign_in(user)
get 'index'
response.should be_success
end
it "redirects when not signed in" do
get 'index'
response.should be_redirect
end
end
end
If you want to sign in with username instead of email just change the configuration option
# config/initializers/monban.rb
Monban.configure do |config|
config.user_lookup_field = :username
end
If you used the monban:scaffold generator from monban generators you'll have to change the following four references to email.
You may perform a look up on a user using multiple fields by doing something like the following:
class SessionsController < ApplicationController
def create
user = authenticate_session(session_params, email_or_username: [:email, :username])
if sign_in(user)
redirect_to(root_path)
else
render :new
end
end
private
def session_params
params.require(:session).permit(:email_or_username, :password)
end
end
This will allow the user to enter either their username or email to login
Monban::Configuration has lots of options for changing how monban works. Currently the options you can change are as follows:
:email
) Field in the database to lookup a user by.:password
) Field the form submits containing the undigested password.:password_digest
) Field in the database that stores the user's digested password.'User'
) The user class.You must be signed in
) Rails flash message to set when user signs in.Monban::Services::SignIn
) Service for signing a user in.Monban::Services::SignUp
) Service for signing a user up.Monban::Services::SignOut
) Service for signing a user out.Monban::Services::Authentication
) Service for authenticated a user.Monban::Services::PasswordReset
) Service for resetting a user's password.Here are a few of the current limitations of monban:
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Unknown package
We found that monban demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
Security News
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.