Skip to content
Browse files

README and gemspec updated.

  • Loading branch information...
1 parent cc78f7e commit 3824896f0bad7e3ce273203da8ea85197ef75b65 @Satish committed Apr 22, 2010
Showing with 117 additions and 166 deletions.
  1. +87 −135 README.textile
  2. +30 −31 restful-authentication.gemspec
View
222 README.textile
@@ -1,7 +1,6 @@
-h1. "Restful Authentication Generator":http://github.com/technoweenie/restful-authentication
+h1. "Restful Authentication Generator":http://github.com/Satish/restful-authentication
-This widely-used plugin provides a foundation for securely managing user
-authentication:
+This widely-used plugin provides a foundation for securely managing user authentication:
* Login / logout
* Secure password handling
* Account activation by validating email
@@ -13,21 +12,13 @@ Several features were updated in May, 2008.
* "'Classic' (backward-compatible) version":http://github.com/technoweenie/restful-authentication/tree/classic
* "Experimental version":http://github.com/technoweenie/restful-authentication/tree/modular (Much more modular, needs testing & review)
- !! important: if you upgrade your site, existing user account !!
- !! passwords will stop working unless you use --old-passwords !!
-
-***************************************************************************
+!! important: if you upgrade your site, existing user account !!
+!! passwords will stop working unless you use @--old-passwords@ !!
h2. Issue Tracker
-Please submit any bugs or annoyances on the lighthouse tracker at
-* "http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview
-
-For anything simple enough, please github message both maintainers: Rick Olson
-("technoweenie":http://github.com/technoweenie) and Flip Kromer
-("mrflip":http://github.com/mrflip).
-
-***************************************************************************
+Please submit any bugs or annoyances at
+* "http://github.com/Satish/restful-authentication/issues":http://github.com/Satish/restful-authentication/issues
h2. Documentation
@@ -36,35 +27,27 @@ This page has notes on
* "New Features":#AWESOME
* "After installing":#POST-INSTALL
-See the "wiki":http://github.com/technoweenie/restful-authentication/wikis/home
-(or the notes/ directory) if you want to learn more about:
+See the "wiki":http://github.com/technoweenie/restful-authentication/wikis/home (or the notes/ directory) if you want to learn more about:
-* "Extensions, Addons and Alternatives":addons such as HAML templates
-* "Security Design Patterns":security-patterns with "snazzy diagram":http://github.com/technoweenie/restful-authentication/tree/master/notes/SecurityFramework.png
-* [[Authentication]] -- Lets a visitor identify herself (and lay claim to her corresponding Roles and measure of Trust)
-* "Trust Metrics":Trustification -- Confidence we can rely on the outcomes of this visitor's actions.
-* [[Authorization]] and Policy -- Based on trust and identity, what actions may this visitor perform?
-* [[Access Control]] -- How the Authorization policy is actually enforced in your code (A: hopefully without turning it into a spaghetti of if thens)
-* [[Rails Plugins]] for Authentication, Trust, Authorization and Access Control
-* [[Tradeoffs]] -- for the paranoid or the curious, a rundown of tradeoffs made in the code
-* [[CHANGELOG]] -- Summary of changes to internals
-* [[TODO]] -- Ideas for how you can help
+* "Extensions, Addons and Alternatives":http://wiki.github.com/technoweenie/restful-authentication/addons such as HAML templates
+* "Security Design Patterns":http://wiki.github.com/technoweenie/restful-authentication/security-patterns with "snazzy diagram":http://github.com/technoweenie/restful-authentication/tree/master/notes/SecurityFramework.png
+* "Authentication":http://wiki.github.com/technoweenie/restful-authentication/authentication -- Lets a visitor identify herself (and lay claim to her corresponding Roles and measure of Trust)
+* "Trust Metrics":http://wiki.github.com/technoweenie/restful-authentication/trustification -- Confidence we can rely on the outcomes of this visitor's actions.
+* "Authorization":http://wiki.github.com/technoweenie/restful-authentication/authorization and Policy -- Based on trust and identity, what actions may this visitor perform?
+* "Access Control":http://wiki.github.com/technoweenie/restful-authentication/access-control -- How the Authorization policy is actually enforced in your code (A: hopefully without turning it into a spaghetti of if thens)
+* "Rails Plugins":http://wiki.github.com/technoweenie/restful-authentication/rails-plugins for Authentication, Trust, Authorization and Access Control
+* "Tradeoffs":http://wiki.github.com/technoweenie/restful-authentication/tradeoffs -- for the paranoid or the curious, a rundown of tradeoffs made in the code
+* "CHANGELOG":http://wiki.github.com/technoweenie/restful-authentication/CHANGELOG -- Summary of changes to internals
+* "TODO":http://wiki.github.com/technoweenie/restful-authentication/todo -- Ideas for how you can help
-These best version of the release notes are in the notes/ directory in the
-"source code":http://github.com/technoweenie/restful-authentication/tree/master
--- look there for the latest version. The wiki versions are taken (manually)
-from there.
-***************************************************************************
+These best version of the release notes are in the notes/ directory in the "source code":http://github.com/technoweenie/restful-authentication/tree/master -- look there for the latest version. The wiki versions are taken (manually) from there.
-<a id="AWESOME"/> </a>
-h2. Exciting new features
+h2(#AWESOME). Exciting new features
h3. Stories
-There are now "Cucumber":http://wiki.github.com/aslakhellesoy/cucumber/home features that allow expressive, enjoyable tests for the
-authentication code. The flexible code for resource testing in stories was
-extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
+There are now "Cucumber":http://wiki.github.com/aslakhellesoy/cucumber/home features that allow expressive, enjoyable tests for the authentication code. The flexible code for resource testing in stories was extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
h3. Modularize to match security design patterns:
@@ -80,145 +63,114 @@ h3. Other
* Stricter email, login field validation
* Minor security fixes -- see CHANGELOG
-***************************************************************************
h2. Non-backwards compatible Changes
Here are a few changes in the May 2008 release that increase "Defense in Depth"
but may require changes to existing accounts
-* If you have an existing site, none of these changes are compelling enough to
- warrant migrating your userbase.
-* If you are generating for a new site, all of these changes are low-impact.
- You should apply them.
+* If you have an existing site, none of these changes are compelling enough to warrant migrating your userbase.
+* If you are generating for a new site, all of these changes are low-impact. You should apply them.
h3. Passwords
-The new password encryption (using a site key salt and stretching) will break
-existing user accounts' passwords. We recommend you use the --old-passwords
-option or write a migration tool and submit it as a patch. See the
-[[Tradeoffs]] note for more information.
+The new password encryption (using a site key salt and stretching) will break existing user accounts' passwords. We recommend you use the @--old-passwords@
+option or write a migration tool and submit it as a patch. See the "Tradeoffs":http://wiki.github.com/technoweenie/restful-authentication/tradeoffs note for more information.
h3. Validations
By default, email and usernames are validated against a somewhat strict pattern; your users' values may be now illegal. Adjust to suit.
-***************************************************************************
-<a id="INSTALL"/> </a>
-h2. Installation
+h2(#INSTALL). Installation
-This is a basic restful authentication generator for rails, taken from
-acts as authenticated. Currently it requires Rails 1.2.6 or above.
+This is a basic restful authentication generator for rails, taken from acts as authenticated. Currently it requires Rails3 beta.
**IMPORTANT FOR RAILS > 2.1 USERS** To avoid a @NameError@ exception ("lighthouse tracker ticket":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/tickets/2-not-a-valid-constant-name-errors#ticket-2-2), check out the code to have an _underscore_ and not _dash_ in its name:
-* either use <code>git clone git://github.com/technoweenie/restful-authentication.git restful_authentication</code>
-* or rename the plugin's directory to be <code>restful_authentication</code> after fetching it.
-To use the generator:
+If you're using git as your source control, you have three options.
+
+* Install as a plugin <pre><code>rails plugin install git://github.com/Satish/restful-authentication.git restful_authentication</code></pre>
- ./script/generate authenticated user sessions \
+* Checkout into @vendor/plugins@ using
+<pre><code>git clone git://github.com/Satish/restful-authentication.git restful_authentication</code></pre>and delete the .git folder inside the directory. (This will break the connection with the github repository, and allow you to include the code into your project with git add)
+
+* Use git submodule. From the top level of your project, add the plugin
+<pre><code>git submodule add git://github.com/Satish/restful-authentication.git vendor/plugins/restful_authentication</code></pre>This will create a reference link to the repository, which can be save into your project. You will need to let capistrano know that you want to update submodules on deploy via @set :git_enable_submodules, 1@.
+
+"git-submodule docs":http://www.kernel.org/pub/software/scm/git/docs/git-submodule.html
+
+To use the generator:
+<pre><code>
+ rails g authenticated user sessions \
--include-activation \
--stateful \
--rspec \
--skip-migration \
--skip-routes \
--old-passwords
+</code></pre>
-* The first parameter specifies the model that gets created in signup (typically
- a user or account model). A model with migration is created, as well as a
- basic controller with the create method. You probably want to say "User" here.
+* The first parameter specifies the model that gets created in signup (typically a user or account model). A model with migration is created, as well as a basic controller with the create method. You probably want to say "User" here.
-* The second parameter specifies the session controller name. This is the
- controller that handles the actual login/logout function on the site.
- (probably: "Session").
+* The second parameter specifies the session controller name(options default to @sessionsController@). This is the controller that handles the actual login/logout function on the site. (probably: "Session").
-* --include-activation: Generates the code for a ActionMailer and its respective
- Activation Code through email.
+* @--include-activation@: Generates the code for a ActionMailer and its respective Activation Code through email.
-* --stateful: Builds in support for acts_as_state_machine and generates
- activation code. (@--stateful@ implies @--include-activation@). Based on the
- idea at [[http://www.vaporbase.com/postings/stateful_authentication]]. Passing
- @--skip-migration@ will skip the user migration, and @--skip-routes@ will skip
- resource generation -- both useful if you've already run this generator.
- (Needs the "acts_as_state_machine plugin":http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/,
- but new installs should probably run with @--aasm@ instead.)
+* @--stateful@: Builds in support for acts_as_state_machine and generates activation code. (@--stateful@ implies @--include-activation@). Based on the idea at "http://www.vaporbase.com/postings/stateful_authentication":http://www.vaporbase.com/postings/stateful_authentication. Passing @--skip-migration@ will skip the user migration, and @--skip-routes@ will skip resource generation both useful if you've already run this generator. (Needs the "acts_as_state_machine plugin":http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/, but new installs should probably run with @--aasm@ instead.)
-* --aasm: Works the same as stateful but uses the "updated aasm gem":http://github.com/rubyist/aasm/tree/master
+* @--aasm@: Works the same as stateful but uses the "updated aasm gem":http://github.com/rubyist/aasm/tree/master<br /> Add <code>gem 'rubyist-aasm', :require => 'aasm'</code> to @Gemfile@ for use in projects that use rails3-beta
-* --rspec: Generate RSpec tests and Stories in place of standard rails tests.
- This requires the
- "RSpec and Rspec-on-rails plugins":http://rspec.info/
- (make sure you "./script/generate rspec" after installing RSpec.) The rspec
- and story suite are much more thorough than the rails tests, and changes are
- unlikely to be backported.
+* @--rspec@: Generate RSpec tests and Stories in place of standard rails tests. This requires the "RSpec-2 for Rails-3":http://github.com/rspec/rspec-rails, run @gem install rspec-rails --pre@ to install RSpec-2 for Rails-3(make sure you @rails g rspec:install@ after installing RSpec.) The rspec and story suite are much more thorough than the rails tests, and changes are unlikely to be backported.
-* --old-passwords: Use the older password scheme (see [[#COMPATIBILITY]], above)
+* @--old-passwords@: Use the older password scheme (see [[#COMPATIBILITY]], above)
-* --skip-migration: Don't generate a migration file for this model
+* @--skip-migration@: Don't generate a migration file for this model
-* --skip-routes: Don't generate a resource line in @config/routes.rb@
+* @--skip-routes@: Don't generate a resource line in @config/routes.rb@
-***************************************************************************
-<a id="POST-INSTALL"/> </a>
-h2. After installing
-The below assumes a Model named 'User' and a Controller named 'Session'; please
-alter to suit. There are additional security minutae in @notes/README-Tradeoffs@
--- only the paranoid or the curious need bother, though.
+h2(#POST-INSTALL). After installing
-* Add these familiar login URLs to your @config/routes.rb@ if you like:
+The below assumes a Model named 'User' and a Controller named 'Session'; please alter to suit. There are additional security minutae in @notes/README-Tradeoffs@ -- only the paranoid or the curious need bother, though.
- <pre><code>
- map.signup '/signup', :controller => 'users', :action => 'new'
- map.login '/login', :controller => 'session', :action => 'new'
- map.logout '/logout', :controller => 'session', :action => 'destroy'
- </code></pre>
+* Add these familiar login URLs to your @config/routes.rb@ if you like:
+<pre><code>
+ match 'login' => 'sessions#new', :as => :login
+ match 'logout' => 'sessions#destroy', :as => :logout
+ match 'signup' => 'users#new', :as => :signup
+</code></pre>
* With @--include-activation@, also add to your @config/routes.rb@:
-
- <pre><code>
- map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
- </code></pre>
-
- and add an observer to @config/environment.rb@:
-
- <pre><code>
- config.active_record.observers = :user_observer
- </code></pre>
-
- Pay attention, may be this is not an issue for everybody, but if you should
- have problems, that the sent activation_code does match with that in the
- database stored, reload your user object before sending its data through email
- something like:
-
- <pre><code>
- class UserObserver < ActiveRecord::Observer
- def after_create(user)
- user.reload
- UserMailer.deliver_signup_notification(user)
- end
- def after_save(user)
- user.reload
- UserMailer.deliver_activation(user) if user.recently_activated?
- end
- end
- </code></pre>
+<pre><code>match 'activate/:activation_code' => 'users#activate', :as => :activate, :activation_code => nil</code></pre>
+and add an observer to @config/application.rb@:
+<pre><code>config.active_record.observers = :user_observer</code></pre>
+Pay attention, may be this is not an issue for everybody, but if you should have problems, that the sent activation_code does match with that in the database stored, reload your user object before sending its data through email something like:
+<pre><code>
+class UserObserver < ActiveRecord::Observer
+ def after_create(user)
+ user.reload
+ UserMailer.deliver_signup_notification(user)
+ end
+ def after_save(user)
+ user.reload
+ UserMailer.deliver_activation(user) if user.recently_activated?
+ end
+end
+</code></pre>
* With @--stateful@, add an observer to config/environment.rb:
-
- <pre><code>
- config.active_record.observers = :user_observer
- </code></pre>
-
- and modify the users resource line to read
-
- map.resources :users, :member => { :suspend => :put,
- :unsuspend => :put,
- :purge => :delete }
-
-* If you use a public repository for your code (such as github, rubyforge,
- gitorious, etc.) make sure to NOT post your site_keys.rb (add a line like
- '/config/initializers/site_keys.rb' to your .gitignore or do the svn ignore
- dance), but make sure you DO keep it backed up somewhere safe.
+<pre><code>config.active_record.observers = :user_observer</code></pre>
+and modify the users resource line in @config/routes.rb@ to read
+<pre><code>
+resources :users do
+ member do
+ put :suspend
+ put :unsuspend
+ delete :purge
+ end
+end
+</code></pre>
+
+* If you use a public repository for your code (such as github, rubyforge, gitorious, etc.) make sure to NOT post your site_keys.rb (add a line like '/config/initializers/site_keys.rb' to your .gitignore or do the svn ignore dance), but make sure you DO keep it backed up somewhere safe.
View
61 restful-authentication.gemspec
@@ -1,33 +1,32 @@
+# DO NOT EDIT THIS FILE DIRECTLY
# -*- encoding: utf-8 -*-
-Gem::Specification.new do |s|
- s.name = %q{restful-authentication}
- s.version = "1.1.1"
-
- s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
- s.authors = ["RailsJedi", "Rick Olson"]
- s.date = %q{2008-07-04}
- s.description = %q{This widely-used plugin provides a foundation for securely managing user.}
- s.email = %q{railsjedi@gmail.com}
- s.extra_rdoc_files = ["README.textile"]
- s.files = ["CHANGELOG", "README.textile", "Rakefile", "TODO", "generators/authenticated/authenticated_generator.rb", "generators/authenticated/lib/insert_routes.rb", "generators/authenticated/templates/_model_partial.html.erb", "generators/authenticated/templates/activation.erb", "generators/authenticated/templates/authenticated_system.rb", "generators/authenticated/templates/authenticated_test_helper.rb", "generators/authenticated/templates/controller.rb", "generators/authenticated/templates/helper.rb", "generators/authenticated/templates/login.html.erb", "generators/authenticated/templates/mailer.rb", "generators/authenticated/templates/migration.rb", "generators/authenticated/templates/model.rb", "generators/authenticated/templates/model_controller.rb", "generators/authenticated/templates/model_helper.rb", "generators/authenticated/templates/model_helper_spec.rb", "generators/authenticated/templates/observer.rb", "generators/authenticated/templates/signup.html.erb", "generators/authenticated/templates/signup_notification.erb", "generators/authenticated/templates/site_keys.rb", "generators/authenticated/templates/spec/controllers/access_control_spec.rb", "generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb", "generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb", "generators/authenticated/templates/spec/controllers/users_controller_spec.rb", "generators/authenticated/templates/spec/fixtures/users.yml", "generators/authenticated/templates/spec/helpers/users_helper_spec.rb", "generators/authenticated/templates/spec/models/user_spec.rb", "generators/authenticated/templates/stories/rest_auth_stories.rb", "generators/authenticated/templates/stories/rest_auth_stories_helper.rb", "generators/authenticated/templates/stories/steps/ra_navigation_steps.rb", "generators/authenticated/templates/stories/steps/ra_resource_steps.rb", "generators/authenticated/templates/stories/steps/ra_response_steps.rb", "generators/authenticated/templates/stories/steps/user_steps.rb", "generators/authenticated/templates/stories/users/accounts.story", "generators/authenticated/templates/stories/users/sessions.story", "generators/authenticated/templates/test/functional_test.rb", "generators/authenticated/templates/test/mailer_test.rb", "generators/authenticated/templates/test/model_functional_test.rb", "generators/authenticated/templates/test/unit_test.rb", "generators/authenticated/USAGE", "init.rb", "lib/authentication/by_cookie_token.rb", "lib/authentication/by_password.rb", "lib/authentication.rb", "lib/authorization/aasm_roles.rb", "lib/authorization/stateful_roles.rb", "lib/authorization.rb", "lib/trustification/email_validation.rb", "lib/trustification.rb", "rails/init.rb"]
- s.has_rdoc = true
- s.homepage = %q{http://github.com/technoweenie/restful-authentication}
- s.rdoc_options = ["--main", "README.textile"]
- s.require_paths = ["lib"]
- s.rubygems_version = %q{1.3.0}
- s.summary = %q{Generates code for user login and authentication}
-
- if s.respond_to? :specification_version then
- current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
- s.specification_version = 2
-
- if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
- s.add_runtime_dependency(%q<rails>, ["~> 2.1.0"])
- else
- s.add_dependency(%q<rails>, ["~> 2.1.0"])
- end
- else
- s.add_dependency(%q<rails>, ["~> 2.1.0"])
- end
-end
+Gem::Specification.new do |gem|
+ gem.name = %q{restful-authentication}
+ gem.version = "2.0.0.beta1"
+ gem.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if gem.respond_to? :required_rubygems_version=
+ gem.date = %q{2010-04-22}
+ gem.authors = ["Satish"]
+ gem.email = %q{satish@vinsol.com}
+ gem.homepage = %q{http://github.com/Satish/restful-authentication}
+ gem.summary = %q{Generates code for user login and authentication}
+ gem.description = 'Generates common user authentication code for Rails/Merb, with a full test/unit and rspec suite and optional Acts as State Machine support built-in..'
+
+ gem.require_paths = ["lib"]
+ gem.files = Dir["CHANGELOG", "README.textile", "Rakefile", "TODO", "lib/**/*", "init.rb"]
+
+ gem.extra_rdoc_files = ["README.textile"]
+ gem.rdoc_options = ["--main", "README.textile", "--charset=UTF-8"]
+ gem.rubygems_version = %q{1.3.6}
+
+ gem.post_install_message = %q{**************************************************
+
+ Thank you for installing restful-authentication-2.0.0.beta.1!
+
+ This version ofrestful-authentication only works with
+ versions of rails >= 3.0.0.pre.
+
+**************************************************
+}
+
+end

0 comments on commit 3824896

Please sign in to comment.
Something went wrong with that request. Please try again.