myobie-rails-auth 0.0.0 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +66 -3
- data/VERSION.yml +1 -1
- data/lib/rails-auth/authentication.rb +5 -21
- data/lib/rails-auth/helpers/all.rb +1 -1
- data/lib/rails-auth/helpers/cookie.rb +21 -0
- data/lib/rails-auth/strategies/abstract_password.rb +1 -1
- data/lib/rails-auth/strategies/password_form.rb +1 -1
- data/lib/rails-auth.rb +3 -3
- metadata +2 -1
data/README.markdown
CHANGED
@@ -3,12 +3,17 @@ Note
|
|
3
3
|
|
4
4
|
This is not anywhere near done. It's still using swaths of code just copied straight over from merb, and even some of that doesn't do anything yet.
|
5
5
|
|
6
|
+
Install
|
7
|
+
=======
|
8
|
+
|
9
|
+
Add `config.gem 'myobie-rails-auth', :lib => 'rails-auth', :source => 'http://gems.github.com'` to your environment.rb file. Then `rake gems:install` or just install it yourself.
|
10
|
+
|
6
11
|
About
|
7
12
|
=====
|
8
13
|
|
9
14
|
I am not satisfied with any of the current authentication strategies available for rails. I am sure Rails 3 will have something built in, but until then this is what I am going to use. I am spoiled from the way Merb does it, but even then I am not 100% happy with how it works.
|
10
15
|
|
11
|
-
Currently, this is untested and very much a copy of how merb does it.
|
16
|
+
Currently, this is untested and very much a copy of how merb does it. However, I am using it in production.
|
12
17
|
|
13
18
|
All I really care about:
|
14
19
|
|
@@ -23,8 +28,8 @@ I hate how all the authentication libraries hide model, controller, view methods
|
|
23
28
|
|
24
29
|
In my mind, the best way to solve this is to not have a ton of necessary methods on anything.
|
25
30
|
|
26
|
-
All you need
|
27
|
-
|
31
|
+
All you should need
|
32
|
+
===================
|
28
33
|
|
29
34
|
1. UserModel#authenticate
|
30
35
|
2. Use `ensure_authenticated` in your controller to make sure they are logged in.
|
@@ -33,6 +38,64 @@ All you need
|
|
33
38
|
|
34
39
|
Simple.
|
35
40
|
|
41
|
+
Usage
|
42
|
+
=====
|
43
|
+
|
44
|
+
After you have installed the gem, you will need to use it in the manner you see fit. I have created some examples (look in [examples/][examples] inside the gem) that come straight from how I use it right now. These are not generators.
|
45
|
+
|
46
|
+
## [Initializer (authentication.rb)][init]
|
47
|
+
|
48
|
+
I'll just go through the file in order. First I activate the strategies that I want (you can create/activate your own here too), then set my user model class. Then I tell `Rails::Authentication` how to store/fetch a user from the session (by id) and which session keys to keep during login/logout (like the return to url, don't want to loose that). Then I just require all available helpers and set two constants that I use in my user model to encrypt passwords.
|
49
|
+
|
50
|
+
I marked what is optional/required.
|
51
|
+
|
52
|
+
## ApplicationController
|
53
|
+
|
54
|
+
### [Simple Example][a-simple]
|
55
|
+
|
56
|
+
The easiest way to get up and running is to include the `ensure_authenticated` helper in `ApplicationController` and then decide what you want to do when the `Rails::Authentication::Unauthenticated` error is raised.
|
57
|
+
|
58
|
+
### [Complex Example][a-complex]
|
59
|
+
|
60
|
+
There are some helpers you can include along with the `ensure_authenticated` helper by including `Rails::AuthenticatedControllerExtensions`. You will find helpers for remember me cookies, setting a return to url to redirect to after login, logged in? and other helpers resembling restful-authentication, and a helper for setting a custom flash message when the user is not logged in. See the [rails-auth/helpers][helpers] folder.
|
61
|
+
|
62
|
+
## SessionsController
|
63
|
+
|
64
|
+
You don't have to create a `SessionsController` at all, but I like the idea of creating/destroying a session when logging in/out.
|
65
|
+
|
66
|
+
### [Simple Example][s-simple]
|
67
|
+
|
68
|
+
The `ensure_authenticated` helper will do the login if the correct params are present (if they are submitted from a form, basic http auth, etc). So really, all you need to do is use that method.
|
69
|
+
|
70
|
+
### [Complex Example][s-complex]
|
71
|
+
|
72
|
+
This example uses `before_filters` to order method calls in the correct order each time. It keeps track of certain session data that we never want to use (like the return to url) and also handles a remember me checkbox. It really is essentially the same as the simple example, but with a ton of methods around the core action code.
|
73
|
+
|
74
|
+
## User (model)
|
75
|
+
|
76
|
+
### [Simple Example][m-simple]
|
77
|
+
|
78
|
+
All you need in your model (for the password_form strategy) is `self.authenticate`. It can look however you want, but I have provided an example that you may not want to use, since the passwords are not encrypted.
|
79
|
+
|
80
|
+
### [Complex Example][m-complex]
|
81
|
+
|
82
|
+
I'll try to hit the highlights, but essentially we aren't actually saving the password, but saving a `crypted_password` instead. This example needs some more love and I should include my `user_mailer` as well. _I will update this example soon._
|
83
|
+
|
84
|
+
I put some validations to show that there are some regex's in the gem (although I am considering moving them out). Then you will see activate! which activates a user (I send activation emails out). The `authenticate` method is still pretty simple, except it delegates to an `authenticated?` instance method on the user to do it's work.
|
85
|
+
|
86
|
+
There is a lot of digest and other crap that encrypts the passwords. We save an encrypted version of the password in the db, then when the user types their password into the form field, we encrypt what they typed and compare it to the encrypted form in the db (they should be the same since it supposedly was the same word that was encrypted both times).
|
87
|
+
|
88
|
+
There is also some remember/forget stuff in there.
|
89
|
+
|
90
|
+
[examples]: http://github.com/myobie/rails-auth/tree/6ba96559b3f83aef3f705bc63d0895b710f27095/examples
|
91
|
+
[init]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/initializers/authentication.rb
|
92
|
+
[a-simple]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/application_controller_simple.rb
|
93
|
+
[a-complex]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/application_controller_complex.rb
|
94
|
+
[s-simple]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/sessions_controller_simple.rb
|
95
|
+
[s-complex]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/controllers/sessions_controller_complex.rb
|
96
|
+
[m-simple]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/models/user_simple.rb
|
97
|
+
[m-complex]: http://github.com/myobie/rails-auth/blob/6ba96559b3f83aef3f705bc63d0895b710f27095/examples/models/user_complex.rb
|
98
|
+
|
36
99
|
TODO
|
37
100
|
====
|
38
101
|
|
data/VERSION.yml
CHANGED
@@ -40,34 +40,20 @@ module Rails
|
|
40
40
|
self.email_regex = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
|
41
41
|
self.bad_email_message = "should look like an email address.".freeze
|
42
42
|
|
43
|
-
def self.load_helpers(file_name)
|
44
|
-
require 'rails-auth/helpers' / file_name.to_s
|
45
|
-
end
|
46
43
|
|
47
44
|
def initialize(session)
|
48
45
|
@session = session
|
49
46
|
end
|
50
|
-
|
51
|
-
# Returns true if there is an authenticated user attached to this session
|
52
|
-
#
|
53
|
-
# @return <TrueClass|FalseClass>
|
54
|
-
#
|
47
|
+
|
55
48
|
def authenticated?
|
56
49
|
!!session[:user]
|
57
50
|
end
|
58
|
-
|
59
|
-
# This method will retrieve the user object stored in the session or nil if there
|
60
|
-
# is no user logged in.
|
61
|
-
#
|
62
|
-
# @return <User class>|NilClass
|
51
|
+
|
63
52
|
def user
|
64
53
|
return nil if !session[:user]
|
65
54
|
@user ||= fetch_user(session[:user])
|
66
55
|
end
|
67
|
-
|
68
|
-
# This method will store the user provided into the session
|
69
|
-
# and set the user as the currently logged in user
|
70
|
-
# @return <User Class>|NilClass
|
56
|
+
|
71
57
|
def user=(user)
|
72
58
|
session[:user] = nil && return if user.nil?
|
73
59
|
session[:user] = store_user(user)
|
@@ -79,9 +65,7 @@ module Rails
|
|
79
65
|
# either passed in, or in the default_strategy_order.
|
80
66
|
#
|
81
67
|
# If a strategy returns some kind of user object, this will be stored
|
82
|
-
# in the session, otherwise
|
83
|
-
#
|
84
|
-
# @params Rails::Request, [List,Of,Strategies, optional_options_hash]
|
68
|
+
# in the session, otherwise an Unauthenticated exception is raised
|
85
69
|
#
|
86
70
|
# Pass in a list of strategy objects to have this list take precedence over the normal defaults
|
87
71
|
#
|
@@ -189,7 +173,7 @@ module Rails
|
|
189
173
|
# in the face of session.abandon! You need to maintain this state yourself
|
190
174
|
# @public
|
191
175
|
def self.maintain_session_keys
|
192
|
-
@maintain_session_keys ||= [:authentication_strategies
|
176
|
+
@maintain_session_keys ||= [:authentication_strategies]
|
193
177
|
end
|
194
178
|
|
195
179
|
private
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module Rails
|
2
|
+
|
3
|
+
module AuthenticatedControllerExtensions
|
4
|
+
|
5
|
+
def attempt_cookie_authentication
|
6
|
+
|
7
|
+
# TODO: have the cookie name settable somehow
|
8
|
+
if !session.authenticated? && cookies[:remember_me_token]
|
9
|
+
user = Rails::Authentication.user_class.constantize.
|
10
|
+
authenticate_with_remember_token(cookies[:remember_me_token])
|
11
|
+
|
12
|
+
if user
|
13
|
+
session.abandon!
|
14
|
+
session.user = user
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
end # attempt_cookie_authentication
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
data/lib/rails-auth.rb
CHANGED
@@ -16,6 +16,6 @@ require 'rails-auth/strategy'
|
|
16
16
|
|
17
17
|
basic_path = "rails-auth/strategies"
|
18
18
|
|
19
|
-
# Rails::Authentication.register(:
|
20
|
-
# Rails::Authentication.register(:
|
21
|
-
Rails::Authentication.register(:
|
19
|
+
# Rails::Authentication.register(:basic_auth, basic_path / "basic_auth.rb")
|
20
|
+
# Rails::Authentication.register(:openid, basic_path / "openid.rb")
|
21
|
+
Rails::Authentication.register(:password_form, basic_path / "password_form.rb")
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: myobie-rails-auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nathan Herald
|
@@ -31,6 +31,7 @@ files:
|
|
31
31
|
- lib/rails-auth/errors.rb
|
32
32
|
- lib/rails-auth/helpers
|
33
33
|
- lib/rails-auth/helpers/all.rb
|
34
|
+
- lib/rails-auth/helpers/cookie.rb
|
34
35
|
- lib/rails-auth/helpers/current_user.rb
|
35
36
|
- lib/rails-auth/helpers/logged_in.rb
|
36
37
|
- lib/rails-auth/helpers/redirect_back.rb
|