stormpath-rails 2.2.0 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/.gitmodules +3 -0
- data/.travis.yml +1 -1
- data/CHANGELOG.md +11 -0
- data/README.md +1 -1
- data/app/controllers/stormpath/rails/register/create_controller.rb +1 -1
- data/docs/Makefile +225 -0
- data/docs/_static/facebook-new-project.png +0 -0
- data/docs/_static/facebook-url-settings.png +0 -0
- data/docs/_static/forgot-change.png +0 -0
- data/docs/_static/forgot-complete.png +0 -0
- data/docs/_static/forgot-email-sent.png +0 -0
- data/docs/_static/forgot-email.png +0 -0
- data/docs/_static/forgot-init.png +0 -0
- data/docs/_static/forgot.png +0 -0
- data/docs/_static/github_create_app.png +0 -0
- data/docs/_static/google-enable-login.png +0 -0
- data/docs/_static/google-new-project.png +0 -0
- data/docs/_static/google-oauth-settings.png +0 -0
- data/docs/_static/id-site-login.png +0 -0
- data/docs/_static/id-site-settings.png +0 -0
- data/docs/_static/id-site-stormpath-config.png +0 -0
- data/docs/_static/linkedin-add-authorized-urls.gif +0 -0
- data/docs/_static/linkedin-add-permissions.gif +0 -0
- data/docs/_static/linkedin-new-application.gif +0 -0
- data/docs/_static/linkedin-permissions-page.png +0 -0
- data/docs/_static/login-page-basic.png +0 -0
- data/docs/_static/login-page-facebook-permissions.png +0 -0
- data/docs/_static/login-page-facebook.png +0 -0
- data/docs/_static/login-page-google-account.png +0 -0
- data/docs/_static/login-page-google.png +0 -0
- data/docs/_static/login-page-linkedin.png +0 -0
- data/docs/_static/login-page.png +0 -0
- data/docs/_static/login_page_with_all_providers.png +0 -0
- data/docs/_static/registration-page-basic.png +0 -0
- data/docs/_static/registration-page-error.png +0 -0
- data/docs/_static/registration-page.png +0 -0
- data/docs/_static/verification-complete.png +0 -0
- data/docs/_static/verification-email.png +0 -0
- data/docs/_static/verification.png +0 -0
- data/docs/_templates/layout.html +6 -0
- data/docs/about.rst +72 -0
- data/docs/authentication.rst +332 -0
- data/docs/changelog.rst +41 -0
- data/docs/conf.py +346 -0
- data/docs/configuration.rst +151 -0
- data/docs/contributors.rst +56 -0
- data/docs/devise_import.rst +112 -0
- data/docs/help.rst +24 -0
- data/docs/index.rst +31 -0
- data/docs/login.rst +242 -0
- data/docs/logout.rst +73 -0
- data/docs/password_reset.rst +85 -0
- data/docs/quickstart.rst +179 -0
- data/docs/registration.rst +364 -0
- data/docs/social_login.rst +409 -0
- data/docs/templates.rst +100 -0
- data/docs/user_data.rst +216 -0
- data/lib/stormpath/rails/version.rb +1 -1
- data/stormpath-rails.gemspec +1 -1
- metadata +57 -4
@@ -0,0 +1,364 @@
|
|
1
|
+
.. _registration:
|
2
|
+
|
3
|
+
|
4
|
+
Registration
|
5
|
+
============
|
6
|
+
|
7
|
+
The registration feature of this gem allows you to use Stormpath to create
|
8
|
+
new accounts in a Stormpath directory. You can create traditional password-
|
9
|
+
based accounts, which have a username and a password, or you can create customized accounts with multiple required or optional fields.
|
10
|
+
|
11
|
+
By default this gem will serve an HTML registration page at ``/register``.
|
12
|
+
You can change this URI with the ``web.register.uri`` option. You can disable
|
13
|
+
this feature entirely by setting ``web.register.enabled`` to ``false`` in your ``stormpath.yml`` configuration file.
|
14
|
+
|
15
|
+
http://localhost:3000/register
|
16
|
+
|
17
|
+
|
18
|
+
Configuration Options
|
19
|
+
---------------------
|
20
|
+
|
21
|
+
This feature supports several options. This example shows what is possible,
|
22
|
+
we will cover them in detail below:
|
23
|
+
|
24
|
+
.. code-block:: yaml
|
25
|
+
|
26
|
+
web:
|
27
|
+
register:
|
28
|
+
enabled: true,
|
29
|
+
uri: '/signup', # Use a different URL
|
30
|
+
nextUri: '/', # Where to send the user to, if auto login is enabled
|
31
|
+
form:
|
32
|
+
fields: # see next section for documentation
|
33
|
+
fieldOrder: # see next section
|
34
|
+
|
35
|
+
|
36
|
+
Modifying Default Fields
|
37
|
+
------------------------
|
38
|
+
|
39
|
+
The registration form will render these fields by default, and they will be
|
40
|
+
required by the user:
|
41
|
+
|
42
|
+
* given_name
|
43
|
+
* surname
|
44
|
+
* email
|
45
|
+
* password
|
46
|
+
|
47
|
+
While email and password will always be required, you do not need to require
|
48
|
+
first and last name. These can be configured as optional fields, or omitted
|
49
|
+
entirely. You can also specify your own custom fields. We'll cover each use
|
50
|
+
case in detail.
|
51
|
+
|
52
|
+
Configure First Name and Last Name as Optional
|
53
|
+
..............................................
|
54
|
+
|
55
|
+
If you would like to show the fields for first name and last name, but not
|
56
|
+
require them, you can set required to false:
|
57
|
+
|
58
|
+
.. code-block:: yaml
|
59
|
+
|
60
|
+
web:
|
61
|
+
register:
|
62
|
+
form:
|
63
|
+
fields:
|
64
|
+
givenName:
|
65
|
+
required: false
|
66
|
+
surname:
|
67
|
+
required: false
|
68
|
+
|
69
|
+
|
70
|
+
Because the Stormpath API requires a first name and last name, we will auto-fill
|
71
|
+
these fields with `UNKNOWN` if the user does not provide them.
|
72
|
+
|
73
|
+
|
74
|
+
Disabling First Name and Last Name
|
75
|
+
..................................
|
76
|
+
|
77
|
+
If you want to remove these fields entirely, you can set enabled to false:
|
78
|
+
|
79
|
+
.. code-block:: yaml
|
80
|
+
|
81
|
+
web:
|
82
|
+
register:
|
83
|
+
form:
|
84
|
+
fields:
|
85
|
+
givenName:
|
86
|
+
enabled: false
|
87
|
+
surname:
|
88
|
+
enabled: false
|
89
|
+
|
90
|
+
|
91
|
+
Because the Stormpath API requires a first name and last name, we will auto-fill
|
92
|
+
these fields with `UNKNOWN` when a user registers.
|
93
|
+
|
94
|
+
.. _custom_form_fields:
|
95
|
+
|
96
|
+
Creating Custom Fields
|
97
|
+
----------------------
|
98
|
+
|
99
|
+
You can add your own custom fields to the form. The values will be
|
100
|
+
automatically added to the user's custom data object when they register
|
101
|
+
successfully. You can define a custom field by defining a new field object,
|
102
|
+
like this:
|
103
|
+
|
104
|
+
.. code-block:: yaml
|
105
|
+
|
106
|
+
web:
|
107
|
+
register:
|
108
|
+
form:
|
109
|
+
fields:
|
110
|
+
favoriteColor:
|
111
|
+
enabled: true,
|
112
|
+
label: 'Favorite Color',
|
113
|
+
placeholder: 'E.g. Red, Blue',
|
114
|
+
required: true,
|
115
|
+
type: 'text'
|
116
|
+
|
117
|
+
|
118
|
+
All field objects have the following properties, which must be defined:
|
119
|
+
|
120
|
+
- **enabled** - Determines if the field is shown on the form.
|
121
|
+
|
122
|
+
- **label** - The text label that is shown to the left of the input field.
|
123
|
+
|
124
|
+
- **placeholder** - The help text that is shown inside the input field, if the
|
125
|
+
input field is empty (HTML5 property).
|
126
|
+
|
127
|
+
- **required** - Marks the field as a required field. This uses the HTML5
|
128
|
+
required property, to prompt the user to enter the value. The post data will
|
129
|
+
also be validated to ensure that the field is supplied, and an error will be
|
130
|
+
returned if the field is empty.
|
131
|
+
|
132
|
+
- **type** - the HTML type of the input, e.g. text, email, or password.
|
133
|
+
|
134
|
+
.. note::
|
135
|
+
|
136
|
+
The property name of the field definition, in this case ``favoriteColor``,
|
137
|
+
will be used for the ``name`` attribute in the rendered HTML form, or the key
|
138
|
+
in the JSON view model for the registration endpoint.
|
139
|
+
|
140
|
+
Changing Field Order
|
141
|
+
--------------------
|
142
|
+
|
143
|
+
If you want to change the order of the fields, you can do so by specifying the
|
144
|
+
``fieldOrder`` array:
|
145
|
+
|
146
|
+
.. code-block:: yaml
|
147
|
+
|
148
|
+
web:
|
149
|
+
register:
|
150
|
+
form:
|
151
|
+
fieldOrder:
|
152
|
+
- 'givenName'
|
153
|
+
- 'surname'
|
154
|
+
- 'email'
|
155
|
+
- 'password'
|
156
|
+
- 'confirmPassword'
|
157
|
+
|
158
|
+
Password Strength Rules
|
159
|
+
-----------------------
|
160
|
+
|
161
|
+
Stormpath supports complex password strength rules, such as number of letters
|
162
|
+
or special characters required. These settings are controlled on a directory
|
163
|
+
basis. If you want to modify the password strength rules for your application
|
164
|
+
you should use the `Stormpath Admin Console`_ to find the directory that is mapped
|
165
|
+
to your application, and modify it's password policy.
|
166
|
+
|
167
|
+
For more information see `Account Password Strength Policy`_.
|
168
|
+
|
169
|
+
.. _email_verification:
|
170
|
+
|
171
|
+
Email Verification
|
172
|
+
------------------
|
173
|
+
|
174
|
+
We **highly** recommend that you use email verification, as it adds a layer
|
175
|
+
of security to your site (it makes it harder for bots to create spam accounts).
|
176
|
+
|
177
|
+
One of our favorite Stormpath features is email verification. When this workflow
|
178
|
+
is enabled on the directory, we will send the new account an email with a link
|
179
|
+
that they must click on in order to verify their account. When they click on
|
180
|
+
that link they will need to be directed to this URL:
|
181
|
+
|
182
|
+
http://localhost:3000/verify?sptoken=TOKEN
|
183
|
+
|
184
|
+
We have to configure our directory in order for this to happen. Use the
|
185
|
+
`Stormpath Admin Console`_ to find the directory of your application, then
|
186
|
+
go into the Workflows section. In there you will find the email verification
|
187
|
+
workflow, which should be enabled by default (enable it if not). Then modify
|
188
|
+
the template of the email to use this value for the `Link Base URL`:
|
189
|
+
|
190
|
+
.. code-block:: sh
|
191
|
+
|
192
|
+
http://localhost:3000/verify
|
193
|
+
|
194
|
+
When the user arrives on the verification URL, we will verify that their email
|
195
|
+
link is valid and hasn't already been used. If the link is valid we will redirect
|
196
|
+
them to the login page. If there is a problem with the link we provide a form
|
197
|
+
that allows them to ask for a new link.
|
198
|
+
|
199
|
+
|
200
|
+
Auto Login
|
201
|
+
----------
|
202
|
+
|
203
|
+
If you are *not* using email verificaion (not recommended) you may log users in
|
204
|
+
automatically when they register. This can be achieved with this config:
|
205
|
+
|
206
|
+
.. code-block:: yaml
|
207
|
+
|
208
|
+
web:
|
209
|
+
register:
|
210
|
+
autoLogin: true,
|
211
|
+
nextUri: '/'
|
212
|
+
|
213
|
+
|
214
|
+
By default the nextUri is to the ``/`` page, but you can modify this.
|
215
|
+
|
216
|
+
Overriding Registration
|
217
|
+
-----------------------
|
218
|
+
|
219
|
+
Controllers
|
220
|
+
...........
|
221
|
+
|
222
|
+
Since Stormpath controllers are highly configurable, they have lots of configuration code and are not written in a traditional way.
|
223
|
+
|
224
|
+
A RegisterController would usually have two actions - new & create, however in Stormpath-Rails they are separated into two single action controllers - ``Stormpath::Rails::Register::NewController`` and ``Stormpath::Rails::Register::CreateController``.
|
225
|
+
They both respond to a ``call`` method (action).
|
226
|
+
|
227
|
+
To override a Stormpath controller, first you need to subclass it:
|
228
|
+
|
229
|
+
.. code-block:: ruby
|
230
|
+
|
231
|
+
class CreateAccountController < Stormpath::Rails::Register::CreateController
|
232
|
+
end
|
233
|
+
|
234
|
+
|
235
|
+
and update the routes to point to your new controller:
|
236
|
+
|
237
|
+
.. code-block:: ruby
|
238
|
+
|
239
|
+
Rails.application.routes.draw do
|
240
|
+
stormpath_rails_routes(actions: {
|
241
|
+
'register#create' => 'create_account#call'
|
242
|
+
})
|
243
|
+
end
|
244
|
+
|
245
|
+
|
246
|
+
Routes
|
247
|
+
------
|
248
|
+
|
249
|
+
To override routes (while using Stormpath default controllers), please use the configuration file ``config/stormpath.yml`` and override them there.
|
250
|
+
As usual, to see what the routes are, run *rake routes*.
|
251
|
+
|
252
|
+
Views
|
253
|
+
-----
|
254
|
+
|
255
|
+
You can use the Stormpath views generator to copy the default views to your application for modification:
|
256
|
+
|
257
|
+
.. code-block:: ruby
|
258
|
+
|
259
|
+
rails generate stormpath:views
|
260
|
+
|
261
|
+
|
262
|
+
which generates these files::
|
263
|
+
|
264
|
+
stormpath/rails/layouts/stormpath.html.erb
|
265
|
+
|
266
|
+
stormpath/rails/login/new.html.erb
|
267
|
+
stormpath/rails/login/_form.html.erb
|
268
|
+
|
269
|
+
stormpath/rails/register/new.html.erb
|
270
|
+
stormpath/rails/register/_form.html.erb
|
271
|
+
|
272
|
+
stormpath/rails/change_password/new.html.erb
|
273
|
+
|
274
|
+
stormpath/rails/forgot_password/new.html.erb
|
275
|
+
|
276
|
+
stormpath/rails/shared/_input.html.erb
|
277
|
+
|
278
|
+
stormpath/rails/verify_email/new.html.erb
|
279
|
+
|
280
|
+
|
281
|
+
JSON Registration API
|
282
|
+
---------------------
|
283
|
+
|
284
|
+
If you are using this gem from a SPA framework like Angular or React, you
|
285
|
+
will want to make a JSON post to register users. Simply post an object to
|
286
|
+
``/register`` that looks like this, and supply the fields that you wish to
|
287
|
+
populate on the user::
|
288
|
+
|
289
|
+
{
|
290
|
+
"email": "foo@bar.com",
|
291
|
+
"password": "mySuper3ecretPAssw0rd",
|
292
|
+
"surname": "optional"
|
293
|
+
}
|
294
|
+
|
295
|
+
If the user is created successfully you will get a 200 response and the body
|
296
|
+
will the the account object that was created. If there was an error you
|
297
|
+
will get an object that looks like ``{ message: 'error message here'}``.
|
298
|
+
|
299
|
+
If you make a GET request to the registration endpoint, with ``Accept:
|
300
|
+
application/json``, we will send you a JSON view model that describes the
|
301
|
+
registration form and the social account stores that are mapped to your
|
302
|
+
Stormpath Application. Here is an example view model that shows you an
|
303
|
+
application that has a default registration form, and a mapped Google
|
304
|
+
directory:
|
305
|
+
|
306
|
+
.. code-block:: javascript
|
307
|
+
|
308
|
+
{
|
309
|
+
"accountStores": [
|
310
|
+
{
|
311
|
+
"name": "stormpath-rails google",
|
312
|
+
"href": "https://api.stormpath.com/v1/directories/gc0Ty90yXXk8ifd2QPwt",
|
313
|
+
"provider": {
|
314
|
+
"providerId": "google",
|
315
|
+
"clientId": "441084632428-9au0gijbo5icagep9u79qtf7ic7cc5au.apps.googleusercontent.com",
|
316
|
+
"scope": "email profile",
|
317
|
+
"href": "https://api.stormpath.com/v1/directories/gc0Ty90yXXk8ifd2QPwt/provider"
|
318
|
+
}
|
319
|
+
}
|
320
|
+
],
|
321
|
+
"form": {
|
322
|
+
"fields": [
|
323
|
+
{
|
324
|
+
"label": "First Name",
|
325
|
+
"placeholder": "First Name",
|
326
|
+
"required": true,
|
327
|
+
"type": "text",
|
328
|
+
"name": "givenName"
|
329
|
+
},
|
330
|
+
{
|
331
|
+
"label": "Last Name",
|
332
|
+
"placeholder": "Last Name",
|
333
|
+
"required": true,
|
334
|
+
"type": "text",
|
335
|
+
"name": "surname"
|
336
|
+
},
|
337
|
+
{
|
338
|
+
"label": "Email",
|
339
|
+
"placeholder": "Email",
|
340
|
+
"required": true,
|
341
|
+
"type": "email",
|
342
|
+
"name": "email"
|
343
|
+
},
|
344
|
+
{
|
345
|
+
"label": "Password",
|
346
|
+
"placeholder": "Password",
|
347
|
+
"required": true,
|
348
|
+
"type": "password",
|
349
|
+
"name": "password"
|
350
|
+
}
|
351
|
+
]
|
352
|
+
}
|
353
|
+
}
|
354
|
+
|
355
|
+
.. note::
|
356
|
+
|
357
|
+
You may have to explicitly tell your client library that you want a JSON
|
358
|
+
response from the server. Not all libraries do this automatically. If the
|
359
|
+
library does not set the ``Accept: application/json`` header on the request,
|
360
|
+
you'll get back the HTML registration form - not the JSON response that you
|
361
|
+
expect.
|
362
|
+
|
363
|
+
.. _Stormpath Admin Console: https://api.stormpath.com
|
364
|
+
.. _Account Password Strength Policy: https://docs.stormpath.com/rest/product-guide/#account-password-strength-policy
|