generators/authenticated/templates/mailer.rb generators/authenticated/templates/mailer_test.rb @@ -17,7 +17,12 @@ You can pass --skip-migration to skip the user migration. From here, you will need to add the resource routes in config/routes.rb. - map.resources :users, :sessions + map.resources :users + map.resource :session + +If you're on rails 1.2.3 you may need to specify the controller name for the session singular resource: + + map.resource :session, :controller => 'sessions' Also, add an observer to config/environment.rb if you chose the --include-activation option config.active_record.observers = :user_observer # or whatever you named your model README @@ -54,7 +54,7 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase "#{controller_class_name}Helper" m.class_collisions model_controller_class_path, "#{model_controller_class_name}Controller", # Model Controller "#{model_controller_class_name}Helper" - m.class_collisions class_path, "#{class_name}", "#{class_name}Notifier", "#{class_name}NotifierTest", "#{class_name}Observer" + m.class_collisions class_path, "#{class_name}", "#{class_name}Mailer", "#{class_name}MailerTest", "#{class_name}Observer" m.class_collisions [], 'AuthenticatedSystem', 'AuthenticatedTestHelper' # Controller, helper, views, and test directories. @@ -63,7 +63,7 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase m.directory File.join('app/controllers', model_controller_class_path) m.directory File.join('app/helpers', controller_class_path) m.directory File.join('app/views', controller_class_path, controller_file_name) - m.directory File.join('app/views', class_path, "#{file_name}_notifier") + m.directory File.join('app/views', class_path, "#{file_name}_mailer") if options[:include_activation] m.directory File.join('test/functional', controller_class_path) m.directory File.join('app/controllers', model_controller_class_path) m.directory File.join('app/helpers', model_controller_class_path) @@ -77,7 +77,7 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase "#{file_name}.rb") if options[:include_activation] - %w( notifier observer ).each do |model_type| + %w( mailer observer ).each do |model_type| m.template "#{model_type}.rb", File.join('app/models', class_path, "#{file_name}_#{model_type}.rb") @@ -126,7 +126,7 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase "#{file_name}_test.rb") if options[:include_activation] - m.template 'notifier_test.rb', File.join('test/unit', class_path, "#{file_name}_notifier_test.rb") + m.template 'mailer_test.rb', File.join('test/unit', class_path, "#{file_name}_mailer_test.rb") end m.template 'fixtures.yml', @@ -141,7 +141,7 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase # Mailer templates %w( activation signup_notification ).each do |action| m.template "#{action}.rhtml", - File.join('app/views', "#{file_name}_notifier", "#{action}.rhtml") + File.join('app/views', "#{file_name}_mailer", "#{action}.rhtml") end end @@ -161,9 +161,14 @@ class AuthenticatedGenerator < Rails::Generator::NamedBase puts "Don't forget to:" puts puts " - add restful routes in config/routes.rb" - puts " map.resources :#{model_controller_file_name}, :#{controller_file_name}" - puts " map.activate '/activate/:activation_code', :controller => '#{model_controller_file_name}', :action => 'activate'" + puts " map.resources :#{model_controller_file_name}" + puts " map.resource :#{controller_singular_name.singularize}" + puts + puts " Rails 1.2.3 may need a :controller option for the singular resource:" + puts " - map.resource :#{controller_singular_name.singularize}, :controller => '#{controller_file_name}'" + puts if options[:include_activation] + puts " map.activate '/activate/:activation_code', :controller => '#{model_controller_file_name}', :action => 'activate'" puts puts " - add an observer to config/environment.rb" puts " config.active_record.observers = :#{file_name}_observer" generators/authenticated/authenticated_generator.rb @@ -6,9 +6,10 @@ module AuthenticatedSystem current_<%= file_name %> != :false end - # Accesses the current <%= file_name %> from the session. + # Accesses the current <%= file_name %> from the session. Set it to :false if login fails + # so that future calls do not hit the database. def current_<%= file_name %> - @current_<%= file_name %> ||= (session[:<%= file_name %>] && <%= class_name %>.find_by_id(session[:<%= file_name %>])) || :false + @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false) end # Store the given <%= file_name %> in the session. @@ -17,7 +18,7 @@ module AuthenticatedSystem @current_<%= file_name %> = new_<%= file_name %> end - # Check if the <%= file_name %> is authorized. + # Check if the <%= file_name %> is authorized # # Override this method in your controllers if you want to restrict access # to only a few actions or if you want to check if the <%= file_name %> @@ -26,11 +27,11 @@ module AuthenticatedSystem # Example: # # # only allow nonbobs - # def authorize? + # def authorized? # current_<%= file_name %>.login != "bob" # end def authorized? - true + logged_in? end # Filter method to enforce a login requirement. @@ -48,11 +49,9 @@ module AuthenticatedSystem # skip_before_filter :login_required # def login_required - username, passwd = get_auth_data - self.current_<%= file_name %> ||= <%= class_name %>.authenticate(username, passwd) || :false if username && passwd - logged_in? && authorized? ? true : access_denied + authorized? ? true : access_denied end - + # Redirect as appropriate when an access request fails. # # The default action is to redirect to the login screen. @@ -65,7 +64,7 @@ module AuthenticatedSystem respond_to do |accepts| accepts.html do store_location - redirect_to :controller => '<%= controller_file_name %>', :action => 'new' + redirect_to :controller => '/<%= controller_file_name %>', :action => 'login' end accepts.xml do headers["Status"] = "Unauthorized" @@ -96,16 +95,24 @@ module AuthenticatedSystem base.send :helper_method, :current_<%= file_name %>, :logged_in? end - # When called with before_filter :login_from_cookie will check for an :auth_token - # cookie and log the user back in if apropriate - def login_from_cookie - return unless cookies[:auth_token] && !logged_in? - user = <%= class_name %>.find_by_remember_token(cookies[:auth_token]) - if user && user.remember_token? - user.remember_me - self.current_<%= file_name %> = user - cookies[:auth_token] = { :value => self.current_<%= file_name %>.remember_token , :expires => self.current_<%= file_name %>.remember_token_expires_at } - flash[:notice] = "Logged in successfully" + # Called from #current_user. First attempt to login by the user id stored in the session. + def login_from_session + self.current_<%= file_name %> = <%= class_name %>.find_by_id(session[:<%= file_name %>]) if session[:<%= file_name %>] + end + + # Called from #current_user. Now, attempt to login by basic authentication information. + def login_from_basic_auth + username, passwd = get_auth_data + self.current_<%= file_name %> = <%= class_name %>.authenticate(username, passwd) if username && passwd + end + + # Called from #current_user. Finaly, attempt to login by an expiring token in the cookie. + def login_from_cookie + <%= file_name %> = cookies[:auth_token] && <%= class_name %>.find_by_remember_token(cookies[:auth_token]) + if <%= file_name %> && <%= file_name %>.remember_token? + <%= file_name %>.remember_me + cookies[:auth_token] = { :value => <%= file_name %>.remember_token, :expires => <%= file_name %>.remember_token_expires_at } + self.current_<%= file_name %> = <%= file_name %> end end generators/authenticated/templates/authenticated_system.rb @@ -7,4 +7,20 @@ module AuthenticatedTestHelper def authorize_as(user) @request.env["HTTP_AUTHORIZATION"] = user ? "Basic #{Base64.encode64("#{users(user).login}:test")}" : nil end + + # taken from edge rails / rails 2.0. Only needed on Rails 1.2.3 + def assert_difference(expressions, difference = 1, message = nil, &block) + expression_evaluations = [expressions].flatten.collect{|expression| lambda { eval(expression, block.binding) } } + + original_values = expression_evaluations.inject([]) { |memo, expression| memo << expression.call } + yield + expression_evaluations.each_with_index do |expression, i| + assert_equal original_values[i] + difference, expression.call, message + end + end + + # taken from edge rails / rails 2.0. Only needed on Rails 1.2.3 + def assert_no_difference(expressions, message = nil, &block) + assert_difference expressions, 0, message, &block + end end \ No newline at end of file generators/authenticated/templates/authenticated_test_helper.rb @@ -2,8 +2,6 @@ class <%= controller_class_name %>Controller < ApplicationController # Be sure to include AuthenticationSystem in Application Controller instead include AuthenticatedSystem - # If you want "remember me" functionality, add this before_filter to Application Controller - before_filter :login_from_cookie # render new.rhtml def new generators/authenticated/templates/controller.rb @@ -1,4 +1,4 @@ -<%% form_tag <%= controller_plural_name %>_path do -%> +<%% form_tag <%= controller_singular_name.singularize %>_path do -%> <p><label for="login">Login</label><br/> <%%= text_field_tag 'login' %></p> generators/authenticated/templates/login.rhtml @@ -12,7 +12,7 @@ class <%= class_name %> < ActiveRecord::Base validates_length_of :email, :within => 3..100 validates_uniqueness_of :login, :email, :case_sensitive => false before_save :encrypt_password - <% if options[:include_activation] %> before_create :make_activation_code <% end %> + <% if options[:include_activation] %>before_create :make_activation_code <% end %> <% if options[:include_activation] %> # Activates the user in the database. def activate @@ -22,13 +22,15 @@ class <%= class_name %> < ActiveRecord::Base end def activated? + # the existence of an activation code means they have not activated yet activation_code.nil? end # Returns true if the user has just been activated. def recently_activated? @activated - end <% end %> + end +<% end %> # Authenticates a user by their login name and unencrypted password. Returns the user or nil. def self.authenticate(login, password) u = <% if options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<% else %>find_by_login(login)<% end %> # need to get the salt @@ -85,7 +87,6 @@ class <%= class_name %> < ActiveRecord::Base def password_required? crypted_password.blank? || !password.blank? end - <% if options[:include_activation] %> def make_activation_code self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join ) generators/authenticated/templates/model.rb @@ -1,8 +1,6 @@ class <%= model_controller_class_name %>Controller < ApplicationController # Be sure to include AuthenticationSystem in Application Controller instead include AuthenticatedSystem - # If you want "remember me" functionality, add this before_filter to Application Controller - before_filter :login_from_cookie # render new.rhtml def new generators/authenticated/templates/model_controller.rb @@ -1,11 +1,11 @@ class <%= class_name %>Observer < ActiveRecord::Observer def after_create(<%= file_name %>) - <%= class_name %>Notifier.deliver_signup_notification(<%= file_name %>) + <%= class_name %>Mailer.deliver_signup_notification(<%= file_name %>) end def after_save(<%= file_name %>) <% if options[:include_activation] %> - <%= class_name %>Notifier.deliver_activation(<%= file_name %>) if <%= file_name %>.recently_activated? + <%= class_name %>Mailer.deliver_activation(<%= file_name %>) if <%= file_name %>.recently_activated? <% end %> end end generators/authenticated/templates/observer.rb generators/authenticated/templates/notifier.rb generators/authenticated/templates/notifier_test.rb eaf17ee3274bd2ace65f3a585718095f0a23ed17 technoweenie technoweenie@567b1171-46fb-0310-a4c9-b4bef9110e78 http://github.com/technoweenie/restful-authentication/commit/f1c88f3de29f72d3a090cc67f7f54d6283e7932f f1c88f3de29f72d3a090cc67f7f54d6283e7932f 2007-08-13T06:45:48-07:00 2007-08-13T06:45:48-07:00 restructure login code so basic authentication works. rename notifiers to mailers. use singleton resources for Sessions git-svn-id: http://svn.techno-weenie.net/projects/plugins/restful_authentication@2943 567b1171-46fb-0310-a4c9-b4bef9110e78 ad9f08270f8488c9e122f719f9e0d52014f7a16c technoweenie technoweenie@567b1171-46fb-0310-a4c9-b4bef9110e78