Permalink
Switch branches/tags
Nothing to show
Commits on Mar 6, 2010
  1. fixed bug caused by forget and remember me what would save a new reco…

    …rd even when not intended.
    
    If forget_me or remember_me is called on a new_record then they will return nil now. This makes the remember me checkbox unchecked by default.
    jrwest committed Mar 6, 2010
Commits on Mar 4, 2010
  1. remember me when I login

    you will need to manually add the columns added to the migration in the previous commit to your model or rollback the accounts table migration, regenerate it and migrate up again. The new columns are remember_token and remember_expiry. In the future there will be a way to opt out of this.
    jrwest committed Mar 4, 2010
  2. added remember and forget me to account model

    added fields to migration template. These, like uname and password, should not be removed. The time an account is remembered is currently hardcoded. This will change in the future.
    jrwest committed Mar 4, 2010
  3. need to require action_controller

    jrwest committed Mar 4, 2010
Commits on Mar 3, 2010
  1. added session expiry. currently hardcoded to 1 hour from page request

    session_expiry filter is called for any action (given authenticate is called on ApplicationController) so the time spent on non-auth pages is not counted against the user's session time. 
    
    some refactoring was done. use set_session_for(account) to set session values relating to the account. use reset_session to make the session invalid. see SessionsController#create and #destroy for examples
    jrwest committed Mar 3, 2010
Commits on Mar 2, 2010
  1. login redirects to referring page if exists

    jrwest committed Mar 2, 2010
Commits on Feb 28, 2010
  1. destroy session. go to log in after.

    jrwest committed Feb 28, 2010
  2. readme typo

    jrwest committed Feb 28, 2010
  3. readme

    jrwest committed Feb 28, 2010
  4. skip_authenticate! allows actions to be called without a valid_session

    skip_authenticate! macro takes the :only and :except arguments to specify exactly which actions in a controller can be run w/o a valid session. If not passed any arguments skip_authenticate! will allow any action for that controller to be run w/o authentication.
    
    I suggest you add the authenticate macro to your ApplicationController and then use skip_authenticate! when needed in subclasses of ApplicationController. If you have an action, application wide, that should be allowed to run w/o authentication then simply use the :only and :except options that can be passed to authenticate.
    jrwest committed Feb 28, 2010
Commits on Feb 27, 2010
  1. renamed gem to 'authr3'

    use gem "authr3", :require => "authr" in your Gemfile
    jrwest committed Feb 27, 2010
  2. use ActionController::Base.authenticate to require autentication for …

    …your actions.
    
    the authenticate macro (class method) when called alone require a valid session for any route except the new session and create session. To modify this behaviour use :only and :except in the same manner you would for filters. For example, :except => [:index] will allow the index action of the controller to be invoked without a valid session. Be careful with this however, right now for example, if you add this to your application controller any index action will will be able to invoked. There will be better ways for doing this soon.
    
    Note: authenticate cannot be called on ActionController::Base it must be called on ApplicationController or its Subclasses.
    jrwest committed Feb 27, 2010
  3. authr generator

    simply generates a basic migration file. the fields defined in the migration are required. Add any others as needed.
    jrwest committed Feb 27, 2010
  4. controllers need to be 'unloadable'

    not exactly sure why yet but it fixes the error:
    
       ArgumentError (A copy of ApplicationController has been removed from the module tree but is still active!):
    jrwest committed Feb 27, 2010
  5. don't render session#new if invalid login. redirect to it.

    This is better since this is an engine embedded in other apps. Will most likely need to pass a flag to note the invalid login.
    jrwest committed Feb 27, 2010
  6. basic creation of session

    all session data stored by authr should be prefixed with 'account_'
    jrwest committed Feb 27, 2010
  7. session form uses restul routes. fixed restful session routes to poin…

    …t to authr/sessions controller
    jrwest committed Feb 27, 2010
  8. simple account creation

    jrwest committed Feb 27, 2010
  9. switched to RESTful routes

    jrwest committed Feb 27, 2010
  10. Account model uses bcrypt to safely store passwords

    for now bcrypt must included in the including applications Gemfile.
    jrwest committed Feb 27, 2010
  11. removed accident emacs files

    jrwest committed Feb 27, 2010
  12. Initial Commit

    jrwest committed Feb 27, 2010