sidonath-authlogic_rpx 1.0.4b

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG.rdoc ADDED
@@ -0,0 +1,25 @@
1
+ == 1.0.4 released 2009-10-10
2
+
3
+ * added new hooks for profile mapping (Session.map_rpx_data_each_login, ActsAsAuthentic.map_added_rpx_data) based on suggestion by trosser (github issue #5)
4
+ * now supporting obtrusive (javascript pop-over) and unobtrusive (link) RPX pop-up sign-in forms. See rpx_popup method. (github issue #4)
5
+ * updated support for rpx_now gem version 0.6.6
6
+ * documentation updates
7
+
8
+ == 1.0.3 released 2009-10-07
9
+
10
+ * added general error handler for session validation to give clean 'failure' when underlying errors encountered (e.g. user model database constraint violation)
11
+ * updated documentation
12
+
13
+ == 1.0.2 released 2009-09-27
14
+
15
+ * Fixed issue with rpx_popup that was causing an error on some webkit-based browsers (incl chrome)
16
+
17
+ == 1.0.1 released 2009-09-26
18
+
19
+ * Initial public release
20
+ * RPX profile mappings switched to use indirect Authlogic field naming
21
+ * Documentation updated
22
+
23
+ == 1.0.0 released 2009-09-25
24
+
25
+ * Initial release
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2009 Paul Gallagher (tardate.com)
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/Manifest ADDED
@@ -0,0 +1,20 @@
1
+ CHANGELOG.rdoc
2
+ MIT-LICENSE
3
+ Manifest
4
+ README.rdoc
5
+ Rakefile
6
+ authlogic_rpx.gemspec
7
+ init.rb
8
+ lib/authlogic_rpx.rb
9
+ lib/authlogic_rpx/acts_as_authentic.rb
10
+ lib/authlogic_rpx/helper.rb
11
+ lib/authlogic_rpx/session.rb
12
+ lib/authlogic_rpx/version.rb
13
+ rails/init.rb
14
+ test/acts_as_authentic_test.rb
15
+ test/fixtures/users.yml
16
+ test/libs/rails_trickery.rb
17
+ test/libs/user.rb
18
+ test/libs/user_session.rb
19
+ test/session_test.rb
20
+ test/test_helper.rb
data/README.rdoc ADDED
@@ -0,0 +1,554 @@
1
+ = Authlogic RPX
2
+
3
+ == Purpose
4
+
5
+ Authlogic RPX is an Authlogic extension library that provides support for authentication using the RPX multi-authentication service offered by JanRain. To use RPX, you must first register your application at {RPX}[http://rpxnow.com/]. A free "Basic" account is available, in addition to paid enhanced versions. All work with Authlogic_RPX.
6
+
7
+ Key features and capabilities:
8
+ * Auto-registration by default following RPX authentication (can be disabled if required)
9
+ * Can allow users to enable RPX authentication for their existing password-enabled accounts
10
+ * View helpers to assist with inserting login fragments in pages
11
+ * Can co-exist with standard password authentication
12
+
13
+
14
+ == Authlogic_RPX References
15
+
16
+ * <b>Authlogic_RPX gem repo:</b> [http://github.com/tardate/authlogic_rpx]
17
+ * <b>Authlogic_RPX issues and feedback:</b> [http://github.com/tardate/authlogic_rpx/issues]
18
+
19
+ The demonstration Rails application is where you can see Authlogic_RPX in action:
20
+
21
+ * <b>Live Demonstration Site:</b> [http://rails-authlogic-rpx-sample.heroku.com]
22
+ * <b>Demonstration site source repository:</b> [http://github.com/tardate/rails-authlogic-rpx-sample]
23
+
24
+ == Authlogic and RPX References
25
+
26
+ * <b>Authlogic documentation:</b> [http://rdoc.info/projects/binarylogic/authlogic]
27
+ * <b>Authlogic repo:</b> [http://github.com/binarylogic/authlogic]
28
+ * <b>RPX documentation:</b> [https://rpxnow.com/docs]
29
+ * <b>RPX_now gem repo:</b> [http://github.com/grosser/rpx_now]
30
+
31
+
32
+ == Installing Authlogic RPX gem
33
+
34
+ Three gems are required: authlogic, grosser-rpx_now, and authlogic_rpx. Install these as appropriate to your environment and preferences.
35
+
36
+ Currently tested versions:
37
+ * authlogic 2.1.2,2.1.1
38
+ * rpx_now 0.6.6
39
+ * authlogic_rpx 1.0.4
40
+
41
+
42
+ === 1. Direct gem installation
43
+
44
+ sudo gem install authlogic
45
+ sudo gem install rpx_now --source http://gemcutter.org
46
+ sudo gem install authlogic_rpx --source http://gemcutter.org
47
+
48
+
49
+ === 2. Using Rails config.gems
50
+
51
+ Include in config/environment.rb:
52
+
53
+ config.gem 'authlogic', :version => '>= 2.1.1'
54
+ config.gem 'rpx_now', :version => '>= 0.6.6', :source => 'http://gemcutter.org'
55
+ config.gem 'authlogic_rpx', :version => '>= 1.0.4', :source => 'http://gemcutter.org'
56
+
57
+ Then to install, run from the command line:
58
+
59
+ sudo rake gems:install
60
+
61
+
62
+ === 3. Using .gems file (e.g for heroku.com deployments)
63
+
64
+ Include in RAILS_ROOT/.gems:
65
+
66
+ authlogic --version '>= 2.1.1'
67
+ rpx_now --version '>= 0.6.6' --source gemcutter.org
68
+ authlogic_rpx --version '>= 1.0.4' --source gemcutter.org
69
+
70
+
71
+ == Using Authlogic RPX
72
+
73
+ <i>Note: in what follows, the user model is called User and the session controller takes the name UserSession (the authlogic convention). You are not restricted to these names - could be Member and MemberSession for example - but for simplicity, this documentation will stick to using the "User" convention.</i>
74
+
75
+ Using Authlogic RPX is very similar to using standard authlogic, with the addition of just a few configuration options. So if you already have a project setup with authlogic, adding RPX support will be trivial.
76
+
77
+ An important capability to be aware of is "auto registration". This means that when a user has logged in with RPX, if an account does not already exist in your application, it will be automatically created. That is, there is no separate/special "register" step for users to go through before just signing in. You can disable this if you need, but for most sites that use RPX as a primary authentication mechanism, this is probably what you want to happen.
78
+
79
+ The main steps for enabling Authlogic RPX:
80
+ * 1. Enable RPX for your user model
81
+ * 2. Add RPX configuration for the Authlogic session model
82
+ * 3. Add custom user profile mapping (optional)
83
+ * 4. Add application controller helpers: current_user, current_user_session
84
+ * 5. Setup the Authlogic session controller
85
+ * 6. Setup the Authlogic user controller
86
+ * 7. Use view helpers to provide login links
87
+ * 8. Allow users to "Add RPX" to existing accounts (optional)
88
+
89
+
90
+ === 1. Enable RPX for your user model
91
+
92
+ The user model will have a has_many relationship with a new model, called RPXIdentifier. Create a migration which creates a table for this model.
93
+
94
+ You may need to remove database constraints on other fields if they will be unused in the RPX case (e.g. crypted_password and password_salt to make password authentication optional).
95
+
96
+ If you are using auto-registration, you must also remove any database constraints for fields that will be automatically mapped (see notes in "3. Add custom user profile mapping during auto-registration")
97
+
98
+ class CreateRPXIdentifiers < ActiveRecord::Migration
99
+ def self.up
100
+ create_table :rpx_identifiers do |t|
101
+ t.string :identifier
102
+ t.integer :user_id
103
+
104
+ t.index :identifier, :user_id
105
+ t.index :user_id, :identifier
106
+
107
+ t.timestamps
108
+ end
109
+
110
+ [:crypted_password, :password_salt].each do |field|
111
+ change_column :users, field, :string, :default => nil, :null => true
112
+ end
113
+ end
114
+
115
+ def self.down
116
+ drop_table :rpx_identifiers
117
+
118
+ [:crypted_password, :password_salt].each do |field|
119
+ User.all(:conditions => "#{field} is NULL").each { |user| user.update_attribute(field, "") if user.send(field).nil? }
120
+ change_column :users, field, :string, :default => "", :null => false
121
+ end
122
+ end
123
+ end
124
+
125
+ The RPXIdentifier model should look like this
126
+
127
+ class RPXIdentifier < ActiveRecord::Base
128
+ belongs_to :user
129
+ validates_presence_of :identifier
130
+ validates_presence_of :user_id
131
+ end
132
+
133
+
134
+ The user model then needs to be tagged with "acts_as_authentic". authlogic_rpx automatically adds to the user model the relationship with RPXIdentifiers.
135
+
136
+ class User < ActiveRecord::Base
137
+ acts_as_authentic do |c|
138
+ c.my_config_option = my_value # for available options see documentation in: Authlogic::ActsAsAuthentic
139
+ end # block optional
140
+
141
+ # not needed -- this relationship is automatically added by authlogic_rpx
142
+ # has_many :rpx_identifiers, :class_name => 'RPXIdentifier'
143
+ end
144
+
145
+ {See the source for the sample user.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/models/user.rb].
146
+
147
+
148
+ === 2. Add RPX configuration for the Authlogic session model
149
+
150
+ Authlogic provides a helper to create the session model:
151
+
152
+ script/generate session user_session
153
+
154
+ The minimum configuration required is to add your RPX_API_KEY:
155
+
156
+ class UserSession < Authlogic::Session::Base
157
+ rpx_key RPX_API_KEY
158
+ end
159
+
160
+ Get an API key by registering your application at {RPX}[http://rpxnow.com/]. A free "Basic" account is available, in addition to paid enhanced versions. All work with Authlogic_RPX.
161
+
162
+ You probably don't want to put your API key in directly. A recommended approach is to set the key as an environment variable, and then set it as a constant in config/environment.rb:
163
+
164
+ RPX_API_KEY = ENV['RPX_API_KEY']
165
+
166
+ Two additional RPX-specific session configuration options are available.
167
+ * auto_register: enable/disable user auto-registration (enabled by default)
168
+ * rpx_extended_info: enable/disable extended profile information in the RPX authentication (disabled by default)
169
+
170
+ For example, to disable auto-registration and enable extended info:
171
+
172
+ class UserSession < Authlogic::Session::Base
173
+ rpx_key RPX_API_KEY
174
+ auto_register false
175
+ rpx_extended_info
176
+ end
177
+
178
+ {See the source for the sample user_session.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/models/user_session.rb].
179
+
180
+ === 3. Add custom user profile mapping (optional)
181
+
182
+ Authlogic_rpx provides three hooks for mapping information from the RPX profile into your application's user model:
183
+
184
+ * map_rpx_data: user profile mapping during auto-registration
185
+ * map_rpx_data_each_login: user profile mapping during login
186
+ * map_added_rpx_data: user profile mapping when adding RPX to an existing account
187
+
188
+ See https://rpxnow.com/docs#profile_data for the definition of available attributes in the RPX profile.
189
+
190
+ === 3a. map_rpx_data: user profile mapping during auto-registration
191
+
192
+ When users auto-register, profile data from RPX is available to be inserted in the user's record on your site. By default, authlogic_rpx will map the username and email fields.
193
+
194
+ If you have other fields you want to map, you can provide your own implementation of the map_rpx_data method in the UserSession model. In that method, you will be updating the "self.attempted_record" object, with information from the "@rpx_data" object. See the {RPX documentation}[https://rpxnow.com/docs#profile_data] to find out about the set of information that is available.
195
+
196
+ class UserSession < Authlogic::Session::Base
197
+ rpx_key RPX_API_KEY
198
+ rpx_extended_info
199
+
200
+ private
201
+
202
+ # map_rpx_data maps additional fields from the RPX response into the user object
203
+ # override this in your session controller to change the field mapping
204
+ # see https://rpxnow.com/docs#profile_data for the definition of available attributes
205
+ #
206
+ def map_rpx_data
207
+ # map core profile data using authlogic indirect column names
208
+ self.attempted_record.send("#{klass.login_field}=", @rpx_data['profile']['preferredUsername'] ) if attempted_record.send(klass.login_field).blank?
209
+ self.attempted_record.send("#{klass.email_field}=", @rpx_data['profile']['email'] ) if attempted_record.send(klass.email_field).blank?
210
+
211
+ # map some other columns explicitly
212
+ self.attempted_record.fullname = @rpx_data['profile']['displayName'] if attempted_record.fullname.blank?
213
+
214
+ if rpx_extended_info?
215
+ # map some extended attributes
216
+ end
217
+ end
218
+
219
+ end
220
+
221
+ {See the source for the sample user_session.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/models/user_session.rb].
222
+
223
+ WARNING: if you are using auto-registration, any fields you map should NOT have constraints enforced at the database level.
224
+ Authlogic_rpx will optimistically attempt to save the user record during registration, and violating a database constraint will cause the authentication/registration to fail.
225
+
226
+ You can/should enforce any required validations at the model level e.g.
227
+
228
+ validates_uniqueness_of :username, :case_sensitive => false
229
+
230
+ This will allow the auto-registration to proceed, and the user can be given a chance to rectify the validation errors on your user profile page.
231
+
232
+ If it is not acceptable in your application to have user records created with potential validation errors in auto-populated fields, you will need to override map_rpx_data and implement whatever special handling makes sense in your case. For example:
233
+
234
+ * directly check for uniqueness and other validation requirements
235
+ * automatically "uniquify" certain fields like username
236
+ * save conflicting profile information to "pending user review" columns or a seperate table
237
+
238
+
239
+ ==== 3b. map_rpx_data_each_login: user profile mapping during login
240
+
241
+ map_rpx_data_each_login provides a hook to allow you to map RPX profile information every time the user logs in.
242
+
243
+ By default, nothing is mapped. If you have other fields you want to map, you can provide your own implementation of the map_rpx_data_each_login method in the UserSession model.
244
+
245
+ This would mainly be used to update relatively volatile information that you are maintaining in the user model (such as profile image url)
246
+
247
+ In the map_rpx_data_each_login procedure, you will be writing to fields of the "self.attempted_record" object, pulling data from the @rpx_data object. For example:
248
+
249
+ def map_rpx_data_each_login
250
+ # we'll always update photo_url
251
+ self.attempted_record.photo_url = @rpx_data['profile']['photo']
252
+ end
253
+
254
+ {See the source for the sample user_session.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/models/user_session.rb].
255
+
256
+
257
+ ==== 3c. map_added_rpx_data: user profile mapping when adding RPX to an existing account
258
+
259
+ map_added_rpx_data maps additional fields from the RPX response into the user object during the "add RPX to existing account" process.
260
+
261
+ By default, it only maps the rpx_identifier field. If you have other fields you want to map, you can provide your own implementation of the map_added_rpx_data method in the User model (NOT UserSession, unlike for map_rpx_data and map_rpx_data_each_login).
262
+
263
+ NB: If you override this method, you will be responsible for also mapping the rpx_identifier.
264
+
265
+ In the map_added_rpx_data procedure, you will be writing to fields of the "self" object, pulling data from the rpx_data parameter. For example:
266
+
267
+ def map_added_rpx_data( rpx_data )
268
+ self.rpx_identifiers.create( :identifier => rpx_data['profile']['identifier'] )
269
+
270
+ # map some additional fields, e.g. photo_url
271
+ self.photo_url = rpx_data['profile']['photo'] if photo_url.blank?
272
+ end
273
+
274
+ {See the source for the sample user.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/models/user.rb].
275
+
276
+
277
+ === 4. Add application controller helpers: current_user, current_user_session
278
+
279
+ We'll add current_user and current_user_session helpers. These can then be used in controllers and views to get a handle on the "current" logged in user.
280
+
281
+ class ApplicationController < ActionController::Base
282
+ helper :all # include all helpers, all the time
283
+ protect_from_forgery # See ActionController::RequestForgeryProtection for details
284
+
285
+ # Scrub sensitive parameters from your log
286
+ filter_parameter_logging :password, :password_confirmation
287
+
288
+ helper_method :current_user, :current_user_session
289
+
290
+ private
291
+
292
+ def current_user_session
293
+ return @current_user_session if defined?(@current_user_session)
294
+ @current_user_session = UserSession.find
295
+ end
296
+
297
+ def current_user
298
+ return @current_user if defined?(@current_user)
299
+ @current_user = current_user_session && current_user_session.record
300
+ end
301
+ end
302
+
303
+ {See the source for the sample user_session_controller.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/controllers/application_controller.rb].
304
+
305
+
306
+ === 5. Setup the Authlogic session controller
307
+
308
+ If you don't already have a user session controller, create one. There are four actions of significance for authlogic_rpx:
309
+
310
+ $ script/generate controller user_sessions index new create destroy
311
+
312
+ {See the source for the sample user_session_controller.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/controllers/user_sessions_controller.rb].
313
+
314
+ In config/routes.rb we can define the standard routes for this controller and two named routes for the main login/out (or singin/out if you prefer that terminology):
315
+
316
+ map.signin "signin", :controller => "user_sessions", :action => "new"
317
+ map.signout "signout", :controller => "user_sessions", :action => "destroy"
318
+ map.resources :user_sessions
319
+
320
+ ==== index
321
+ This is where RPX will return to if the user cancelled the login process, so it needs to be handled. You probably just want to redirect the user to an appropriate alternative:
322
+
323
+ def index
324
+ redirect_to current_user ? root_url : new_user_session_url
325
+ end
326
+
327
+ ==== new
328
+ Typically used to render a login form
329
+
330
+ def new
331
+ @user_session = UserSession.new
332
+ end
333
+
334
+ ==== create
335
+ This is where the magic happens for authentication. Authlogic hides all the underlying wiring, and you just need to "save" the session!
336
+
337
+ Authlogic_rpx provides two additional methods that you might want to use to tailor you application behaviour:
338
+ * new_registration? - if a new registration, e.g. force them to go via a registration follow-up page
339
+ * registration_complete? - if registration details not complete, e.g. bounce the user over the profile editing page
340
+
341
+ def create
342
+ @user_session = UserSession.new(params[:user_session])
343
+ if @user_session.save
344
+ if @user_session.new_registration?
345
+ flash[:notice] = "Welcome! As a new user, please review your registration details before continuing.."
346
+ redirect_to edit_user_path( :current )
347
+ else
348
+ if @user_session.registration_complete?
349
+ flash[:notice] = "Successfully signed in."
350
+ redirect_back_or_default articles_path
351
+ else
352
+ flash[:notice] = "Welcome back! Please complete required registration details before continuing.."
353
+ redirect_to edit_user_path( :current )
354
+ end
355
+ end
356
+ else
357
+ flash[:error] = "Failed to login or register."
358
+ redirect_to new_user_session_path
359
+ end
360
+ end
361
+
362
+ ==== destroy
363
+ The logout action..
364
+
365
+ def destroy
366
+ @user_session = current_user_session
367
+ @user_session.destroy if @user_session
368
+ flash[:notice] = "Successfully signed out."
369
+ redirect_to articles_path
370
+ end
371
+
372
+
373
+ === 6. Setup the Authlogic user controller
374
+
375
+ The users controller handles the actual user creation and editing actions. In it's standard form, it looks like any other controller with an underlying ActiveRecord model.
376
+
377
+ There are five basic actions to consider. If you don't already have a controller, create it:
378
+
379
+ $ script/generate controller users new create edit show update
380
+
381
+ {See the source for the sample users_controller.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/controllers/users_controller.rb].
382
+
383
+ The users controller just needs standard routes defined in config/routes.rb:
384
+
385
+ map.resources :users
386
+
387
+ ==== new
388
+ Stock standard form for a user to register on the site. Only required if you will allow users to register without using RPX auto-registration (using standard password authentication).
389
+
390
+ def new
391
+ @user = User.new
392
+ end
393
+
394
+ ==== create
395
+ As for new, stock standard and only required if you will allow users to register without using RPX auto-registration.
396
+
397
+ def create
398
+ @user = User.new(params[:user])
399
+ if @user.save
400
+ flash[:notice] = "Successfully registered user."
401
+ redirect_to articles_path
402
+ else
403
+ render :action => 'new'
404
+ end
405
+ end
406
+
407
+ ==== show
408
+ Display's the user's profile. Uses the current_user helper that we'll include in the application controller.
409
+
410
+ def show
411
+ @user = current_user
412
+ end
413
+
414
+ ==== edit
415
+ Allows the user to edit their profile. Calling valid? will ensure any validation errors are highlighted. This can be relevant with RPX since auto-registration may not include all the profile data you want to make "mandatory" for normal users.
416
+
417
+ def edit
418
+ @user = current_user
419
+ @user.valid?
420
+ end
421
+
422
+ ==== update
423
+ Handles the submission of the edit form. Again, uses the current_user helper that we'll include in the application controller.
424
+
425
+ def update
426
+ @user = current_user
427
+ @user.attributes = params[:user]
428
+ if @user.save
429
+ flash[:notice] = "Successfully updated user."
430
+ redirect_back_or_default articles_path
431
+ else
432
+ render :action => 'edit'
433
+ end
434
+ end
435
+
436
+
437
+ === 7. Use view helpers to provide login links
438
+
439
+ So how to put a "login" link on your page? Two helper methods are provided:
440
+ * <b>rpx_popup</b> helper to insert a link to pop-up RPX login
441
+ * <b>rpx_embed</b> helper to insert an embedded iframe RPX login form
442
+
443
+ Each takes an options hash:
444
+ * <tt>link_text:</tt> text to use in the link (only used by rpx_popup)
445
+ * <tt>app_name:</tt> name of the application you set when registering your service at rpxnow.com (will be prepended to RPX domain and used in RPX dialogues)
446
+ * <tt>return_url:</tt> url for the RPX callback (e.g. user_sessions_url)
447
+ * <tt>add_rpx:</tt> Optional. If true, requests RPX callback to add to current session. Else runs normal authentication process (default). See "7. Allow users to "Add RPX" to existing accounts"
448
+ * <tt>unobtrusive:</tt> true/false; sets javascript style for link. unobtrusive=true links directly to rpxnow site, whereas unobtrusive=false does a javascript pop-over. Default: true (only used by rpx_popup)
449
+
450
+ For example, to insert a login link in a navigation bar is as simple as this:
451
+
452
+ &lt;div id="user_nav"&gt;
453
+ &lt;%= link_to "Home", root_path %&gt; |
454
+ &lt;% if current_user %&gt;
455
+ &lt;%= link_to "Profile", user_path(:current) %&gt; |
456
+ &lt;%= link_to "Sign out", signout_path %&gt;
457
+ &lt;% else %&gt;
458
+ &lt;%= rpx_popup( :link_text => "Register/Sign in with RPX..", :app_name => "rails-authlogic-rpx-sample", :return_url => user_sessions_url, :unobtrusive => false ) %>&gt;
459
+ &lt;% end %&gt;
460
+ &lt;/div&gt;
461
+
462
+ === 8. Allow users to "Add RPX" to existing accounts (optional)
463
+
464
+ If you got this far and have a working application, you are ready to go, especially if you only plan to support RPX authentication.
465
+
466
+ However, if you support other authentication methods (e.g. by password), you probably want the ability to let user's add RPX to an existing account. This is not possible by default, however adding it is simply a matter of providing another method on your user controller.
467
+
468
+ The route may be called anything you like. Let's use "addrpxauth" for example.
469
+
470
+ # This action has the special purpose of receiving an update of the RPX identity information
471
+ # for current user - to add RPX authentication to an existing non-RPX account.
472
+ # RPX only supports :post, so this cannot simply go to update method (:put)
473
+ def addrpxauth
474
+ @user = current_user
475
+ if @user.save
476
+ flash[:notice] = "Successfully added RPX authentication for this account."
477
+ render :action => 'show'
478
+ else
479
+ render :action => 'edit'
480
+ end
481
+ end
482
+
483
+ {This is demonstrated in the sample users_controller.rb}[http://github.com/tardate/rails-authlogic-rpx-sample/blob/master/app/controllers/users_controller.rb].
484
+
485
+ You'll note this is almost identical to the "update". The main difference is that it needs to be enabled for :post by RPX. In config/routes.rb:
486
+
487
+ map.addrpxauth "addrpxauth", :controller => "users", :action => "addrpxauth", :method => :post
488
+
489
+ To make an "Add RPX authentication for this account.." link, use rpx_popup as for normal RPX login, but set the return_url to the "addrpxauth" callback you have provided, and set the option :add_rpx to tru:
490
+
491
+ &lt;%= rpx_popup( :link_text =&gt; "Add RPX authentication for this account..", :app_name =&gt; RPX_APP_NAME, :return_url =&gt; addrpxauth_url, :add_rpx =&gt; true, :unobtrusive =&gt; false ) %&gt;
492
+
493
+
494
+ === 9. There is no 9
495
+
496
+ That's all there is. To see Authlogic_RPX in action, check out the demonstration Rails application:
497
+ * <b>Live Demonstration Site:</b> [http://rails-authlogic-rpx-sample.heroku.com]
498
+ * <b>Demonstration site source repository:</b> [http://github.com/tardate/rails-authlogic-rpx-sample]
499
+
500
+
501
+ == Improving Authlogic_RPX: next steps; how to help
502
+
503
+ Authlogic_RPX is open source and hosted on {github}[http://github.com/tardate/authlogic_rpx]. Developer's are welcome to fork and play - if you have improvements or bug fixes, just send a request to pull from your fork.
504
+
505
+ If you have issues or feedback, please log them in the {issues list on github}[http://github.com/tardate/authlogic_rpx/issues]
506
+
507
+ Some of the improvements currently on the radar:
508
+ * Still figuring out how to write some good automated tests
509
+ * Implement/verify support for RPX "paid" service features of their "Plus" and "Pro" accounts (to date, only tested with free RPX "Basic" account)
510
+
511
+
512
+ == Note on programmatically grabbing an authenticated session
513
+
514
+ If you need to programmatically perform proxy authentication as a specific user (e.g. to run a batch process on behalf of the user), authlogic provides the necessary capability and this can be used with RPX-authenticated users too:
515
+
516
+ app.get "/" # force Authlogic::Session::Base.controller activation
517
+ user = User.find(:first)
518
+ session = UserSession.create(user, true) # skip authentication and log the user in directly, the true means "remember me"
519
+ session.valid?
520
+ => true
521
+
522
+
523
+ == Internals
524
+
525
+ Some design principles:
526
+ * Attempted to stay as close to binarylogic's "unobtrusive authentication" sensibility in Authlogic design
527
+ * All direct RPX processing is handled in the AuthlogicRpx::Session class (not in the ActiveRecord model)
528
+ * It uses the plug-in architecture introduced in Authlogic v2.0.
529
+
530
+ ==== building the gem
531
+
532
+ * increment the version in lib/authlogic_rpx/version.rb
533
+ * update gem version refs in README.rdoc
534
+ * update CHANGELOG.rdoc
535
+
536
+ # update manifest file
537
+ $ rake manifest
538
+ # update gemspec
539
+ $ rake build_gemspec
540
+ # build the gem
541
+ gem build authlogic_rpx.gemspec
542
+ # push the gem to gemcutter (e.g. for version 1.0.3)
543
+ gem push authlogic_rpx-1.0.3.gem
544
+
545
+
546
+ == Kudos and Kopywrite
547
+
548
+ Thanks to {binarylogic}[http://github.com/binarylogic] for cleaning up authentication in rails by creating Authlogic in the first place and offering it to the community.
549
+
550
+ The idea of adding RPX support to authlogic is not new. Some early ideas were found in the following projects, although it was decided not to base this implementation on a fork of these, since the approaches varied considerably:
551
+ * <b>http://github.com/hunter/authlogic_rpx</b> an initial start, based on authlogic_openid and using rpx_now
552
+ * <b>http://github.com/gampleman/authlogic_rpx/</b> similar, but including an implementation of the RPX api
553
+
554
+ authlogic_rpx was created by Paul Gallagher (tardate.com) and released under the MIT license.
data/Rakefile ADDED
@@ -0,0 +1,20 @@
1
+ ENV['RDOCOPT'] = "-S -f html -T hanna"
2
+
3
+ require "rubygems"
4
+ require "echoe"
5
+ require File.dirname(__FILE__) << "/lib/authlogic_rpx/version"
6
+
7
+ Echoe.new("authlogic_rpx") do |p|
8
+ p.version = AuthlogicRpx::Version::STRING
9
+ p.url = "http://github.com/tardate/authlogic_rpx"
10
+ p.summary = "Authlogic plug-in for RPX support"
11
+ p.description = "Authlogic extension/plugin that provides RPX (rpxnow.com) authentication support"
12
+
13
+ p.runtime_dependencies = ["authlogic >=2.1.1", "rpx_now >=0.6.6" ]
14
+ p.development_dependencies = []
15
+
16
+ p.author = "Paul Gallagher / tardate"
17
+ p.email = "gallagher.paul@gmail.com"
18
+
19
+ p.install_message = ""
20
+ end
data/init.rb ADDED
@@ -0,0 +1 @@
1
+ require File.dirname(__FILE__) + "/rails/init.rb"