stormpath-rails 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -1
  3. data/.gitmodules +3 -0
  4. data/.travis.yml +1 -1
  5. data/CHANGELOG.md +11 -0
  6. data/README.md +1 -1
  7. data/app/controllers/stormpath/rails/register/create_controller.rb +1 -1
  8. data/docs/Makefile +225 -0
  9. data/docs/_static/facebook-new-project.png +0 -0
  10. data/docs/_static/facebook-url-settings.png +0 -0
  11. data/docs/_static/forgot-change.png +0 -0
  12. data/docs/_static/forgot-complete.png +0 -0
  13. data/docs/_static/forgot-email-sent.png +0 -0
  14. data/docs/_static/forgot-email.png +0 -0
  15. data/docs/_static/forgot-init.png +0 -0
  16. data/docs/_static/forgot.png +0 -0
  17. data/docs/_static/github_create_app.png +0 -0
  18. data/docs/_static/google-enable-login.png +0 -0
  19. data/docs/_static/google-new-project.png +0 -0
  20. data/docs/_static/google-oauth-settings.png +0 -0
  21. data/docs/_static/id-site-login.png +0 -0
  22. data/docs/_static/id-site-settings.png +0 -0
  23. data/docs/_static/id-site-stormpath-config.png +0 -0
  24. data/docs/_static/linkedin-add-authorized-urls.gif +0 -0
  25. data/docs/_static/linkedin-add-permissions.gif +0 -0
  26. data/docs/_static/linkedin-new-application.gif +0 -0
  27. data/docs/_static/linkedin-permissions-page.png +0 -0
  28. data/docs/_static/login-page-basic.png +0 -0
  29. data/docs/_static/login-page-facebook-permissions.png +0 -0
  30. data/docs/_static/login-page-facebook.png +0 -0
  31. data/docs/_static/login-page-google-account.png +0 -0
  32. data/docs/_static/login-page-google.png +0 -0
  33. data/docs/_static/login-page-linkedin.png +0 -0
  34. data/docs/_static/login-page.png +0 -0
  35. data/docs/_static/login_page_with_all_providers.png +0 -0
  36. data/docs/_static/registration-page-basic.png +0 -0
  37. data/docs/_static/registration-page-error.png +0 -0
  38. data/docs/_static/registration-page.png +0 -0
  39. data/docs/_static/verification-complete.png +0 -0
  40. data/docs/_static/verification-email.png +0 -0
  41. data/docs/_static/verification.png +0 -0
  42. data/docs/_templates/layout.html +6 -0
  43. data/docs/about.rst +72 -0
  44. data/docs/authentication.rst +332 -0
  45. data/docs/changelog.rst +41 -0
  46. data/docs/conf.py +346 -0
  47. data/docs/configuration.rst +151 -0
  48. data/docs/contributors.rst +56 -0
  49. data/docs/devise_import.rst +112 -0
  50. data/docs/help.rst +24 -0
  51. data/docs/index.rst +31 -0
  52. data/docs/login.rst +242 -0
  53. data/docs/logout.rst +73 -0
  54. data/docs/password_reset.rst +85 -0
  55. data/docs/quickstart.rst +179 -0
  56. data/docs/registration.rst +364 -0
  57. data/docs/social_login.rst +409 -0
  58. data/docs/templates.rst +100 -0
  59. data/docs/user_data.rst +216 -0
  60. data/lib/stormpath/rails/version.rb +1 -1
  61. data/stormpath-rails.gemspec +1 -1
  62. metadata +57 -4
@@ -0,0 +1,364 @@
1
+ .. _registration:
2
+
3
+
4
+ Registration
5
+ ============
6
+
7
+ The registration feature of this gem allows you to use Stormpath to create
8
+ new accounts in a Stormpath directory. You can create traditional password-
9
+ based accounts, which have a username and a password, or you can create customized accounts with multiple required or optional fields.
10
+
11
+ By default this gem will serve an HTML registration page at ``/register``.
12
+ You can change this URI with the ``web.register.uri`` option. You can disable
13
+ this feature entirely by setting ``web.register.enabled`` to ``false`` in your ``stormpath.yml`` configuration file.
14
+
15
+ http://localhost:3000/register
16
+
17
+
18
+ Configuration Options
19
+ ---------------------
20
+
21
+ This feature supports several options. This example shows what is possible,
22
+ we will cover them in detail below:
23
+
24
+ .. code-block:: yaml
25
+
26
+ web:
27
+ register:
28
+ enabled: true,
29
+ uri: '/signup', # Use a different URL
30
+ nextUri: '/', # Where to send the user to, if auto login is enabled
31
+ form:
32
+ fields: # see next section for documentation
33
+ fieldOrder: # see next section
34
+
35
+
36
+ Modifying Default Fields
37
+ ------------------------
38
+
39
+ The registration form will render these fields by default, and they will be
40
+ required by the user:
41
+
42
+ * given_name
43
+ * surname
44
+ * email
45
+ * password
46
+
47
+ While email and password will always be required, you do not need to require
48
+ first and last name. These can be configured as optional fields, or omitted
49
+ entirely. You can also specify your own custom fields. We'll cover each use
50
+ case in detail.
51
+
52
+ Configure First Name and Last Name as Optional
53
+ ..............................................
54
+
55
+ If you would like to show the fields for first name and last name, but not
56
+ require them, you can set required to false:
57
+
58
+ .. code-block:: yaml
59
+
60
+ web:
61
+ register:
62
+ form:
63
+ fields:
64
+ givenName:
65
+ required: false
66
+ surname:
67
+ required: false
68
+
69
+
70
+ Because the Stormpath API requires a first name and last name, we will auto-fill
71
+ these fields with `UNKNOWN` if the user does not provide them.
72
+
73
+
74
+ Disabling First Name and Last Name
75
+ ..................................
76
+
77
+ If you want to remove these fields entirely, you can set enabled to false:
78
+
79
+ .. code-block:: yaml
80
+
81
+ web:
82
+ register:
83
+ form:
84
+ fields:
85
+ givenName:
86
+ enabled: false
87
+ surname:
88
+ enabled: false
89
+
90
+
91
+ Because the Stormpath API requires a first name and last name, we will auto-fill
92
+ these fields with `UNKNOWN` when a user registers.
93
+
94
+ .. _custom_form_fields:
95
+
96
+ Creating Custom Fields
97
+ ----------------------
98
+
99
+ You can add your own custom fields to the form. The values will be
100
+ automatically added to the user's custom data object when they register
101
+ successfully. You can define a custom field by defining a new field object,
102
+ like this:
103
+
104
+ .. code-block:: yaml
105
+
106
+ web:
107
+ register:
108
+ form:
109
+ fields:
110
+ favoriteColor:
111
+ enabled: true,
112
+ label: 'Favorite Color',
113
+ placeholder: 'E.g. Red, Blue',
114
+ required: true,
115
+ type: 'text'
116
+
117
+
118
+ All field objects have the following properties, which must be defined:
119
+
120
+ - **enabled** - Determines if the field is shown on the form.
121
+
122
+ - **label** - The text label that is shown to the left of the input field.
123
+
124
+ - **placeholder** - The help text that is shown inside the input field, if the
125
+ input field is empty (HTML5 property).
126
+
127
+ - **required** - Marks the field as a required field. This uses the HTML5
128
+ required property, to prompt the user to enter the value. The post data will
129
+ also be validated to ensure that the field is supplied, and an error will be
130
+ returned if the field is empty.
131
+
132
+ - **type** - the HTML type of the input, e.g. text, email, or password.
133
+
134
+ .. note::
135
+
136
+ The property name of the field definition, in this case ``favoriteColor``,
137
+ will be used for the ``name`` attribute in the rendered HTML form, or the key
138
+ in the JSON view model for the registration endpoint.
139
+
140
+ Changing Field Order
141
+ --------------------
142
+
143
+ If you want to change the order of the fields, you can do so by specifying the
144
+ ``fieldOrder`` array:
145
+
146
+ .. code-block:: yaml
147
+
148
+ web:
149
+ register:
150
+ form:
151
+ fieldOrder:
152
+ - 'givenName'
153
+ - 'surname'
154
+ - 'email'
155
+ - 'password'
156
+ - 'confirmPassword'
157
+
158
+ Password Strength Rules
159
+ -----------------------
160
+
161
+ Stormpath supports complex password strength rules, such as number of letters
162
+ or special characters required. These settings are controlled on a directory
163
+ basis. If you want to modify the password strength rules for your application
164
+ you should use the `Stormpath Admin Console`_ to find the directory that is mapped
165
+ to your application, and modify it's password policy.
166
+
167
+ For more information see `Account Password Strength Policy`_.
168
+
169
+ .. _email_verification:
170
+
171
+ Email Verification
172
+ ------------------
173
+
174
+ We **highly** recommend that you use email verification, as it adds a layer
175
+ of security to your site (it makes it harder for bots to create spam accounts).
176
+
177
+ One of our favorite Stormpath features is email verification. When this workflow
178
+ is enabled on the directory, we will send the new account an email with a link
179
+ that they must click on in order to verify their account. When they click on
180
+ that link they will need to be directed to this URL:
181
+
182
+ http://localhost:3000/verify?sptoken=TOKEN
183
+
184
+ We have to configure our directory in order for this to happen. Use the
185
+ `Stormpath Admin Console`_ to find the directory of your application, then
186
+ go into the Workflows section. In there you will find the email verification
187
+ workflow, which should be enabled by default (enable it if not). Then modify
188
+ the template of the email to use this value for the `Link Base URL`:
189
+
190
+ .. code-block:: sh
191
+
192
+ http://localhost:3000/verify
193
+
194
+ When the user arrives on the verification URL, we will verify that their email
195
+ link is valid and hasn't already been used. If the link is valid we will redirect
196
+ them to the login page. If there is a problem with the link we provide a form
197
+ that allows them to ask for a new link.
198
+
199
+
200
+ Auto Login
201
+ ----------
202
+
203
+ If you are *not* using email verificaion (not recommended) you may log users in
204
+ automatically when they register. This can be achieved with this config:
205
+
206
+ .. code-block:: yaml
207
+
208
+ web:
209
+ register:
210
+ autoLogin: true,
211
+ nextUri: '/'
212
+
213
+
214
+ By default the nextUri is to the ``/`` page, but you can modify this.
215
+
216
+ Overriding Registration
217
+ -----------------------
218
+
219
+ Controllers
220
+ ...........
221
+
222
+ Since Stormpath controllers are highly configurable, they have lots of configuration code and are not written in a traditional way.
223
+
224
+ A RegisterController would usually have two actions - new & create, however in Stormpath-Rails they are separated into two single action controllers - ``Stormpath::Rails::Register::NewController`` and ``Stormpath::Rails::Register::CreateController``.
225
+ They both respond to a ``call`` method (action).
226
+
227
+ To override a Stormpath controller, first you need to subclass it:
228
+
229
+ .. code-block:: ruby
230
+
231
+ class CreateAccountController < Stormpath::Rails::Register::CreateController
232
+ end
233
+
234
+
235
+ and update the routes to point to your new controller:
236
+
237
+ .. code-block:: ruby
238
+
239
+ Rails.application.routes.draw do
240
+ stormpath_rails_routes(actions: {
241
+ 'register#create' => 'create_account#call'
242
+ })
243
+ end
244
+
245
+
246
+ Routes
247
+ ------
248
+
249
+ To override routes (while using Stormpath default controllers), please use the configuration file ``config/stormpath.yml`` and override them there.
250
+ As usual, to see what the routes are, run *rake routes*.
251
+
252
+ Views
253
+ -----
254
+
255
+ You can use the Stormpath views generator to copy the default views to your application for modification:
256
+
257
+ .. code-block:: ruby
258
+
259
+ rails generate stormpath:views
260
+
261
+
262
+ which generates these files::
263
+
264
+ stormpath/rails/layouts/stormpath.html.erb
265
+
266
+ stormpath/rails/login/new.html.erb
267
+ stormpath/rails/login/_form.html.erb
268
+
269
+ stormpath/rails/register/new.html.erb
270
+ stormpath/rails/register/_form.html.erb
271
+
272
+ stormpath/rails/change_password/new.html.erb
273
+
274
+ stormpath/rails/forgot_password/new.html.erb
275
+
276
+ stormpath/rails/shared/_input.html.erb
277
+
278
+ stormpath/rails/verify_email/new.html.erb
279
+
280
+
281
+ JSON Registration API
282
+ ---------------------
283
+
284
+ If you are using this gem from a SPA framework like Angular or React, you
285
+ will want to make a JSON post to register users. Simply post an object to
286
+ ``/register`` that looks like this, and supply the fields that you wish to
287
+ populate on the user::
288
+
289
+ {
290
+ "email": "foo@bar.com",
291
+ "password": "mySuper3ecretPAssw0rd",
292
+ "surname": "optional"
293
+ }
294
+
295
+ If the user is created successfully you will get a 200 response and the body
296
+ will the the account object that was created. If there was an error you
297
+ will get an object that looks like ``{ message: 'error message here'}``.
298
+
299
+ If you make a GET request to the registration endpoint, with ``Accept:
300
+ application/json``, we will send you a JSON view model that describes the
301
+ registration form and the social account stores that are mapped to your
302
+ Stormpath Application. Here is an example view model that shows you an
303
+ application that has a default registration form, and a mapped Google
304
+ directory:
305
+
306
+ .. code-block:: javascript
307
+
308
+ {
309
+ "accountStores": [
310
+ {
311
+ "name": "stormpath-rails google",
312
+ "href": "https://api.stormpath.com/v1/directories/gc0Ty90yXXk8ifd2QPwt",
313
+ "provider": {
314
+ "providerId": "google",
315
+ "clientId": "441084632428-9au0gijbo5icagep9u79qtf7ic7cc5au.apps.googleusercontent.com",
316
+ "scope": "email profile",
317
+ "href": "https://api.stormpath.com/v1/directories/gc0Ty90yXXk8ifd2QPwt/provider"
318
+ }
319
+ }
320
+ ],
321
+ "form": {
322
+ "fields": [
323
+ {
324
+ "label": "First Name",
325
+ "placeholder": "First Name",
326
+ "required": true,
327
+ "type": "text",
328
+ "name": "givenName"
329
+ },
330
+ {
331
+ "label": "Last Name",
332
+ "placeholder": "Last Name",
333
+ "required": true,
334
+ "type": "text",
335
+ "name": "surname"
336
+ },
337
+ {
338
+ "label": "Email",
339
+ "placeholder": "Email",
340
+ "required": true,
341
+ "type": "email",
342
+ "name": "email"
343
+ },
344
+ {
345
+ "label": "Password",
346
+ "placeholder": "Password",
347
+ "required": true,
348
+ "type": "password",
349
+ "name": "password"
350
+ }
351
+ ]
352
+ }
353
+ }
354
+
355
+ .. note::
356
+
357
+ You may have to explicitly tell your client library that you want a JSON
358
+ response from the server. Not all libraries do this automatically. If the
359
+ library does not set the ``Accept: application/json`` header on the request,
360
+ you'll get back the HTML registration form - not the JSON response that you
361
+ expect.
362
+
363
+ .. _Stormpath Admin Console: https://api.stormpath.com
364
+ .. _Account Password Strength Policy: https://docs.stormpath.com/rest/product-guide/#account-password-strength-policy