devise-otp 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +42 -0
- data/.travis.yml +11 -0
- data/Gemfile +25 -0
- data/LICENSE.txt +22 -0
- data/README.md +124 -0
- data/Rakefile +42 -0
- data/app/controllers/devise_otp/credentials_controller.rb +106 -0
- data/app/controllers/devise_otp/tokens_controller.rb +105 -0
- data/app/views/devise_otp/credentials/refresh.html.erb +20 -0
- data/app/views/devise_otp/credentials/show.html.erb +23 -0
- data/app/views/devise_otp/tokens/_token_secret.html.erb +17 -0
- data/app/views/devise_otp/tokens/recovery.html.erb +21 -0
- data/app/views/devise_otp/tokens/show.html.erb +31 -0
- data/config/locales/en.yml +66 -0
- data/devise-otp.gemspec +25 -0
- data/lib/devise-otp.rb +76 -0
- data/lib/devise-otp/version.rb +5 -0
- data/lib/devise_otp_authenticatable/controllers/helpers.rb +144 -0
- data/lib/devise_otp_authenticatable/controllers/url_helpers.rb +35 -0
- data/lib/devise_otp_authenticatable/engine.rb +23 -0
- data/lib/devise_otp_authenticatable/hooks.rb +13 -0
- data/lib/devise_otp_authenticatable/hooks/sessions.rb +57 -0
- data/lib/devise_otp_authenticatable/mapping.rb +19 -0
- data/lib/devise_otp_authenticatable/models/otp_authenticatable.rb +140 -0
- data/lib/devise_otp_authenticatable/routes.rb +30 -0
- data/lib/generators/active_record/devise_otp_generator.rb +13 -0
- data/lib/generators/active_record/templates/migration.rb +28 -0
- data/lib/generators/devise_otp/devise_otp_generator.rb +17 -0
- data/lib/generators/devise_otp/install_generator.rb +31 -0
- data/lib/generators/devise_otp/views_generator.rb +19 -0
- data/test/dummy/README.rdoc +261 -0
- data/test/dummy/Rakefile +7 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/controllers/application_controller.rb +4 -0
- data/test/dummy/app/controllers/posts_controller.rb +83 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/helpers/posts_helper.rb +2 -0
- data/test/dummy/app/mailers/.gitkeep +0 -0
- data/test/dummy/app/models/post.rb +2 -0
- data/test/dummy/app/models/user.rb +20 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/app/views/posts/_form.html.erb +25 -0
- data/test/dummy/app/views/posts/edit.html.erb +6 -0
- data/test/dummy/app/views/posts/index.html.erb +25 -0
- data/test/dummy/app/views/posts/new.html.erb +5 -0
- data/test/dummy/app/views/posts/show.html.erb +15 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +68 -0
- data/test/dummy/config/boot.rb +10 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +37 -0
- data/test/dummy/config/environments/production.rb +73 -0
- data/test/dummy/config/environments/test.rb +36 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/devise.rb +253 -0
- data/test/dummy/config/initializers/inflections.rb +15 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +8 -0
- data/test/dummy/config/initializers/session_store.rb +8 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +5 -0
- data/test/dummy/config/routes.rb +6 -0
- data/test/dummy/db/migrate/20130125101430_create_users.rb +9 -0
- data/test/dummy/db/migrate/20130131092406_add_devise_to_users.rb +53 -0
- data/test/dummy/db/migrate/20130131142320_create_posts.rb +10 -0
- data/test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb +28 -0
- data/test/dummy/lib/assets/.gitkeep +0 -0
- data/test/dummy/public/404.html +26 -0
- data/test/dummy/public/422.html +26 -0
- data/test/dummy/public/500.html +25 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/script/rails +6 -0
- data/test/integration/refresh_test.rb +92 -0
- data/test/integration/sign_in_test.rb +77 -0
- data/test/integration_tests_helper.rb +48 -0
- data/test/model_tests_helper.rb +22 -0
- data/test/models/otp_authenticatable_test.rb +116 -0
- data/test/orm/active_record.rb +4 -0
- data/test/test_helper.rb +19 -0
- metadata +237 -0
@@ -0,0 +1,23 @@
|
|
1
|
+
module DeviseOtpAuthenticatable
|
2
|
+
class Engine < ::Rails::Engine
|
3
|
+
|
4
|
+
ActiveSupport.on_load(:action_controller) do
|
5
|
+
include DeviseOtpAuthenticatable::Controllers::UrlHelpers
|
6
|
+
include DeviseOtpAuthenticatable::Controllers::Helpers
|
7
|
+
end
|
8
|
+
ActiveSupport.on_load(:action_view) do
|
9
|
+
include DeviseOtpAuthenticatable::Controllers::UrlHelpers
|
10
|
+
include DeviseOtpAuthenticatable::Controllers::Helpers
|
11
|
+
end
|
12
|
+
|
13
|
+
# We use to_prepare instead of after_initialize here because Devise is a Rails engine;
|
14
|
+
config.to_prepare do
|
15
|
+
DeviseOtpAuthenticatable::Hooks.apply
|
16
|
+
end
|
17
|
+
|
18
|
+
# extend mapping with after_initialize because is not reloaded
|
19
|
+
config.after_initialize do
|
20
|
+
Devise::Mapping.send :include, DeviseOtpAuthenticatable::Mapping
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
module DeviseOtpAuthenticatable::Hooks
|
2
|
+
module Sessions
|
3
|
+
extend ActiveSupport::Concern
|
4
|
+
include DeviseOtpAuthenticatable::Controllers::UrlHelpers
|
5
|
+
|
6
|
+
included do
|
7
|
+
alias_method_chain :create, :otp
|
8
|
+
end
|
9
|
+
|
10
|
+
#
|
11
|
+
# replaces Devise::SessionsController#create
|
12
|
+
#
|
13
|
+
def create_with_otp
|
14
|
+
|
15
|
+
resource = warden.authenticate!(auth_options)
|
16
|
+
|
17
|
+
otp_refresh_credentials_for(resource)
|
18
|
+
|
19
|
+
if otp_challenge_required_on?(resource)
|
20
|
+
challenge = resource.generate_otp_challenge!
|
21
|
+
warden.logout
|
22
|
+
respond_with resource, :location => otp_credential_path_for(resource, {:challenge => challenge})
|
23
|
+
|
24
|
+
elsif otp_mandatory_on?(resource) # if mandatory, log in user but send him to the must activate otp
|
25
|
+
set_flash_message(:notice, :signed_in_but_otp) if is_navigational_format?
|
26
|
+
sign_in(resource_name, resource)
|
27
|
+
respond_with resource, :location => otp_token_path_for(resource)
|
28
|
+
else
|
29
|
+
|
30
|
+
set_flash_message(:notice, :signed_in) if is_navigational_format?
|
31
|
+
sign_in(resource_name, resource)
|
32
|
+
respond_with resource, :location => after_sign_in_path_for(resource)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
#
|
40
|
+
# resource should be challenged for otp
|
41
|
+
#
|
42
|
+
def otp_challenge_required_on?(resource)
|
43
|
+
return false unless resource.respond_to?(:otp_enabled) && resource.respond_to?(:otp_auth_secret)
|
44
|
+
resource.otp_enabled && !is_otp_trusted_device_for?(resource)
|
45
|
+
end
|
46
|
+
|
47
|
+
#
|
48
|
+
# the resource -should- have otp turned on, but it isn't
|
49
|
+
#
|
50
|
+
def otp_mandatory_on?(resource)
|
51
|
+
return true if resource.class.otp_mandatory
|
52
|
+
return false unless resource.respond_to?(:otp_mandatory)
|
53
|
+
|
54
|
+
resource.otp_mandatory && !resource.otp_enabled
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module DeviseOtpAuthenticatable
|
2
|
+
|
3
|
+
module Mapping
|
4
|
+
|
5
|
+
def self.included(base)
|
6
|
+
base.alias_method_chain :default_controllers, :otp
|
7
|
+
end
|
8
|
+
|
9
|
+
private
|
10
|
+
def default_controllers_with_otp(options)
|
11
|
+
options[:controllers] ||= {}
|
12
|
+
|
13
|
+
options[:controllers][:otp_tokens] ||= "tokens"
|
14
|
+
options[:controllers][:otp_credentials] ||= "credentials"
|
15
|
+
|
16
|
+
default_controllers_without_otp(options)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,140 @@
|
|
1
|
+
require 'rotp'
|
2
|
+
|
3
|
+
module Devise::Models
|
4
|
+
module OtpAuthenticatable
|
5
|
+
extend ActiveSupport::Concern
|
6
|
+
|
7
|
+
included do
|
8
|
+
before_validation :generate_otp_auth_secret, :on => :create
|
9
|
+
before_validation :generate_otp_persistence_seed, :on => :create
|
10
|
+
scope :with_valid_otp_challenge, lambda { |time| where('otp_challenge_expires > ?', time) }
|
11
|
+
end
|
12
|
+
|
13
|
+
module ClassMethods
|
14
|
+
::Devise::Models.config(self, :otp_authentication_timeout, :otp_drift_window,
|
15
|
+
:otp_mandatory, :otp_credentials_refresh, :otp_uri_application, :recovery_tokens)
|
16
|
+
|
17
|
+
def find_valid_otp_challenge(challenge)
|
18
|
+
with_valid_otp_challenge(Time.now).where(:otp_session_challenge => challenge).first
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def time_based_otp
|
23
|
+
@time_based_otp ||= ROTP::TOTP.new(otp_auth_secret)
|
24
|
+
end
|
25
|
+
|
26
|
+
def recovery_otp
|
27
|
+
@recovery_otp ||= ROTP::HOTP.new(otp_recovery_secret)
|
28
|
+
end
|
29
|
+
|
30
|
+
def otp_provisioning_uri
|
31
|
+
time_based_otp.provisioning_uri(otp_provisioning_identifier)
|
32
|
+
end
|
33
|
+
|
34
|
+
def otp_provisioning_identifier
|
35
|
+
"#{email}/#{self.class.otp_uri_application || Rails.application.class.parent_name}"
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
def reset_otp_credentials
|
40
|
+
@time_based_otp = nil
|
41
|
+
@recovery_otp = nil
|
42
|
+
generate_otp_auth_secret
|
43
|
+
reset_otp_persistence
|
44
|
+
update_columns(:otp_enabled => false, :otp_time_drift => 0,
|
45
|
+
:otp_session_challenge => nil, :otp_challenge_expires => nil,
|
46
|
+
:otp_recovery_counter => 0)
|
47
|
+
end
|
48
|
+
|
49
|
+
def reset_otp_credentials!
|
50
|
+
reset_otp_credentials
|
51
|
+
save!
|
52
|
+
end
|
53
|
+
|
54
|
+
|
55
|
+
def reset_otp_persistence
|
56
|
+
generate_otp_persistence_seed
|
57
|
+
end
|
58
|
+
|
59
|
+
def reset_otp_persistence!
|
60
|
+
reset_otp_persistence
|
61
|
+
save!
|
62
|
+
end
|
63
|
+
|
64
|
+
def generate_otp_challenge!(expires = nil)
|
65
|
+
update_columns(:otp_session_challenge => SecureRandom.hex,
|
66
|
+
:otp_challenge_expires => DateTime.now + (expires || self.class.otp_authentication_timeout))
|
67
|
+
otp_session_challenge
|
68
|
+
end
|
69
|
+
|
70
|
+
def otp_challenge_valid?
|
71
|
+
(otp_challenge_expires.nil? || otp_challenge_expires > Time.now)
|
72
|
+
end
|
73
|
+
|
74
|
+
|
75
|
+
def validate_otp_token(token, recovery = false)
|
76
|
+
if recovery
|
77
|
+
validate_otp_recovery_token token
|
78
|
+
else
|
79
|
+
validate_otp_time_token token
|
80
|
+
end
|
81
|
+
end
|
82
|
+
alias_method :valid_otp_token?, :validate_otp_token
|
83
|
+
|
84
|
+
def validate_otp_time_token(token)
|
85
|
+
if drift = validate_otp_token_with_drift(token)
|
86
|
+
update_column(:otp_time_drift, drift)
|
87
|
+
true
|
88
|
+
else
|
89
|
+
false
|
90
|
+
end
|
91
|
+
end
|
92
|
+
alias_method :valid_otp_time_token?, :validate_otp_time_token
|
93
|
+
|
94
|
+
def next_otp_recovery_tokens(number = 5)
|
95
|
+
(otp_recovery_counter..otp_recovery_counter + number).inject({}) do |h, index|
|
96
|
+
h[index] = recovery_otp.at(index)
|
97
|
+
h
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
def validate_otp_recovery_token(token)
|
102
|
+
token = token.to_i unless token.is_a?(Fixnum)
|
103
|
+
recovery_otp.verify(token, otp_recovery_counter).tap do
|
104
|
+
self.otp_recovery_counter += 1
|
105
|
+
save!
|
106
|
+
end
|
107
|
+
end
|
108
|
+
alias_method :valid_otp_recovery_token?, :validate_otp_recovery_token
|
109
|
+
|
110
|
+
|
111
|
+
|
112
|
+
|
113
|
+
|
114
|
+
private
|
115
|
+
|
116
|
+
#
|
117
|
+
# refactor me, I suck
|
118
|
+
#
|
119
|
+
def validate_otp_token_with_drift(token)
|
120
|
+
# valid_vals << ROTP::TOTP.new(otp_auth_secret).at(Time.now)
|
121
|
+
token = token.to_i unless token.is_a?(Fixnum)
|
122
|
+
|
123
|
+
# should be centered around saved drift
|
124
|
+
(-self.class.otp_drift_window..self.class.otp_drift_window).each do |drift|
|
125
|
+
return drift if(time_based_otp.verify(token, Time.now.ago(30 * drift)))
|
126
|
+
end
|
127
|
+
false
|
128
|
+
end
|
129
|
+
|
130
|
+
def generate_otp_persistence_seed
|
131
|
+
self.otp_persistence_seed = SecureRandom.hex
|
132
|
+
end
|
133
|
+
|
134
|
+
def generate_otp_auth_secret
|
135
|
+
self.otp_auth_secret = ROTP::Base32.random_base32
|
136
|
+
self.otp_recovery_secret = ROTP::Base32.random_base32
|
137
|
+
end
|
138
|
+
|
139
|
+
end
|
140
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module ActionDispatch::Routing
|
2
|
+
class Mapper
|
3
|
+
|
4
|
+
|
5
|
+
protected
|
6
|
+
#########
|
7
|
+
|
8
|
+
def devise_otp(mapping, controllers)
|
9
|
+
|
10
|
+
namespace :otp, :module => :devise_otp do
|
11
|
+
resource :token, :only => [:show, :update, :destroy],
|
12
|
+
:path => mapping.path_names[:token], :controller => controllers[:otp_tokens] do
|
13
|
+
|
14
|
+
get :persistence, :action => 'get_persistence'
|
15
|
+
post :persistence, :action => 'clear_persistence'
|
16
|
+
delete :persistence, :action => 'delete_persistence'
|
17
|
+
|
18
|
+
get :recovery
|
19
|
+
end
|
20
|
+
|
21
|
+
resource :credential, :only => [:show, :update],
|
22
|
+
:path => mapping.path_names[:credentials], :controller => controllers[:otp_credentials] do
|
23
|
+
|
24
|
+
get :refresh, :action => 'get_refresh'
|
25
|
+
put :refresh, :action => 'set_refresh'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'rails/generators/active_record'
|
2
|
+
|
3
|
+
module ActiveRecord
|
4
|
+
module Generators
|
5
|
+
class DeviseOtpGenerator < ActiveRecord::Generators::Base
|
6
|
+
source_root File.expand_path("../templates", __FILE__)
|
7
|
+
|
8
|
+
def copy_devise_migration
|
9
|
+
migration_template "migration.rb", "db/migrate/devise_otp_add_to_#{table_name}"
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class DeviseOtpAddTo<%= table_name.camelize %> < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
change_table :<%= table_name %> do |t|
|
4
|
+
t.string :otp_auth_secret
|
5
|
+
t.string :otp_recovery_secret
|
6
|
+
t.boolean :otp_enabled, :default => false, :null => false
|
7
|
+
t.boolean :otp_mandatory, :default => false, :null => false
|
8
|
+
t.datetime :otp_enabled_on
|
9
|
+
t.integer :otp_time_drift, :default => 0, :null => false
|
10
|
+
t.integer :otp_failed_attempts, :default => 0, :null => false
|
11
|
+
t.integer :otp_recovery_counter, :default => 0, :null => false
|
12
|
+
t.string :otp_persistence_seed
|
13
|
+
|
14
|
+
t.string :otp_session_challenge
|
15
|
+
t.datetime :otp_challenge_expires
|
16
|
+
end
|
17
|
+
add_index :<%= table_name %>, :otp_session_challenge, :unique => true
|
18
|
+
add_index :<%= table_name %>, :otp_challenge_expires
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.down
|
22
|
+
change_table :<%= table_name %> do |t|
|
23
|
+
t.remove :otp_auth_secret, :otp_recovery_secret, :otp_enabled, :otp_mandatory, :otp_enabled_on, :otp_session_challenge,
|
24
|
+
:otp_challenge_expires, :otp_time_drift, :otp_failed_attempts, :otp_recovery_counter, :otp_persistence_seed
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module DeviseOtp
|
2
|
+
module Generators
|
3
|
+
class DeviseOtpGenerator < Rails::Generators::NamedBase
|
4
|
+
|
5
|
+
namespace "devise_otp"
|
6
|
+
|
7
|
+
desc "Add :otp_authenticatable directive in the given model, plus accessors. Also generate migration for ActiveRecord"
|
8
|
+
|
9
|
+
def inject_devise_otp_content
|
10
|
+
path = File.join("app","models","#{file_path}.rb")
|
11
|
+
inject_into_file(path, "otp_authenticatable, :", :after => "devise :") if File.exists?(path)
|
12
|
+
end
|
13
|
+
|
14
|
+
hook_for :orm
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module DeviseOtp
|
2
|
+
module Generators # :nodoc:
|
3
|
+
# Install Generator
|
4
|
+
class InstallGenerator < Rails::Generators::Base
|
5
|
+
source_root File.expand_path("../../templates", __FILE__)
|
6
|
+
|
7
|
+
desc "Install the devise OTP authentication extension"
|
8
|
+
|
9
|
+
def add_configs
|
10
|
+
|
11
|
+
content = <<-CONTENT
|
12
|
+
|
13
|
+
# ==> Devise OTP Extension
|
14
|
+
# Configure OTP extension for devise
|
15
|
+
|
16
|
+
# How long should the user have to enter their token. To change the default, uncomment and change the below:
|
17
|
+
#config.otp_authentication_timeout = 3.minutes
|
18
|
+
|
19
|
+
# Change time drift settings for valid token values. To change the default, uncomment and change the below:
|
20
|
+
#config.otp_authentication_time_drift = 3
|
21
|
+
CONTENT
|
22
|
+
|
23
|
+
inject_into_file "config/initializers/devise.rb", content, :before => /end[ |\n|]+\Z/
|
24
|
+
end
|
25
|
+
|
26
|
+
def copy_locale
|
27
|
+
copy_file "../../../config/locales/en.yml", "config/locales/devise.otp.en.yml"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'generators/devise/views_generator'
|
2
|
+
|
3
|
+
module DeviseOtp
|
4
|
+
module Generators
|
5
|
+
class ViewsGenerator < Rails::Generators::Base
|
6
|
+
desc 'Copies all Devise OTP views to your application.'
|
7
|
+
|
8
|
+
argument :scope, :required => false, :default => nil,
|
9
|
+
:desc => "The scope to copy views to"
|
10
|
+
|
11
|
+
include ::Devise::Generators::ViewPathTemplates
|
12
|
+
source_root File.expand_path("../../../../app/views/devise_otp", __FILE__)
|
13
|
+
def copy_views
|
14
|
+
view_directory :credentials, 'app/views/devise_otp/credentials'
|
15
|
+
view_directory :tokens, 'app/views/devise_otp/tokens'
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,261 @@
|
|
1
|
+
== Welcome to Rails
|
2
|
+
|
3
|
+
Rails is a web-application framework that includes everything needed to create
|
4
|
+
database-backed web applications according to the Model-View-Control pattern.
|
5
|
+
|
6
|
+
This pattern splits the view (also called the presentation) into "dumb"
|
7
|
+
templates that are primarily responsible for inserting pre-built data in between
|
8
|
+
HTML tags. The model contains the "smart" domain objects (such as Account,
|
9
|
+
Product, Person, Post) that holds all the business logic and knows how to
|
10
|
+
persist themselves to a database. The controller handles the incoming requests
|
11
|
+
(such as Save New Account, Update Product, Show Post) by manipulating the model
|
12
|
+
and directing data to the view.
|
13
|
+
|
14
|
+
In Rails, the model is handled by what's called an object-relational mapping
|
15
|
+
layer entitled Active Record. This layer allows you to present the data from
|
16
|
+
database rows as objects and embellish these data objects with business logic
|
17
|
+
methods. You can read more about Active Record in
|
18
|
+
link:files/vendor/rails/activerecord/README.html.
|
19
|
+
|
20
|
+
The controller and view are handled by the Action Pack, which handles both
|
21
|
+
layers by its two parts: Action View and Action Controller. These two layers
|
22
|
+
are bundled in a single package due to their heavy interdependence. This is
|
23
|
+
unlike the relationship between the Active Record and Action Pack that is much
|
24
|
+
more separate. Each of these packages can be used independently outside of
|
25
|
+
Rails. You can read more about Action Pack in
|
26
|
+
link:files/vendor/rails/actionpack/README.html.
|
27
|
+
|
28
|
+
|
29
|
+
== Getting Started
|
30
|
+
|
31
|
+
1. At the command prompt, create a new Rails application:
|
32
|
+
<tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
|
33
|
+
|
34
|
+
2. Change directory to <tt>myapp</tt> and start the web server:
|
35
|
+
<tt>cd myapp; rails server</tt> (run with --help for options)
|
36
|
+
|
37
|
+
3. Go to http://localhost:3000/ and you'll see:
|
38
|
+
"Welcome aboard: You're riding Ruby on Rails!"
|
39
|
+
|
40
|
+
4. Follow the guidelines to start developing your application. You can find
|
41
|
+
the following resources handy:
|
42
|
+
|
43
|
+
* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
|
44
|
+
* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
|
45
|
+
|
46
|
+
|
47
|
+
== Debugging Rails
|
48
|
+
|
49
|
+
Sometimes your application goes wrong. Fortunately there are a lot of tools that
|
50
|
+
will help you debug it and get it back on the rails.
|
51
|
+
|
52
|
+
First area to check is the application log files. Have "tail -f" commands
|
53
|
+
running on the server.log and development.log. Rails will automatically display
|
54
|
+
debugging and runtime information to these files. Debugging info will also be
|
55
|
+
shown in the browser on requests from 127.0.0.1.
|
56
|
+
|
57
|
+
You can also log your own messages directly into the log file from your code
|
58
|
+
using the Ruby logger class from inside your controllers. Example:
|
59
|
+
|
60
|
+
class WeblogController < ActionController::Base
|
61
|
+
def destroy
|
62
|
+
@weblog = Weblog.find(params[:id])
|
63
|
+
@weblog.destroy
|
64
|
+
logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
The result will be a message in your log file along the lines of:
|
69
|
+
|
70
|
+
Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
|
71
|
+
|
72
|
+
More information on how to use the logger is at http://www.ruby-doc.org/core/
|
73
|
+
|
74
|
+
Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
|
75
|
+
several books available online as well:
|
76
|
+
|
77
|
+
* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
|
78
|
+
* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
|
79
|
+
|
80
|
+
These two books will bring you up to speed on the Ruby language and also on
|
81
|
+
programming in general.
|
82
|
+
|
83
|
+
|
84
|
+
== Debugger
|
85
|
+
|
86
|
+
Debugger support is available through the debugger command when you start your
|
87
|
+
Mongrel or WEBrick server with --debugger. This means that you can break out of
|
88
|
+
execution at any point in the code, investigate and change the model, and then,
|
89
|
+
resume execution! You need to install ruby-debug to run the server in debugging
|
90
|
+
mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
|
91
|
+
|
92
|
+
class WeblogController < ActionController::Base
|
93
|
+
def index
|
94
|
+
@posts = Post.all
|
95
|
+
debugger
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
So the controller will accept the action, run the first line, then present you
|
100
|
+
with a IRB prompt in the server window. Here you can do things like:
|
101
|
+
|
102
|
+
>> @posts.inspect
|
103
|
+
=> "[#<Post:0x14a6be8
|
104
|
+
@attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
|
105
|
+
#<Post:0x14a6620
|
106
|
+
@attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
|
107
|
+
>> @posts.first.title = "hello from a debugger"
|
108
|
+
=> "hello from a debugger"
|
109
|
+
|
110
|
+
...and even better, you can examine how your runtime objects actually work:
|
111
|
+
|
112
|
+
>> f = @posts.first
|
113
|
+
=> #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
|
114
|
+
>> f.
|
115
|
+
Display all 152 possibilities? (y or n)
|
116
|
+
|
117
|
+
Finally, when you're ready to resume execution, you can enter "cont".
|
118
|
+
|
119
|
+
|
120
|
+
== Console
|
121
|
+
|
122
|
+
The console is a Ruby shell, which allows you to interact with your
|
123
|
+
application's domain model. Here you'll have all parts of the application
|
124
|
+
configured, just like it is when the application is running. You can inspect
|
125
|
+
domain models, change values, and save to the database. Starting the script
|
126
|
+
without arguments will launch it in the development environment.
|
127
|
+
|
128
|
+
To start the console, run <tt>rails console</tt> from the application
|
129
|
+
directory.
|
130
|
+
|
131
|
+
Options:
|
132
|
+
|
133
|
+
* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
|
134
|
+
made to the database.
|
135
|
+
* Passing an environment name as an argument will load the corresponding
|
136
|
+
environment. Example: <tt>rails console production</tt>.
|
137
|
+
|
138
|
+
To reload your controllers and models after launching the console run
|
139
|
+
<tt>reload!</tt>
|
140
|
+
|
141
|
+
More information about irb can be found at:
|
142
|
+
link:http://www.rubycentral.org/pickaxe/irb.html
|
143
|
+
|
144
|
+
|
145
|
+
== dbconsole
|
146
|
+
|
147
|
+
You can go to the command line of your database directly through <tt>rails
|
148
|
+
dbconsole</tt>. You would be connected to the database with the credentials
|
149
|
+
defined in database.yml. Starting the script without arguments will connect you
|
150
|
+
to the development database. Passing an argument will connect you to a different
|
151
|
+
database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
|
152
|
+
PostgreSQL and SQLite 3.
|
153
|
+
|
154
|
+
== Description of Contents
|
155
|
+
|
156
|
+
The default directory structure of a generated Ruby on Rails application:
|
157
|
+
|
158
|
+
|-- app
|
159
|
+
| |-- assets
|
160
|
+
| |-- images
|
161
|
+
| |-- javascripts
|
162
|
+
| `-- stylesheets
|
163
|
+
| |-- controllers
|
164
|
+
| |-- helpers
|
165
|
+
| |-- mailers
|
166
|
+
| |-- models
|
167
|
+
| `-- views
|
168
|
+
| `-- layouts
|
169
|
+
|-- config
|
170
|
+
| |-- environments
|
171
|
+
| |-- initializers
|
172
|
+
| `-- locales
|
173
|
+
|-- db
|
174
|
+
|-- doc
|
175
|
+
|-- lib
|
176
|
+
| `-- tasks
|
177
|
+
|-- log
|
178
|
+
|-- public
|
179
|
+
|-- script
|
180
|
+
|-- test
|
181
|
+
| |-- fixtures
|
182
|
+
| |-- functional
|
183
|
+
| |-- integration
|
184
|
+
| |-- performance
|
185
|
+
| `-- unit
|
186
|
+
|-- tmp
|
187
|
+
| |-- cache
|
188
|
+
| |-- pids
|
189
|
+
| |-- sessions
|
190
|
+
| `-- sockets
|
191
|
+
`-- vendor
|
192
|
+
|-- assets
|
193
|
+
`-- stylesheets
|
194
|
+
`-- plugins
|
195
|
+
|
196
|
+
app
|
197
|
+
Holds all the code that's specific to this particular application.
|
198
|
+
|
199
|
+
app/assets
|
200
|
+
Contains subdirectories for images, stylesheets, and JavaScript files.
|
201
|
+
|
202
|
+
app/controllers
|
203
|
+
Holds controllers that should be named like weblogs_controller.rb for
|
204
|
+
automated URL mapping. All controllers should descend from
|
205
|
+
ApplicationController which itself descends from ActionController::Base.
|
206
|
+
|
207
|
+
app/models
|
208
|
+
Holds models that should be named like post.rb. Models descend from
|
209
|
+
ActiveRecord::Base by default.
|
210
|
+
|
211
|
+
app/views
|
212
|
+
Holds the template files for the view that should be named like
|
213
|
+
weblogs/index.html.erb for the WeblogsController#index action. All views use
|
214
|
+
eRuby syntax by default.
|
215
|
+
|
216
|
+
app/views/layouts
|
217
|
+
Holds the template files for layouts to be used with views. This models the
|
218
|
+
common header/footer method of wrapping views. In your views, define a layout
|
219
|
+
using the <tt>layout :default</tt> and create a file named default.html.erb.
|
220
|
+
Inside default.html.erb, call <% yield %> to render the view using this
|
221
|
+
layout.
|
222
|
+
|
223
|
+
app/helpers
|
224
|
+
Holds view helpers that should be named like weblogs_helper.rb. These are
|
225
|
+
generated for you automatically when using generators for controllers.
|
226
|
+
Helpers can be used to wrap functionality for your views into methods.
|
227
|
+
|
228
|
+
config
|
229
|
+
Configuration files for the Rails environment, the routing map, the database,
|
230
|
+
and other dependencies.
|
231
|
+
|
232
|
+
db
|
233
|
+
Contains the database schema in schema.rb. db/migrate contains all the
|
234
|
+
sequence of Migrations for your schema.
|
235
|
+
|
236
|
+
doc
|
237
|
+
This directory is where your application documentation will be stored when
|
238
|
+
generated using <tt>rake doc:app</tt>
|
239
|
+
|
240
|
+
lib
|
241
|
+
Application specific libraries. Basically, any kind of custom code that
|
242
|
+
doesn't belong under controllers, models, or helpers. This directory is in
|
243
|
+
the load path.
|
244
|
+
|
245
|
+
public
|
246
|
+
The directory available for the web server. Also contains the dispatchers and the
|
247
|
+
default HTML files. This should be set as the DOCUMENT_ROOT of your web
|
248
|
+
server.
|
249
|
+
|
250
|
+
script
|
251
|
+
Helper scripts for automation and generation.
|
252
|
+
|
253
|
+
test
|
254
|
+
Unit and functional tests along with fixtures. When using the rails generate
|
255
|
+
command, template test files will be generated for you and placed in this
|
256
|
+
directory.
|
257
|
+
|
258
|
+
vendor
|
259
|
+
External libraries that the application depends on. Also includes the plugins
|
260
|
+
subdirectory. If the app has frozen rails, those gems also go here, under
|
261
|
+
vendor/rails/. This directory is in the load path.
|