salted_login_generator 1.0.4 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/USAGE +20 -13
- data/salted_login_generator.rb +35 -16
- data/templates/README +78 -83
- data/templates/_view_edit.rhtml +14 -0
- data/templates/_view_password.rhtml +12 -0
- data/templates/controller.rb +118 -78
- data/templates/controller_test.rb +92 -81
- data/templates/create_db +7 -0
- data/templates/en.yaml +69 -0
- data/templates/helper.rb +122 -0
- data/templates/login_environment.rb +32 -0
- data/templates/login_system.rb +24 -10
- data/templates/mock_notify.rb +18 -0
- data/templates/mock_time.rb +17 -0
- data/templates/notify.rb +32 -38
- data/templates/notify_change_password.rhtml +1 -1
- data/templates/notify_forgot_password.rhtml +3 -4
- data/templates/notify_signup.rhtml +2 -2
- data/templates/user.rb +88 -25
- data/templates/user_model.erbsql +16 -0
- data/templates/user_test.rb +21 -21
- data/templates/users.yml +3 -3
- data/templates/view_change_password.rhtml +12 -32
- data/templates/view_edit.rhtml +12 -0
- data/templates/view_forgot_password.rhtml +12 -28
- data/templates/view_login.rhtml +13 -26
- data/templates/view_logout.rhtml +4 -6
- data/templates/view_signup.rhtml +12 -25
- data/templates/view_welcome.rhtml +5 -11
- metadata +11 -6
- data/templates/app-config-development.yml +0 -6
- data/templates/app-config-production.yml +0 -6
- data/templates/app-config-test.yml +0 -6
- data/templates/user_model.sql +0 -15
data/USAGE
CHANGED
@@ -1,27 +1,34 @@
|
|
1
1
|
NAME
|
2
|
-
|
2
|
+
salted_login - creates a functional login system
|
3
3
|
|
4
4
|
SYNOPSIS
|
5
|
-
|
5
|
+
salted_login [Controller name] [Localization Name]
|
6
6
|
|
7
|
-
Good names are Account Myaccount Security
|
7
|
+
Good names are User, Account, Myaccount or Security and Localization
|
8
|
+
or LocalizationSettings.
|
8
9
|
|
9
10
|
DESCRIPTION
|
10
11
|
This generator creates a general purpose login system.
|
11
12
|
|
12
13
|
Included:
|
13
|
-
- a
|
14
|
-
- a
|
15
|
-
- a
|
16
|
-
account creation (i.e., requires account verification from the
|
17
|
-
email address) and supports forgotten and
|
18
|
-
- a mixin which lets you easily add advanced authentication
|
14
|
+
- a model which uses SHA1 encryption and salted hashes for passwords
|
15
|
+
- a controller with signup, login, welcome and logoff actions
|
16
|
+
- a mailer that integrates with the controller to prevent script based
|
17
|
+
account creation (i.e., requires account verification from the
|
18
|
+
registered email address) and supports forgotten and changed passwords
|
19
|
+
- a mixin which lets you easily add advanced authentication
|
19
20
|
features to your abstract base controller
|
20
|
-
- a user_model.sql with the minimal sql required to get the model
|
21
|
+
- a user_model.sql with the minimal sql required to get the model
|
22
|
+
to work.
|
21
23
|
- extensive unit and functional test cases to make sure nothing breaks.
|
24
|
+
- localization support via the localization generator
|
25
|
+
- token based authentication
|
22
26
|
|
23
27
|
EXAMPLE
|
24
|
-
./script/generate
|
28
|
+
./script/generate salted_login User Localization
|
25
29
|
|
26
|
-
This will generate
|
27
|
-
The
|
30
|
+
This will generate a User controller with login and logout methods.
|
31
|
+
The class names are UserController, User (model), and UserNotifier
|
32
|
+
(mailer). It will also generate a module named UserLoginSystem, and
|
33
|
+
invoke the localization generator, which will produce a module named
|
34
|
+
Localization.
|
data/salted_login_generator.rb
CHANGED
@@ -1,22 +1,31 @@
|
|
1
|
-
class SaltedLoginGenerator < Rails::Generator::NamedBase
|
1
|
+
class SaltedLoginGenerator < LocalizationGenerator #Rails::Generator::NamedBase
|
2
2
|
def manifest
|
3
3
|
record do |m|
|
4
|
-
|
4
|
+
m.dependency 'localization', [ARGV[1]]
|
5
|
+
|
6
|
+
# Check for class naming collisions.
|
7
|
+
#m.class_collisions class_path, "#{class_name}Controller", "#{class_name}ControllerTest", "#{class_name}Helper", "#{class_name}LoginSystem"
|
8
|
+
|
5
9
|
# Login module, controller class, functional test, and helper.
|
6
|
-
m.template "login_system.rb", "lib
|
10
|
+
m.template "login_system.rb", "lib/#{file_name}_system.rb"
|
7
11
|
m.template "controller.rb", File.join("app/controllers", class_path, "#{file_name}_controller.rb")
|
8
|
-
m.template "controller_test.rb",
|
12
|
+
m.template "controller_test.rb", "test/functional/#{file_name}_controller_test.rb"
|
9
13
|
m.template "helper.rb", File.join("app/helpers", class_path, "#{file_name}_helper.rb")
|
10
14
|
|
11
15
|
# Model class, unit test, fixtures, and example schema.
|
12
|
-
m.template "user.rb", "app/models
|
13
|
-
m.template "notify.rb", File.join("app/models", "
|
14
|
-
m.template "
|
15
|
-
m.
|
16
|
-
|
17
|
-
m.template "
|
18
|
-
m.template "
|
19
|
-
m.
|
16
|
+
m.template "user.rb", File.join("app/models", class_path, "#{file_name}.rb")
|
17
|
+
m.template "notify.rb", File.join("app/models", class_path, "#{file_name}_notify.rb")
|
18
|
+
m.template "mock_notify.rb", "test/mocks/test/#{file_name}_notify.rb"
|
19
|
+
m.file "mock_time.rb", "test/mocks/test/time.rb"
|
20
|
+
|
21
|
+
m.template "user_test.rb", "test/unit/#{file_name}_test.rb"
|
22
|
+
m.template "users.yml", "test/fixtures/#{plural_name}.yml"
|
23
|
+
m.file "user_model.erbsql", "db/user_model.erbsql"
|
24
|
+
|
25
|
+
# Configuration and miscellaneous
|
26
|
+
m.template "login_environment.rb", "config/environments/#{file_name}_environment.rb"
|
27
|
+
m.file "create_db", "script/create_db"
|
28
|
+
m.template "en.yaml", "lang/en.yaml"
|
20
29
|
|
21
30
|
# Layout and stylesheet.
|
22
31
|
m.template "scaffold:layout.rhtml", "app/views/layouts/scaffold.rhtml"
|
@@ -29,14 +38,20 @@ class SaltedLoginGenerator < Rails::Generator::NamedBase
|
|
29
38
|
File.join("app/views", class_path, file_name, "#{action}.rhtml")
|
30
39
|
end
|
31
40
|
|
32
|
-
|
33
|
-
m.directory File.join("app/views",
|
41
|
+
# Partials
|
42
|
+
m.directory File.join("app/views", class_path, file_name)
|
43
|
+
partial_views.each do |action|
|
44
|
+
m.template "_view_#{action}.rhtml",
|
45
|
+
File.join("app/views", class_path, file_name, "_#{action}.rhtml")
|
46
|
+
end
|
47
|
+
|
48
|
+
m.directory File.join("app/views", "#{singular_name}_notify")
|
34
49
|
notify_views.each do |action|
|
35
50
|
m.template "notify_#{action}.rhtml",
|
36
|
-
File.join("app/views", "
|
51
|
+
File.join("app/views", "#{singular_name}_notify", "#{action}_en.rhtml")
|
37
52
|
end
|
38
53
|
|
39
|
-
m.template "README", "
|
54
|
+
m.template "README", "README_#{class_name.upcase}_LOGIN"
|
40
55
|
end
|
41
56
|
end
|
42
57
|
|
@@ -46,6 +61,10 @@ class SaltedLoginGenerator < Rails::Generator::NamedBase
|
|
46
61
|
%w(welcome login logout signup forgot_password change_password)
|
47
62
|
end
|
48
63
|
|
64
|
+
def partial_views
|
65
|
+
%w(edit password)
|
66
|
+
end
|
67
|
+
|
49
68
|
def notify_views
|
50
69
|
%w(signup forgot_password change_password)
|
51
70
|
end
|
data/templates/README
CHANGED
@@ -1,84 +1,81 @@
|
|
1
1
|
== Installation
|
2
2
|
|
3
|
-
|
4
|
-
|
3
|
+
After generating the login system, edit your app/controllers/application.rb
|
4
|
+
file. The beginning of your ApplicationController should look something like
|
5
|
+
this:
|
5
6
|
|
6
|
-
|
7
|
-
|
8
|
-
to the top of the file and include the login system with
|
9
|
-
|
10
|
-
include LoginSystem
|
11
|
-
|
12
|
-
The beginning of your ApplicationController.
|
13
|
-
It should look something like this :
|
14
|
-
|
15
|
-
require_dependency "login_system"
|
7
|
+
require '<%= file_name %>_system'
|
16
8
|
|
17
9
|
class ApplicationController < ActionController::Base
|
18
|
-
include
|
19
|
-
|
10
|
+
include <%= class_name %>System
|
11
|
+
helper: <%= class_name %>
|
12
|
+
before_filter :login_required
|
20
13
|
|
21
|
-
After you have done the modifications the the
|
22
|
-
the
|
23
|
-
should extend it. If you just want to get
|
24
|
-
some create table syntax in
|
14
|
+
After you have done the modifications the the ApplicationController and its
|
15
|
+
helper, you can import the <%= singular_name %> model into the database. This
|
16
|
+
model is meant as an example and you should extend it. If you just want to get
|
17
|
+
things up and running you can find some create table syntax in
|
18
|
+
db/user_model.sql.
|
25
19
|
|
26
|
-
|
27
|
-
|
20
|
+
You also need to add the following at the end of your config/environment.rb
|
21
|
+
file:
|
28
22
|
|
29
|
-
|
23
|
+
require 'environments/<%= singular_name %>_environment'
|
30
24
|
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
Under the 'enviroments' subdirectory, you'll find
|
35
|
-
app-config-{development, production, test}.yml files. Edit these as appropriate.
|
25
|
+
Under the 'enviroments' subdirectory, you'll find <%= singular_name %>_environment.rb.
|
26
|
+
Edit this file as necessary...
|
36
27
|
|
37
28
|
== Requirements
|
38
29
|
|
39
|
-
You need a database table corresponding to the
|
30
|
+
You need a database table corresponding to the <%= class_name %> model.
|
40
31
|
|
41
32
|
mysql syntax:
|
42
|
-
CREATE TABLE
|
43
|
-
id
|
44
|
-
login
|
45
|
-
password
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
salt
|
50
|
-
verified INT default 0,
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
33
|
+
CREATE TABLE <%= plural_name %> (
|
34
|
+
id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
|
35
|
+
login VARCHAR(80) NOT NULL,
|
36
|
+
password VARCHAR(40) NOT NULL,
|
37
|
+
email VARCHAR(60) NOT NULL,
|
38
|
+
firstname VARCHAR(40) NOT NULL,
|
39
|
+
lastname VARCHAR(40) NOT NULL,
|
40
|
+
salt CHAR(40) NOT NULL,
|
41
|
+
verified INT default 0,
|
42
|
+
role VARCHAR(40) default NULL,
|
43
|
+
security_token CHAR(40) default NULL,
|
44
|
+
token_expiry DATETIME default NULL
|
45
|
+
) TYPE=InnoDB DEFAULT CHARSET=utf8;
|
46
|
+
|
47
|
+
postgres:
|
48
|
+
CREATE TABLE "<%= plural_name %>" (
|
49
|
+
id SERIAL PRIMARY KEY
|
50
|
+
login VARCHAR(80) NOT NULL,
|
51
|
+
password VARCHAR(40) NOT NULL,
|
52
|
+
email VARCHAR(60) NOT NULL,
|
53
|
+
firstname VARCHAR(40) NOT NULL,
|
54
|
+
lastname VARCHAR(40) NOT NULL,
|
55
|
+
salt CHAR(40) NOT NULL,
|
56
|
+
verified INT default 0,
|
57
|
+
role VARCHAR(40) default NULL,
|
58
|
+
security_token CHAR(40) default NULL,
|
59
|
+
token_expiry TIMESTAMP default NULL
|
65
60
|
) WITH OIDS;
|
66
61
|
|
67
|
-
|
68
62
|
sqlite:
|
69
|
-
CREATE TABLE '
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
63
|
+
CREATE TABLE '<%= plural_name %>' (
|
64
|
+
id INTEGER PRIMARY KEY,
|
65
|
+
login VARCHAR(80) NOT NULL,
|
66
|
+
password VARCHAR(40) NOT NULL,
|
67
|
+
email VARCHAR(60) NOT NULL,
|
68
|
+
firstname VARCHAR(40) NOT NULL,
|
69
|
+
lastname VARCHAR(40) NOT NULL,
|
70
|
+
salt CHAR(40) NOT NULL,
|
71
|
+
verified INT default 0,
|
72
|
+
role VARCHAR(40) default NULL,
|
73
|
+
security_token CHAR(40) default NULL,
|
74
|
+
token_expiry DATETIME default NULL
|
78
75
|
);
|
79
76
|
|
80
|
-
Of course your
|
81
|
-
starting point
|
77
|
+
Of course your <%= singular_name %> model can have any amount of extra fields.
|
78
|
+
This is just a starting point
|
82
79
|
|
83
80
|
== How to use it
|
84
81
|
|
@@ -87,14 +84,14 @@ controllers which you would like to protect.
|
|
87
84
|
|
88
85
|
After integrating the login system with your rails application navigate to your
|
89
86
|
new controller's signup method. There you can create a new account. After you
|
90
|
-
are done you should have a look at your DB. Your freshly created
|
91
|
-
there but the password will be a sha1 hashed 40 digit mess. I find
|
92
|
-
be the minimum of security which every page offering login&
|
93
|
-
its customers. Now you can move to one of those
|
94
|
-
with the before_filter :login_required snippet.
|
95
|
-
directed to your freshly created login controller
|
96
|
-
password. After entering valid account data you will be
|
97
|
-
controller which you requested earlier. Simple huh?
|
87
|
+
are done you should have a look at your DB. Your freshly created <%= singular_name %>
|
88
|
+
will be there but the password will be a sha1 hashed 40 digit mess. I find
|
89
|
+
this should be the minimum of security which every page offering login &
|
90
|
+
password should give its customers. Now you can move to one of those
|
91
|
+
controllers which you protected with the before_filter :login_required snippet.
|
92
|
+
You will automatically be re-directed to your freshly created login controller
|
93
|
+
and you are asked for a password. After entering valid account data you will be
|
94
|
+
taken back to the controller which you requested earlier. Simple huh?
|
98
95
|
|
99
96
|
== Tips & Tricks
|
100
97
|
|
@@ -102,9 +99,9 @@ How do I...
|
|
102
99
|
|
103
100
|
... access the user who is currently logged in
|
104
101
|
|
105
|
-
A: You can get the
|
102
|
+
A: You can get the <%= singular_name %> object from the session using @session['<%= singular_name %>']
|
106
103
|
Example:
|
107
|
-
Welcome <%%= @session['
|
104
|
+
Welcome <%%= @session['<%= singular_name %>'].name %>
|
108
105
|
|
109
106
|
... restrict access to only a few methods?
|
110
107
|
|
@@ -115,10 +112,10 @@ How do I...
|
|
115
112
|
|
116
113
|
... check if a user is logged-in in my views?
|
117
114
|
|
118
|
-
A: @session['
|
115
|
+
A: @session['<%= singular_name %>'] will tell you. Here is an example helper which you can use to make this more pretty:
|
119
116
|
Example:
|
120
|
-
def
|
121
|
-
!@session['
|
117
|
+
def <%= singular_name %>?
|
118
|
+
!@session['<%= singular_name %>'].nil?
|
122
119
|
end
|
123
120
|
|
124
121
|
... return a user to the page they came from before logging in?
|
@@ -126,16 +123,14 @@ How do I...
|
|
126
123
|
A: The user will be send back to the last url which called the method "store_location"
|
127
124
|
Example:
|
128
125
|
User was at /articles/show/1, wants to log in.
|
129
|
-
in articles_controller.rb, add store_location to the show function and
|
130
|
-
to the login form.
|
126
|
+
in articles_controller.rb, add store_location to the show function and
|
127
|
+
send the user to the login form.
|
131
128
|
After he logs in he will be send back to /articles/show/1
|
132
129
|
|
133
130
|
|
134
|
-
You can find more help at http://wiki.rubyonrails.com/rails/show/
|
135
|
-
|
131
|
+
You can find more help at http://wiki.rubyonrails.com/rails/show/SaltedLoginGenerator
|
132
|
+
|
136
133
|
== Changelog
|
137
134
|
|
138
|
-
1.0.5
|
139
|
-
1.0.
|
140
|
-
1.0.1 Fixed problem in the readme
|
141
|
-
1.0.0 First gem release
|
135
|
+
1.0.5 Lots of fixes and changes (see rubyforge.org/salted-login)
|
136
|
+
1.0.0 First gem release
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<div class="<%= singular_name %>_edit">
|
2
|
+
<%%= form_input :hidden_field, 'form', :value => 'edit' %>
|
3
|
+
<%%= form_input :hidden_field, 'id' %>
|
4
|
+
|
5
|
+
<table>
|
6
|
+
<%%= form_input changeable(<%= singular_name %>, "firstname"), "firstname" %>
|
7
|
+
<%%= form_input changeable(<%= singular_name %>, "lastname"), "lastname" %>
|
8
|
+
<%%= form_input changeable(<%= singular_name %>, "login"), "login", :size => 30 %><br/>
|
9
|
+
<%%= form_input changeable(<%= singular_name %>, "email"), "email" %>
|
10
|
+
<%% if submit %>
|
11
|
+
<%%= form_input :submit_button, <%= singular_name %>.new_record? ? 'signup' : 'change_settings', :class => 'two_columns' %>
|
12
|
+
<%% end %>
|
13
|
+
</table>
|
14
|
+
</div>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<div class="<%= singular_name %>_password">
|
2
|
+
<%%= form_input :hidden_field, 'form', :value => 'change_password' %>
|
3
|
+
<%%= form_input :hidden_field, 'id' %>
|
4
|
+
|
5
|
+
<table>
|
6
|
+
<%%= form_input :password_field, "password", :size => 30 %>
|
7
|
+
<%%= form_input :password_field, "password_confirmation", :size => 30 %>
|
8
|
+
<%% if submit %>
|
9
|
+
<%%= form_input :submit_button, 'change_password' %>
|
10
|
+
<%% end %>
|
11
|
+
</table>
|
12
|
+
</div>
|
data/templates/controller.rb
CHANGED
@@ -1,114 +1,154 @@
|
|
1
1
|
class <%= class_name %>Controller < ApplicationController
|
2
|
-
model
|
2
|
+
model :<%= singular_name %>
|
3
3
|
layout 'scaffold'
|
4
4
|
|
5
|
-
before_filter :login_required, :only => [:change_password]
|
6
|
-
|
7
5
|
def login
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
@login = @params['user']['login']
|
17
|
-
flash['message'] = "Login unsuccessful"
|
18
|
-
end
|
19
|
-
when :get
|
20
|
-
@user = User.new
|
6
|
+
generate_blank
|
7
|
+
@<%= singular_name %> = <%= class_name %>.new(@params['<%= singular_name %>'])
|
8
|
+
if @session['<%= singular_name %>'] = <%= class_name %>.authenticate(@params['<%= singular_name %>']['login'], @params['<%= singular_name %>']['password'])
|
9
|
+
flash['notice'] = l(:<%= singular_name %>_login_succeeded)
|
10
|
+
redirect_back_or_default :action => 'welcome'
|
11
|
+
else
|
12
|
+
@login = @params['<%= singular_name %>']['login']
|
13
|
+
flash.now['message'] = l(:<%= singular_name %>_login_failed)
|
21
14
|
end
|
22
15
|
end
|
23
16
|
|
24
17
|
def signup
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
18
|
+
generate_blank
|
19
|
+
@params['<%= singular_name %>'].delete('form')
|
20
|
+
@<%= singular_name %> = <%= class_name %>.new(@params['<%= singular_name %>'])
|
21
|
+
begin
|
22
|
+
<%= class_name %>.transaction(@<%= singular_name %>) do
|
23
|
+
if @<%= singular_name %>.save
|
24
|
+
key = @<%= singular_name %>.generate_security_token
|
25
|
+
url = url_for(:action => 'welcome')
|
26
|
+
url += "?<%= singular_name %>[id]=#{@<%= singular_name %>.id}&key=#{key}"
|
27
|
+
<%= class_name %>Notify.deliver_signup(@<%= singular_name %>, @params['<%= singular_name %>']['password'], url)
|
28
|
+
flash['notice'] = l(:<%= singular_name %>_signup_succeeded)
|
29
|
+
redirect_to :action => 'login'
|
36
30
|
end
|
37
|
-
rescue
|
38
|
-
flash['message'] = "Error creating account: confirmation email not sent"
|
39
31
|
end
|
40
|
-
|
41
|
-
|
42
|
-
end
|
32
|
+
rescue
|
33
|
+
flash.now['message'] = l(:<%= singular_name %>_confirmation_email_error)
|
34
|
+
end
|
43
35
|
end
|
44
36
|
|
45
37
|
def logout
|
46
|
-
@session['
|
38
|
+
@session['<%= singular_name %>'] = nil
|
47
39
|
redirect_to :action => 'login'
|
48
40
|
end
|
49
41
|
|
50
42
|
def change_password
|
43
|
+
generate_filled_in
|
44
|
+
@params['<%= singular_name %>'].delete('form')
|
45
|
+
begin
|
46
|
+
<%= class_name %>.transaction(@<%= singular_name %>) do
|
47
|
+
@<%= singular_name %>.change_password(@params['<%= singular_name %>']['password'], @params['<%= singular_name %>']['password_confirmation'])
|
48
|
+
if @<%= singular_name %>.save
|
49
|
+
<%= class_name %>Notify.deliver_change_password(@<%= singular_name %>, @params['<%= singular_name %>']['password'])
|
50
|
+
flash.now['notice'] = l(:<%= singular_name %>_updated_password, "#{@<%= singular_name %>.email}")
|
51
|
+
end
|
52
|
+
end
|
53
|
+
rescue
|
54
|
+
flash.now['message'] = l(:<%= singular_name %>_change_password_email_error)
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
def forgot_password
|
59
|
+
# Always redirect if logged in
|
60
|
+
if <%= singular_name %>?
|
61
|
+
flash['message'] = l(:<%= singular_name %>_forgot_password_logged_in)
|
62
|
+
redirect_to :action => 'change_password'
|
63
|
+
return
|
64
|
+
end
|
65
|
+
|
51
66
|
case @request.method
|
52
|
-
|
53
|
-
|
67
|
+
# Render on :get
|
68
|
+
when :get
|
69
|
+
@user = User.new
|
70
|
+
render
|
71
|
+
end
|
72
|
+
|
73
|
+
# Handle the :post
|
74
|
+
if @params['<%= singular_name %>']['email'].empty?
|
75
|
+
flash.now['message'] = l(:<%= singular_name %>_enter_valid_email_address)
|
76
|
+
elsif (<%= singular_name %> = <%= class_name %>.find_by_email(@params['<%= singular_name %>']['email'])).nil?
|
77
|
+
flash.now['message'] = l(:<%= singular_name %>_email_address_not_found, "#{@params['<%= singular_name %>']['email']}")
|
78
|
+
else
|
54
79
|
begin
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
end
|
80
|
+
<%= class_name %>.transaction(<%= singular_name %>) do
|
81
|
+
key = <%= singular_name %>.generate_security_token
|
82
|
+
url = url_for(:action => 'change_password')
|
83
|
+
url += "?<%= singular_name %>[id]=#{<%= singular_name %>.id}&key=#{key}"
|
84
|
+
<%= class_name %>Notify.deliver_forgot_password(<%= singular_name %>, url)
|
85
|
+
flash['notice'] = l(:<%= singular_name %>_forgotten_password_emailed, "#{@params['<%= singular_name %>']['email']}")
|
86
|
+
redirect_to :action => 'login' unless <%= singular_name %>?
|
87
|
+
redirect_back_or_default :action => 'welcome'
|
64
88
|
end
|
65
89
|
rescue
|
66
|
-
flash['message'] =
|
90
|
+
flash.now['message'] = l(:<%= singular_name %>_forgotten_password_email_error, "#{@params['<%= singular_name %>']['email']}")
|
67
91
|
end
|
68
|
-
when :get
|
69
|
-
@user = User.new
|
70
92
|
end
|
71
93
|
end
|
72
94
|
|
73
|
-
def
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
95
|
+
def edit
|
96
|
+
generate_filled_in
|
97
|
+
if @params['<%= singular_name %>']['form']
|
98
|
+
form = @params['<%= singular_name %>'].delete('form')
|
99
|
+
oid = @params['<%= singular_name %>'].delete('id')
|
100
|
+
begin
|
101
|
+
case form
|
102
|
+
when "edit"
|
103
|
+
changeable_fields = ['firstname', 'lastname']
|
104
|
+
params = @params['<%= singular_name %>'].delete_if { |k,v| not changeable_fields.include?(k) }
|
105
|
+
@<%= singular_name %>.attributes = params
|
106
|
+
@<%= singular_name %>.save
|
107
|
+
when "change_password"
|
108
|
+
change_password
|
82
109
|
else
|
83
|
-
|
84
|
-
User.transaction(@user) do
|
85
|
-
pass = @user.makepass
|
86
|
-
@user.change_password(pass)
|
87
|
-
if @user.save
|
88
|
-
Notify.deliver_forgot_password(@user, pass)
|
89
|
-
flash['notice'] = "Your new password has been emailed to #{@params['user']['email']}"
|
90
|
-
@user = nil
|
91
|
-
redirect_to :action => 'login' unless !@session['user'].nil?
|
92
|
-
redirect_back_or_default :action => 'welcome'
|
93
|
-
end
|
94
|
-
end
|
95
|
-
rescue
|
96
|
-
flash['message'] = "Your password could not be emailed to #{@params['user']['email']}"
|
97
|
-
end
|
110
|
+
raise "unknown edit action"
|
98
111
|
end
|
99
112
|
end
|
100
|
-
when :get
|
101
|
-
@user = User.new
|
102
113
|
end
|
103
114
|
end
|
104
115
|
|
105
|
-
def
|
106
|
-
|
107
|
-
|
108
|
-
|
116
|
+
def delete
|
117
|
+
if @params['id']
|
118
|
+
<%= singular_name %> = <%= class_name %>.find(@params['id'])
|
119
|
+
<%= singular_name %>.destroy()
|
120
|
+
end
|
109
121
|
redirect_to :action => 'login'
|
110
122
|
end
|
111
|
-
|
123
|
+
|
112
124
|
def welcome
|
113
125
|
end
|
126
|
+
|
127
|
+
protected
|
128
|
+
|
129
|
+
def protect?(action)
|
130
|
+
if ['login', 'signup', 'forgot_password'].include?(action)
|
131
|
+
return false
|
132
|
+
else
|
133
|
+
return true
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
# Generate a template <%= singular_name %> for certain actions on get
|
138
|
+
def generate_blank
|
139
|
+
case @request.method
|
140
|
+
when :get
|
141
|
+
@<%= singular_name %> = <%= class_name %>.new
|
142
|
+
render
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
# Generate a template <%= singular_name %> for certain actions on get
|
147
|
+
def generate_filled_in
|
148
|
+
@<%= singular_name %> = @session['<%= singular_name %>']
|
149
|
+
case @request.method
|
150
|
+
when :get
|
151
|
+
render
|
152
|
+
end
|
153
|
+
end
|
114
154
|
end
|