stormpath-rails 2.2.0 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/.gitmodules +3 -0
- data/.travis.yml +1 -1
- data/CHANGELOG.md +11 -0
- data/README.md +1 -1
- data/app/controllers/stormpath/rails/register/create_controller.rb +1 -1
- data/docs/Makefile +225 -0
- data/docs/_static/facebook-new-project.png +0 -0
- data/docs/_static/facebook-url-settings.png +0 -0
- data/docs/_static/forgot-change.png +0 -0
- data/docs/_static/forgot-complete.png +0 -0
- data/docs/_static/forgot-email-sent.png +0 -0
- data/docs/_static/forgot-email.png +0 -0
- data/docs/_static/forgot-init.png +0 -0
- data/docs/_static/forgot.png +0 -0
- data/docs/_static/github_create_app.png +0 -0
- data/docs/_static/google-enable-login.png +0 -0
- data/docs/_static/google-new-project.png +0 -0
- data/docs/_static/google-oauth-settings.png +0 -0
- data/docs/_static/id-site-login.png +0 -0
- data/docs/_static/id-site-settings.png +0 -0
- data/docs/_static/id-site-stormpath-config.png +0 -0
- data/docs/_static/linkedin-add-authorized-urls.gif +0 -0
- data/docs/_static/linkedin-add-permissions.gif +0 -0
- data/docs/_static/linkedin-new-application.gif +0 -0
- data/docs/_static/linkedin-permissions-page.png +0 -0
- data/docs/_static/login-page-basic.png +0 -0
- data/docs/_static/login-page-facebook-permissions.png +0 -0
- data/docs/_static/login-page-facebook.png +0 -0
- data/docs/_static/login-page-google-account.png +0 -0
- data/docs/_static/login-page-google.png +0 -0
- data/docs/_static/login-page-linkedin.png +0 -0
- data/docs/_static/login-page.png +0 -0
- data/docs/_static/login_page_with_all_providers.png +0 -0
- data/docs/_static/registration-page-basic.png +0 -0
- data/docs/_static/registration-page-error.png +0 -0
- data/docs/_static/registration-page.png +0 -0
- data/docs/_static/verification-complete.png +0 -0
- data/docs/_static/verification-email.png +0 -0
- data/docs/_static/verification.png +0 -0
- data/docs/_templates/layout.html +6 -0
- data/docs/about.rst +72 -0
- data/docs/authentication.rst +332 -0
- data/docs/changelog.rst +41 -0
- data/docs/conf.py +346 -0
- data/docs/configuration.rst +151 -0
- data/docs/contributors.rst +56 -0
- data/docs/devise_import.rst +112 -0
- data/docs/help.rst +24 -0
- data/docs/index.rst +31 -0
- data/docs/login.rst +242 -0
- data/docs/logout.rst +73 -0
- data/docs/password_reset.rst +85 -0
- data/docs/quickstart.rst +179 -0
- data/docs/registration.rst +364 -0
- data/docs/social_login.rst +409 -0
- data/docs/templates.rst +100 -0
- data/docs/user_data.rst +216 -0
- data/lib/stormpath/rails/version.rb +1 -1
- data/stormpath-rails.gemspec +1 -1
- metadata +57 -4
@@ -0,0 +1,364 @@
|
|
1
|
+
.. _registration:
|
2
|
+
|
3
|
+
|
4
|
+
Registration
|
5
|
+
============
|
6
|
+
|
7
|
+
The registration feature of this gem allows you to use Stormpath to create
|
8
|
+
new accounts in a Stormpath directory. You can create traditional password-
|
9
|
+
based accounts, which have a username and a password, or you can create customized accounts with multiple required or optional fields.
|
10
|
+
|
11
|
+
By default this gem will serve an HTML registration page at ``/register``.
|
12
|
+
You can change this URI with the ``web.register.uri`` option. You can disable
|
13
|
+
this feature entirely by setting ``web.register.enabled`` to ``false`` in your ``stormpath.yml`` configuration file.
|
14
|
+
|
15
|
+
http://localhost:3000/register
|
16
|
+
|
17
|
+
|
18
|
+
Configuration Options
|
19
|
+
---------------------
|
20
|
+
|
21
|
+
This feature supports several options. This example shows what is possible,
|
22
|
+
we will cover them in detail below:
|
23
|
+
|
24
|
+
.. code-block:: yaml
|
25
|
+
|
26
|
+
web:
|
27
|
+
register:
|
28
|
+
enabled: true,
|
29
|
+
uri: '/signup', # Use a different URL
|
30
|
+
nextUri: '/', # Where to send the user to, if auto login is enabled
|
31
|
+
form:
|
32
|
+
fields: # see next section for documentation
|
33
|
+
fieldOrder: # see next section
|
34
|
+
|
35
|
+
|
36
|
+
Modifying Default Fields
|
37
|
+
------------------------
|
38
|
+
|
39
|
+
The registration form will render these fields by default, and they will be
|
40
|
+
required by the user:
|
41
|
+
|
42
|
+
* given_name
|
43
|
+
* surname
|
44
|
+
* email
|
45
|
+
* password
|
46
|
+
|
47
|
+
While email and password will always be required, you do not need to require
|
48
|
+
first and last name. These can be configured as optional fields, or omitted
|
49
|
+
entirely. You can also specify your own custom fields. We'll cover each use
|
50
|
+
case in detail.
|
51
|
+
|
52
|
+
Configure First Name and Last Name as Optional
|
53
|
+
..............................................
|
54
|
+
|
55
|
+
If you would like to show the fields for first name and last name, but not
|
56
|
+
require them, you can set required to false:
|
57
|
+
|
58
|
+
.. code-block:: yaml
|
59
|
+
|
60
|
+
web:
|
61
|
+
register:
|
62
|
+
form:
|
63
|
+
fields:
|
64
|
+
givenName:
|
65
|
+
required: false
|
66
|
+
surname:
|
67
|
+
required: false
|
68
|
+
|
69
|
+
|
70
|
+
Because the Stormpath API requires a first name and last name, we will auto-fill
|
71
|
+
these fields with `UNKNOWN` if the user does not provide them.
|
72
|
+
|
73
|
+
|
74
|
+
Disabling First Name and Last Name
|
75
|
+
..................................
|
76
|
+
|
77
|
+
If you want to remove these fields entirely, you can set enabled to false:
|
78
|
+
|
79
|
+
.. code-block:: yaml
|
80
|
+
|
81
|
+
web:
|
82
|
+
register:
|
83
|
+
form:
|
84
|
+
fields:
|
85
|
+
givenName:
|
86
|
+
enabled: false
|
87
|
+
surname:
|
88
|
+
enabled: false
|
89
|
+
|
90
|
+
|
91
|
+
Because the Stormpath API requires a first name and last name, we will auto-fill
|
92
|
+
these fields with `UNKNOWN` when a user registers.
|
93
|
+
|
94
|
+
.. _custom_form_fields:
|
95
|
+
|
96
|
+
Creating Custom Fields
|
97
|
+
----------------------
|
98
|
+
|
99
|
+
You can add your own custom fields to the form. The values will be
|
100
|
+
automatically added to the user's custom data object when they register
|
101
|
+
successfully. You can define a custom field by defining a new field object,
|
102
|
+
like this:
|
103
|
+
|
104
|
+
.. code-block:: yaml
|
105
|
+
|
106
|
+
web:
|
107
|
+
register:
|
108
|
+
form:
|
109
|
+
fields:
|
110
|
+
favoriteColor:
|
111
|
+
enabled: true,
|
112
|
+
label: 'Favorite Color',
|
113
|
+
placeholder: 'E.g. Red, Blue',
|
114
|
+
required: true,
|
115
|
+
type: 'text'
|
116
|
+
|
117
|
+
|
118
|
+
All field objects have the following properties, which must be defined:
|
119
|
+
|
120
|
+
- **enabled** - Determines if the field is shown on the form.
|
121
|
+
|
122
|
+
- **label** - The text label that is shown to the left of the input field.
|
123
|
+
|
124
|
+
- **placeholder** - The help text that is shown inside the input field, if the
|
125
|
+
input field is empty (HTML5 property).
|
126
|
+
|
127
|
+
- **required** - Marks the field as a required field. This uses the HTML5
|
128
|
+
required property, to prompt the user to enter the value. The post data will
|
129
|
+
also be validated to ensure that the field is supplied, and an error will be
|
130
|
+
returned if the field is empty.
|
131
|
+
|
132
|
+
- **type** - the HTML type of the input, e.g. text, email, or password.
|
133
|
+
|
134
|
+
.. note::
|
135
|
+
|
136
|
+
The property name of the field definition, in this case ``favoriteColor``,
|
137
|
+
will be used for the ``name`` attribute in the rendered HTML form, or the key
|
138
|
+
in the JSON view model for the registration endpoint.
|
139
|
+
|
140
|
+
Changing Field Order
|
141
|
+
--------------------
|
142
|
+
|
143
|
+
If you want to change the order of the fields, you can do so by specifying the
|
144
|
+
``fieldOrder`` array:
|
145
|
+
|
146
|
+
.. code-block:: yaml
|
147
|
+
|
148
|
+
web:
|
149
|
+
register:
|
150
|
+
form:
|
151
|
+
fieldOrder:
|
152
|
+
- 'givenName'
|
153
|
+
- 'surname'
|
154
|
+
- 'email'
|
155
|
+
- 'password'
|
156
|
+
- 'confirmPassword'
|
157
|
+
|
158
|
+
Password Strength Rules
|
159
|
+
-----------------------
|
160
|
+
|
161
|
+
Stormpath supports complex password strength rules, such as number of letters
|
162
|
+
or special characters required. These settings are controlled on a directory
|
163
|
+
basis. If you want to modify the password strength rules for your application
|
164
|
+
you should use the `Stormpath Admin Console`_ to find the directory that is mapped
|
165
|
+
to your application, and modify it's password policy.
|
166
|
+
|
167
|
+
For more information see `Account Password Strength Policy`_.
|
168
|
+
|
169
|
+
.. _email_verification:
|
170
|
+
|
171
|
+
Email Verification
|
172
|
+
------------------
|
173
|
+
|
174
|
+
We **highly** recommend that you use email verification, as it adds a layer
|
175
|
+
of security to your site (it makes it harder for bots to create spam accounts).
|
176
|
+
|
177
|
+
One of our favorite Stormpath features is email verification. When this workflow
|
178
|
+
is enabled on the directory, we will send the new account an email with a link
|
179
|
+
that they must click on in order to verify their account. When they click on
|
180
|
+
that link they will need to be directed to this URL:
|
181
|
+
|
182
|
+
http://localhost:3000/verify?sptoken=TOKEN
|
183
|
+
|
184
|
+
We have to configure our directory in order for this to happen. Use the
|
185
|
+
`Stormpath Admin Console`_ to find the directory of your application, then
|
186
|
+
go into the Workflows section. In there you will find the email verification
|
187
|
+
workflow, which should be enabled by default (enable it if not). Then modify
|
188
|
+
the template of the email to use this value for the `Link Base URL`:
|
189
|
+
|
190
|
+
.. code-block:: sh
|
191
|
+
|
192
|
+
http://localhost:3000/verify
|
193
|
+
|
194
|
+
When the user arrives on the verification URL, we will verify that their email
|
195
|
+
link is valid and hasn't already been used. If the link is valid we will redirect
|
196
|
+
them to the login page. If there is a problem with the link we provide a form
|
197
|
+
that allows them to ask for a new link.
|
198
|
+
|
199
|
+
|
200
|
+
Auto Login
|
201
|
+
----------
|
202
|
+
|
203
|
+
If you are *not* using email verificaion (not recommended) you may log users in
|
204
|
+
automatically when they register. This can be achieved with this config:
|
205
|
+
|
206
|
+
.. code-block:: yaml
|
207
|
+
|
208
|
+
web:
|
209
|
+
register:
|
210
|
+
autoLogin: true,
|
211
|
+
nextUri: '/'
|
212
|
+
|
213
|
+
|
214
|
+
By default the nextUri is to the ``/`` page, but you can modify this.
|
215
|
+
|
216
|
+
Overriding Registration
|
217
|
+
-----------------------
|
218
|
+
|
219
|
+
Controllers
|
220
|
+
...........
|
221
|
+
|
222
|
+
Since Stormpath controllers are highly configurable, they have lots of configuration code and are not written in a traditional way.
|
223
|
+
|
224
|
+
A RegisterController would usually have two actions - new & create, however in Stormpath-Rails they are separated into two single action controllers - ``Stormpath::Rails::Register::NewController`` and ``Stormpath::Rails::Register::CreateController``.
|
225
|
+
They both respond to a ``call`` method (action).
|
226
|
+
|
227
|
+
To override a Stormpath controller, first you need to subclass it:
|
228
|
+
|
229
|
+
.. code-block:: ruby
|
230
|
+
|
231
|
+
class CreateAccountController < Stormpath::Rails::Register::CreateController
|
232
|
+
end
|
233
|
+
|
234
|
+
|
235
|
+
and update the routes to point to your new controller:
|
236
|
+
|
237
|
+
.. code-block:: ruby
|
238
|
+
|
239
|
+
Rails.application.routes.draw do
|
240
|
+
stormpath_rails_routes(actions: {
|
241
|
+
'register#create' => 'create_account#call'
|
242
|
+
})
|
243
|
+
end
|
244
|
+
|
245
|
+
|
246
|
+
Routes
|
247
|
+
------
|
248
|
+
|
249
|
+
To override routes (while using Stormpath default controllers), please use the configuration file ``config/stormpath.yml`` and override them there.
|
250
|
+
As usual, to see what the routes are, run *rake routes*.
|
251
|
+
|
252
|
+
Views
|
253
|
+
-----
|
254
|
+
|
255
|
+
You can use the Stormpath views generator to copy the default views to your application for modification:
|
256
|
+
|
257
|
+
.. code-block:: ruby
|
258
|
+
|
259
|
+
rails generate stormpath:views
|
260
|
+
|
261
|
+
|
262
|
+
which generates these files::
|
263
|
+
|
264
|
+
stormpath/rails/layouts/stormpath.html.erb
|
265
|
+
|
266
|
+
stormpath/rails/login/new.html.erb
|
267
|
+
stormpath/rails/login/_form.html.erb
|
268
|
+
|
269
|
+
stormpath/rails/register/new.html.erb
|
270
|
+
stormpath/rails/register/_form.html.erb
|
271
|
+
|
272
|
+
stormpath/rails/change_password/new.html.erb
|
273
|
+
|
274
|
+
stormpath/rails/forgot_password/new.html.erb
|
275
|
+
|
276
|
+
stormpath/rails/shared/_input.html.erb
|
277
|
+
|
278
|
+
stormpath/rails/verify_email/new.html.erb
|
279
|
+
|
280
|
+
|
281
|
+
JSON Registration API
|
282
|
+
---------------------
|
283
|
+
|
284
|
+
If you are using this gem from a SPA framework like Angular or React, you
|
285
|
+
will want to make a JSON post to register users. Simply post an object to
|
286
|
+
``/register`` that looks like this, and supply the fields that you wish to
|
287
|
+
populate on the user::
|
288
|
+
|
289
|
+
{
|
290
|
+
"email": "foo@bar.com",
|
291
|
+
"password": "mySuper3ecretPAssw0rd",
|
292
|
+
"surname": "optional"
|
293
|
+
}
|
294
|
+
|
295
|
+
If the user is created successfully you will get a 200 response and the body
|
296
|
+
will the the account object that was created. If there was an error you
|
297
|
+
will get an object that looks like ``{ message: 'error message here'}``.
|
298
|
+
|
299
|
+
If you make a GET request to the registration endpoint, with ``Accept:
|
300
|
+
application/json``, we will send you a JSON view model that describes the
|
301
|
+
registration form and the social account stores that are mapped to your
|
302
|
+
Stormpath Application. Here is an example view model that shows you an
|
303
|
+
application that has a default registration form, and a mapped Google
|
304
|
+
directory:
|
305
|
+
|
306
|
+
.. code-block:: javascript
|
307
|
+
|
308
|
+
{
|
309
|
+
"accountStores": [
|
310
|
+
{
|
311
|
+
"name": "stormpath-rails google",
|
312
|
+
"href": "https://api.stormpath.com/v1/directories/gc0Ty90yXXk8ifd2QPwt",
|
313
|
+
"provider": {
|
314
|
+
"providerId": "google",
|
315
|
+
"clientId": "441084632428-9au0gijbo5icagep9u79qtf7ic7cc5au.apps.googleusercontent.com",
|
316
|
+
"scope": "email profile",
|
317
|
+
"href": "https://api.stormpath.com/v1/directories/gc0Ty90yXXk8ifd2QPwt/provider"
|
318
|
+
}
|
319
|
+
}
|
320
|
+
],
|
321
|
+
"form": {
|
322
|
+
"fields": [
|
323
|
+
{
|
324
|
+
"label": "First Name",
|
325
|
+
"placeholder": "First Name",
|
326
|
+
"required": true,
|
327
|
+
"type": "text",
|
328
|
+
"name": "givenName"
|
329
|
+
},
|
330
|
+
{
|
331
|
+
"label": "Last Name",
|
332
|
+
"placeholder": "Last Name",
|
333
|
+
"required": true,
|
334
|
+
"type": "text",
|
335
|
+
"name": "surname"
|
336
|
+
},
|
337
|
+
{
|
338
|
+
"label": "Email",
|
339
|
+
"placeholder": "Email",
|
340
|
+
"required": true,
|
341
|
+
"type": "email",
|
342
|
+
"name": "email"
|
343
|
+
},
|
344
|
+
{
|
345
|
+
"label": "Password",
|
346
|
+
"placeholder": "Password",
|
347
|
+
"required": true,
|
348
|
+
"type": "password",
|
349
|
+
"name": "password"
|
350
|
+
}
|
351
|
+
]
|
352
|
+
}
|
353
|
+
}
|
354
|
+
|
355
|
+
.. note::
|
356
|
+
|
357
|
+
You may have to explicitly tell your client library that you want a JSON
|
358
|
+
response from the server. Not all libraries do this automatically. If the
|
359
|
+
library does not set the ``Accept: application/json`` header on the request,
|
360
|
+
you'll get back the HTML registration form - not the JSON response that you
|
361
|
+
expect.
|
362
|
+
|
363
|
+
.. _Stormpath Admin Console: https://api.stormpath.com
|
364
|
+
.. _Account Password Strength Policy: https://docs.stormpath.com/rest/product-guide/#account-password-strength-policy
|