app/views/user_mailer/activation.erb app/views/user_mailer/forgot_password.erb app/views/user_mailer/reset_password.erb app/views/user_mailer/signup_notification.erb @@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you're not using the cookie session store - protect_from_forgery # :secret => 'b724d22075f44391eda9cbfdc8fc6ec0' + protect_from_forgery # See ActionController::Base for details # Uncomment this to filter the contents of submitted sensitive data parameters app/controllers/application.rb @@ -2,13 +2,14 @@ class SessionsController < ApplicationController before_filter :login_prohibited, :only => [:new, :create] before_filter :login_required, :only => [:destroy] + protect_from_forgery :only => [ :new, :destroy ] # render new.html.erb def new end - def create - logout_keeping_session! + def create + logout_keeping_session! if using_open_id? open_id_authentication(params[:openid_identifier]) else app/controllers/sessions_controller.rb @@ -2,6 +2,7 @@ class User::ActivationsController < ApplicationController before_filter :login_prohibited def activate + logout_keeping_session! begin if user = User.find_with_activation_code(params[:activation_code]) user.activate! app/controllers/user/activations_controller.rb @@ -1,20 +1,20 @@ <h1>Log In</h1> <% form_tag session_path do -%> -<label for="login">Login</label> +<%= label_tag 'login' %> <%= text_field_tag 'login', @login %> -<label for="password">Password</label> +<%= label_tag 'password' %> <%= password_field_tag 'password', nil %> <%= link_to 'Forgot Password?', forgot_password_path %> Or use OpenID: -<label for="openid_identifier">OpenID:</label> +<%= label_tag 'openid_indentifier', 'OpenID' %> <%= text_field_tag "openid_identifier", @openid_identifier %> Stay logged in on this computer: -<label for="remember_me">Remember me:</label> +<%= label_tag 'remember_me', 'Remember me' %> <%= check_box_tag 'remember_me', '1', @remember_me %> <%= submit_tag 'Log in', :disable_with => "Signing in…" %> app/views/sessions/new.html.erb @@ -8,7 +8,8 @@ ActionController::Routing::Routes.draw do |map| map.forgot_password '/forgot_password', :controller => 'user/passwords', :action => 'new' map.reset_password '/reset_password/:id', :controller => 'user/passwords', :action => 'edit', :id => nil map.resend_activation '/resend_activation', :controller => 'user/activations', :action => 'edit' - + + map.namespace :admin do |admin| admin.resources :users, :member => { :enable => :put } do |users| users.resources :roles config/routes.rb @@ -31,7 +31,7 @@ module AuthenticatedSystem # current_user.login != "bob" # end # - def authorized?(action=nil, resource=nil, *args) + def authorized?(action = action_name, resource = nil) logged_in? && current_user.enabled? end @@ -76,8 +76,9 @@ module AuthenticatedSystem redirect_to new_session_path end # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987 - # you may want to change format.any to e.g. format.any(:js, :xml) - format.any do + # Add any other API formats here. Some browsers send Accept: */* and + # trigger the 'format.any' block incorrectly. + format.any(:json, :xml) do request_http_basic_authentication 'Web Password' end end @@ -172,7 +173,7 @@ module AuthenticatedSystem end # Refresh the cookie auth token if it exists, create it otherwise - def handle_remember_cookie! new_cookie_flag + def handle_remember_cookie!(new_cookie_flag) return unless @current_user case when valid_remember_cookie? then @current_user.refresh_token # keeping same expiry date lib/authenticated_system.rb @@ -16,18 +16,22 @@ module Authentication recipient.class_eval do include ModelInstanceMethods - validates_presence_of :login - validates_length_of :login, :within => 3..40 - validates_uniqueness_of :login, :case_sensitive => false - validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD - - validates_format_of :name, :with => RE_NAME_OK, :message => MSG_NAME_BAD, :allow_nil => true - validates_length_of :name, :maximum => 100 - - validates_presence_of :email - validates_length_of :email, :within => 6..100 #r@a.wk - validates_uniqueness_of :email, :case_sensitive => false - validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD + validates_presence_of :login + validates_length_of :login, :within => 3..40 + validates_uniqueness_of :login + validates_format_of :login, :with => Authentication.login_regex, + :message => Authentication.bad_login_message + + validates_format_of :name, :with => Authentication.name_regex, + :message => Authentication.bad_name_message, + :allow_nil => true + validates_length_of :name, :maximum => 100 + + validates_presence_of :email + validates_length_of :email, :within => 6..100 #r@a.wk + validates_uniqueness_of :email + validates_format_of :email, :with => Authentication.email_regex, + :message => Authentication.bad_email_message before_create :make_activation_code @@ -48,8 +52,8 @@ module Authentication # This will also let us return a human error message. # def authenticate(login, password) + return nil if login.blank? || password.blank? u = find :first, :conditions => ['login = ?', login] # need to get the salt - #u && u.authenticated?(password) ? u : nil return nil unless (u && u.authenticated?(password)) raise NotActivated unless u.active? raise NotEnabled unless u.enabled? @@ -104,6 +108,14 @@ module Authentication # module ModelInstanceMethods + def login=(value) + write_attribute :login, (value ? value.downcase : nil) + end + + def email=(value) + write_attribute :email, (value ? value.downcase : nil) + end + def has_role?(role_in_question) @_list ||= self.roles.collect(&:name) #Users with role "admin" can access any role protected resource @@ -122,11 +134,11 @@ module Authentication # Activates the user in the database. def activate! + @activated = true self.activated_at = Time.now.utc #Leave activation code in place to determine if already activated. #self.activation_code = nil save(false) - @activated = true end def recently_activated? @@ -134,6 +146,7 @@ module Authentication end def active? + # If the activated_at date has not been set the user is not active !activated_at.blank? end lib/authentication/user_abstraction.rb @@ -4,6 +4,7 @@ require File.dirname(__FILE__) + '/../spec_helper' # Then, you can remove it from this and the units test. include AuthenticatedTestHelper include AuthenticatedSystem +def action_name() end describe SessionsController do fixtures :users spec/controllers/authenticated_system_spec.rb @@ -42,8 +42,8 @@ describe SessionsController do end end it "kills existing login" do controller.should_receive(:logout_keeping_session!); do_create; end - it "authorizes me" do do_create; controller.authorized?().should be_true; end - it "logs me in" do do_create; controller.logged_in?().should be_true end + it "authorizes me" do do_create; controller.send(:authorized?).should be_true; end + it "logs me in" do do_create; controller.send(:logged_in?).should be_true end it "greets me nicely" do do_create; response.flash[:notice].should =~ /success/i end it "sets/resets/expires cookie" do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end it "sends a cookie" do controller.should_receive(:send_remember_cookie!); do_create end @@ -78,7 +78,7 @@ describe SessionsController do it 'logs out keeping session' do controller.should_receive(:logout_keeping_session!); do_create end it 'flashes an error' do do_create; flash[:error].should =~ /Couldn't log you in as 'quentin'/ end it 'renders the log in page' do do_create; response.should render_template('new') end - it "doesn't log me in" do do_create; controller.logged_in?().should == false end + it "doesn't log me in" do do_create; controller.send(:logged_in?).should == false end it "doesn't send password back" do @login_params[:password] = 'FROBNOZZ' do_create spec/controllers/sessions_controller_spec.rb @@ -4,7 +4,7 @@ quentin: login: quentin email: quentin@example.com salt: 356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0') - crypted_password: 57a27c74aad787c7cef19eef407d2fee8f116669 # 'monkey' + crypted_password: df42adbd0b4f7d31af495bcd170d4496686aecb1 # 'monkey' created_at: <%= 5.days.ago.to_s :db %> remember_token_expires_at: <%= 1.days.from_now.to_s %> remember_token: 77de68daecd823babbb58edb1c8e14d7106e83bb @@ -16,7 +16,7 @@ aaron: login: aaron email: aaron@example.com salt: da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1') - crypted_password: b65b8a6408f61d3d4228687bec5e91a69fc022e8 # 'monkey' + crypted_password: 5326a08cf4f5618c9e9fb059f949e58671f74b29 # 'monkey' created_at: <%= 1.days.ago.to_s :db %> remember_token_expires_at: remember_token: spec/fixtures/users.yml @@ -1,4 +1,4 @@ -# -*- coding: mule-utf-8 -*- +# -*- coding: utf-8 -*- require File.dirname(__FILE__) + '/../spec_helper' # Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead. @@ -16,7 +16,7 @@ describe User do violated "#{@user.errors.full_messages.to_sentence}" if @user.new_record? end end - + it 'increments User#count' do @creating_user.should change(User, :count).by(1) end @@ -28,10 +28,10 @@ describe User do end end - # + # # Validations # - + it 'requires login' do lambda do u = create_user(:login => nil) @@ -40,7 +40,7 @@ describe User do end describe 'allows legitimate logins:' do - ['123', '1234567890_234567890_234567890_234567890', + ['123', '1234567890_234567890_234567890_234567890', 'hello.-_there@funnychar.com'].each do |login_str| it "'#{login_str}'" do lambda do @@ -52,7 +52,7 @@ describe User do end describe 'disallows illegitimate logins:' do ['12', '1234567890_234567890_234567890_234567890_', "tab\t", "newline\n", - "Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet", + "Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet", 'semicolon;', 'quote"', 'tick\'', 'backtick`', 'percent%', 'plus+', 'space '].each do |login_str| it "'#{login_str}'" do lambda do @@ -88,7 +88,7 @@ describe User do ['foo@bar.com', 'foo@newskool-tld.museum', 'foo@twoletter-tld.de', 'foo@nonexistant-tld.qq', 'r@a.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail.com', 'hello.-_there@funnychar.com', 'uucp%addr@gmail.com', 'hello+routing-str@gmail.com', - 'domain@can.haz.many.sub.doma.in', + 'domain@can.haz.many.sub.doma.in', 'student.name@university.edu' ].each do |email_str| it "'#{email_str}'" do lambda do @@ -115,7 +115,7 @@ describe User do end describe 'allows legitimate names:' do - ['Andre The Giant (7\'4", 520 lb.) -- has a posse', + ['Andre The Giant (7\'4", 520 lb.) -- has a posse', '', '1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890', ].each do |name_str| it "'#{name_str}'" do @@ -157,11 +157,11 @@ describe User do User.authenticate('quentin', 'monkey').should == users(:quentin) end - it "doesn't authenticates user with bad password" do - User.authenticate('quentin', 'monkey').should == users(:quentin) + it "doesn't authenticate user with bad password" do + User.authenticate('quentin', 'invalid_password').should be_nil end - if REST_AUTH_SITE_KEY.blank? + if REST_AUTH_SITE_KEY.blank? # old-school passwords it "authenticates a user against a hard-coded old-style password" do User.authenticate('old_password_holder', 'test').should == users(:old_password_holder) spec/models/user_spec.rb @@ -4,7 +4,7 @@ include AuthenticatedTestHelper # Most of the below came out of code from Ben Mabey # http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/ -# These allow exceptions to come through as opposed to being caught and hvaing non-helpful responses returned. +# These allow exceptions to come through as opposed to being caught and having non-helpful responses returned. ActionController::Base.class_eval do def perform_action perform_action_without_rescue stories/rest_auth_stories_helper.rb @@ -1 +1 @@ -Subproject commit 2d24dae056f4d2b68c69429ed4395cdd8b02efb2 +Subproject commit 2dc76e7cb2bef0d919f587b52f13f7a95ab7e82c vendor/plugins/restful_authentication app/views/user_mailer/activation.html.erb app/views/user_mailer/forgot_password.html.erb app/views/user_mailer/reset_password.html.erb app/views/user_mailer/signup_notification.html.erb 69ea2ae4ba89756f111265d77fbf00c42feaf238 activefx activefx@yahoo.com http://github.com/activefx/restful_authentication_tutorial/commit/d13c483e43e6b528855ba48cdade03eafedf815a d13c483e43e6b528855ba48cdade03eafedf815a

2008-09-03T15:10:37-07:00

updated restful authentication plugin 6921bfabf2764e44ab077774d03800f7182969e0 activefx activefx@yahoo.com