@@ -52,16 +52,9 @@ h3. authenticated_system * added uniform logout! methods * format.any (as found in access_denied) doesn't work until http://dev.rubyonrails.org/changeset/8987 lands. -* cookies are now refreshed each time we cross the logged out/in barrier - http://www.owasp.org/index.php/Session_Management#Regeneration_of_Session_Tokens - http://palisade.plynt.com/issues/2004Jul/safe-auth-practices/ - -* !!!! Possibly stupid !!! - Made current_user and logged_in? be public methods. I did this for the worst - possible reason -- so that I could write story steps that call it directly. - However, they're already globally public methods in principle through their - exposure as helper methods. But if there's a less kludgy fix please educate - me. +* cookies are now refreshed each time we cross the logged out/in barrier, as + "best":http://palisade.plynt.com/issues/2004Jul/safe-auth-practices/ + "practice":http://www.owasp.org/index.php/Session_Management#Regeneration_of_Session_Tokens h3. Other CHANGELOG @@ -52,12 +52,14 @@ authentication code. The flexible code for resource testing in stories was extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/ h3. Modularize to match security design patterns: + * Authentication (currently: password, browser cookie token, HTTP basic) * Trust metric (email validation) * Authorization (stateful roles) * Leave a flexible framework that will play nicely with other access control / policy definition / trust metric plugins h3. Other + * Added a few helper methods for linking to user pages * Uniform handling of logout, remember_token * Stricter email, login field validation README 5a4e2b66c610d1a1ecba01991f3680a02e781c74 Philip (flip) Kromer flip@infochimps.org http://github.com/technoweenie/restful-authentication/commit/875781d5b4ee55120753d3a04044d8039486899e 875781d5b4ee55120753d3a04044d8039486899e 2008-05-20T02:09:00-07:00 2008-05-20T02:09:00-07:00 Fixed the 'made some methods public' kludge 6230ba4f6cddb43a36e757dad025aa97264d827d Philip (flip) Kromer flip@infochimps.org