tournament 1.1.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +15 -0
- data/Manifest.txt +241 -2
- data/README.txt +152 -12
- data/Rakefile +9 -6
- data/bin/benchmark_pool +0 -0
- data/bin/gui.rb +3 -1
- data/bin/picker +0 -0
- data/bin/pool +139 -15
- data/lib/tournament/bracket.rb +33 -50
- data/lib/tournament/entry.rb +3 -0
- data/lib/tournament/pool.rb +144 -93
- data/lib/tournament/scoring_strategy.rb +69 -0
- data/lib/tournament/webgui_installer.rb +109 -0
- data/tasks/ann.rake +19 -14
- data/tasks/bones.rake +6 -25
- data/tasks/gem.rake +46 -36
- data/tasks/git.rake +41 -0
- data/tasks/jamis.rb +589 -0
- data/tasks/notes.rake +28 -0
- data/tasks/post_load.rake +18 -11
- data/tasks/{doc.rake → rdoc.rake} +12 -9
- data/tasks/rubyforge.rake +12 -12
- data/tasks/setup.rb +121 -80
- data/tasks/spec.rake +12 -13
- data/tasks/svn.rake +15 -11
- data/tasks/test.rake +6 -6
- data/test/test_tournament.rb +8 -0
- data/test/test_webgui_installer.rb +64 -0
- data/webgui/README +256 -0
- data/webgui/Rakefile +10 -0
- data/webgui/app/controllers/admin_controller.rb +61 -0
- data/webgui/app/controllers/application.rb +25 -0
- data/webgui/app/controllers/entry_controller.rb +97 -0
- data/webgui/app/controllers/pool_controller.rb +4 -0
- data/webgui/app/controllers/reports_controller.rb +7 -0
- data/webgui/app/controllers/sessions_controller.rb +43 -0
- data/webgui/app/controllers/teams_controller.rb +75 -0
- data/webgui/app/controllers/users_controller.rb +57 -0
- data/webgui/app/helpers/admin_helper.rb +2 -0
- data/webgui/app/helpers/application_helper.rb +3 -0
- data/webgui/app/helpers/entry_helper.rb +2 -0
- data/webgui/app/helpers/pool_helper.rb +2 -0
- data/webgui/app/helpers/reports_helper.rb +2 -0
- data/webgui/app/helpers/sessions_helper.rb +2 -0
- data/webgui/app/helpers/teams_helper.rb +2 -0
- data/webgui/app/helpers/users_helper.rb +93 -0
- data/webgui/app/models/entry.rb +42 -0
- data/webgui/app/models/pool.rb +141 -0
- data/webgui/app/models/region.rb +3 -0
- data/webgui/app/models/role.rb +4 -0
- data/webgui/app/models/seeding.rb +4 -0
- data/webgui/app/models/team.rb +6 -0
- data/webgui/app/models/user.rb +98 -0
- data/webgui/app/models/user_mailer.rb +25 -0
- data/webgui/app/views/admin/bracket.html.erb +3 -0
- data/webgui/app/views/admin/entries.html.erb +25 -0
- data/webgui/app/views/admin/index.html.erb +17 -0
- data/webgui/app/views/admin/pool.html.erb +53 -0
- data/webgui/app/views/entry/index.html.erb +16 -0
- data/webgui/app/views/entry/print.erb +1 -0
- data/webgui/app/views/entry/print.html.erb +1 -0
- data/webgui/app/views/entry/show.html.erb +1 -0
- data/webgui/app/views/layouts/bracket.html.erb +37 -0
- data/webgui/app/views/layouts/default.html.erb +62 -0
- data/webgui/app/views/layouts/print.html.erb +12 -0
- data/webgui/app/views/layouts/report.html.erb +38 -0
- data/webgui/app/views/pool/index.html.erb +36 -0
- data/webgui/app/views/reports/_report.html.erb +11 -0
- data/webgui/app/views/reports/show.html.erb +12 -0
- data/webgui/app/views/sessions/new.html.erb +21 -0
- data/webgui/app/views/shared/_admins.html.erb +8 -0
- data/webgui/app/views/shared/_bracket.html.erb +1296 -0
- data/webgui/app/views/teams/choose.html.erb +57 -0
- data/webgui/app/views/user_mailer/activation.erb +3 -0
- data/webgui/app/views/user_mailer/signup_notification.erb +8 -0
- data/webgui/app/views/users/_user_bar.html.erb +8 -0
- data/webgui/app/views/users/new.html.erb +19 -0
- data/webgui/config/boot.rb +109 -0
- data/webgui/config/database.yml +22 -0
- data/webgui/config/environment.rb +78 -0
- data/webgui/config/environments/development.rb +29 -0
- data/webgui/config/environments/production.rb +24 -0
- data/webgui/config/environments/test.rb +22 -0
- data/webgui/config/initializers/inflections.rb +10 -0
- data/webgui/config/initializers/mime_types.rb +5 -0
- data/webgui/config/initializers/new_rails_defaults.rb +17 -0
- data/webgui/config/initializers/pool.rb +33 -0
- data/webgui/config/initializers/site_keys.rb +38 -0
- data/webgui/config/locales/en.yml +5 -0
- data/webgui/config/routes.rb +56 -0
- data/webgui/db/development.sqlite3 +0 -0
- data/webgui/db/migrate/20090216015836_create_entries.rb +13 -0
- data/webgui/db/migrate/20090217001611_add_tie_break_to_entry.rb +9 -0
- data/webgui/db/migrate/20090217004039_create_users.rb +23 -0
- data/webgui/db/migrate/20090217014940_relate_entry_and_user.rb +10 -0
- data/webgui/db/migrate/20090218024350_create_roles.rb +17 -0
- data/webgui/db/migrate/20090218024657_add_postition_to_roles.rb +9 -0
- data/webgui/db/migrate/20090218025240_add_admin_role.rb +10 -0
- data/webgui/db/migrate/20090225022928_create_pools.rb +16 -0
- data/webgui/db/migrate/20090225030346_associate_pool_and_entry.rb +9 -0
- data/webgui/db/migrate/20090225072358_change_pool_data_column.rb +9 -0
- data/webgui/db/migrate/20090225072849_add_completed_to_entries.rb +9 -0
- data/webgui/db/migrate/20090225074149_add_pool_id_index_to_entries.rb +9 -0
- data/webgui/db/migrate/20090225084414_add_user_id_to_pool.rb +9 -0
- data/webgui/db/migrate/20090226021913_add_active_to_pools.rb +9 -0
- data/webgui/db/migrate/20090226142240_rename_bracket_column_to_data.rb +9 -0
- data/webgui/db/migrate/20090301014710_create_teams.rb +84 -0
- data/webgui/db/migrate/20090301025902_add_more_teams.rb +16 -0
- data/webgui/db/migrate/20090301041526_create_seedings.rb +16 -0
- data/webgui/db/migrate/20090301090511_create_regions.rb +14 -0
- data/webgui/db/migrate/teams.txt +347 -0
- data/webgui/db/pool.yml +408 -0
- data/webgui/db/schema.rb +91 -0
- data/webgui/db/test.sqlite3 +0 -0
- data/webgui/doc/README_FOR_APP +5 -0
- data/webgui/lib/authenticated_system.rb +189 -0
- data/webgui/lib/authenticated_test_helper.rb +11 -0
- data/webgui/lib/form_object.rb +70 -0
- data/webgui/lib/pdf_helper.rb +47 -0
- data/webgui/lib/prince.rb +74 -0
- data/webgui/lib/saves_picks.rb +23 -0
- data/webgui/lib/tasks/admin.rake +10 -0
- data/webgui/public/404.html +30 -0
- data/webgui/public/422.html +30 -0
- data/webgui/public/500.html +33 -0
- data/webgui/public/dispatch.cgi +10 -0
- data/webgui/public/dispatch.fcgi +24 -0
- data/webgui/public/dispatch.rb +10 -0
- data/webgui/public/favicon.ico +0 -0
- data/webgui/public/images/2009FinalFour.png +0 -0
- data/webgui/public/images/rails.png +0 -0
- data/webgui/public/javascripts/application.js +2 -0
- data/webgui/public/javascripts/bracket.js +73 -0
- data/webgui/public/javascripts/controls.js +963 -0
- data/webgui/public/javascripts/dragdrop.js +973 -0
- data/webgui/public/javascripts/effects.js +1128 -0
- data/webgui/public/javascripts/prototype.js +4320 -0
- data/webgui/public/robots.txt +5 -0
- data/webgui/public/stylesheets/bracket-print.css +39 -0
- data/webgui/public/stylesheets/bracket.css +125 -0
- data/webgui/public/stylesheets/main.css +144 -0
- data/webgui/public/stylesheets/prince.css +6 -0
- data/webgui/public/stylesheets/prince_landscape.css +1 -0
- data/webgui/script/about +4 -0
- data/webgui/script/console +3 -0
- data/webgui/script/dbconsole +3 -0
- data/webgui/script/destroy +3 -0
- data/webgui/script/generate +3 -0
- data/webgui/script/performance/benchmarker +3 -0
- data/webgui/script/performance/profiler +3 -0
- data/webgui/script/performance/request +3 -0
- data/webgui/script/plugin +3 -0
- data/webgui/script/process/inspector +3 -0
- data/webgui/script/process/reaper +3 -0
- data/webgui/script/process/spawner +3 -0
- data/webgui/script/runner +3 -0
- data/webgui/script/server +3 -0
- data/webgui/test/fixtures/entries.yml +10 -0
- data/webgui/test/fixtures/pools.yml +14 -0
- data/webgui/test/fixtures/regions.yml +11 -0
- data/webgui/test/fixtures/roles.yml +11 -0
- data/webgui/test/fixtures/roles_users.yml +3 -0
- data/webgui/test/fixtures/seedings.yml +12 -0
- data/webgui/test/fixtures/teams.yml +3051 -0
- data/webgui/test/fixtures/users.yml +44 -0
- data/webgui/test/functional/admin_controller_test.rb +8 -0
- data/webgui/test/functional/entry_controller_test.rb +27 -0
- data/webgui/test/functional/pool_controller_test.rb +8 -0
- data/webgui/test/functional/reports_controller_test.rb +8 -0
- data/webgui/test/functional/sessions_controller_test.rb +82 -0
- data/webgui/test/functional/teams_controller_test.rb +216 -0
- data/webgui/test/functional/users_controller_test.rb +88 -0
- data/webgui/test/performance/browsing_test.rb +9 -0
- data/webgui/test/test_helper.rb +38 -0
- data/webgui/test/unit/entry_test.rb +8 -0
- data/webgui/test/unit/pool_test.rb +8 -0
- data/webgui/test/unit/region_test.rb +8 -0
- data/webgui/test/unit/role_test.rb +8 -0
- data/webgui/test/unit/seeding_test.rb +8 -0
- data/webgui/test/unit/team_test.rb +10 -0
- data/webgui/test/unit/user_mailer_test.rb +31 -0
- data/webgui/test/unit/user_test.rb +109 -0
- data/webgui/vendor/plugins/auto_complete/README +23 -0
- data/webgui/vendor/plugins/auto_complete/Rakefile +22 -0
- data/webgui/vendor/plugins/auto_complete/init.rb +2 -0
- data/webgui/vendor/plugins/auto_complete/lib/auto_complete.rb +47 -0
- data/webgui/vendor/plugins/auto_complete/lib/auto_complete_macros_helper.rb +143 -0
- data/webgui/vendor/plugins/auto_complete/test/auto_complete_test.rb +67 -0
- data/webgui/vendor/plugins/enumerations_mixin/ATTENTION +15 -0
- data/webgui/vendor/plugins/enumerations_mixin/LICENSE +20 -0
- data/webgui/vendor/plugins/enumerations_mixin/README_ENUMERATIONS +163 -0
- data/webgui/vendor/plugins/enumerations_mixin/init.rb +21 -0
- data/webgui/vendor/plugins/enumerations_mixin/lib/active_record/acts/enumerated.rb +177 -0
- data/webgui/vendor/plugins/enumerations_mixin/lib/active_record/aggregations/has_enumerated.rb +60 -0
- data/webgui/vendor/plugins/enumerations_mixin/lib/active_record/virtual_enumerations.rb +68 -0
- data/webgui/vendor/plugins/enumerations_mixin/virtual_enumerations_sample.rb +76 -0
- data/webgui/vendor/plugins/restful_authentication/.gitignore +21 -0
- data/webgui/vendor/plugins/restful_authentication/CHANGELOG +68 -0
- data/webgui/vendor/plugins/restful_authentication/README.textile +224 -0
- data/webgui/vendor/plugins/restful_authentication/Rakefile +32 -0
- data/webgui/vendor/plugins/restful_authentication/TODO +15 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/USAGE +1 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/authenticated_generator.rb +478 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/lib/insert_routes.rb +54 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/_model_partial.html.erb +8 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/activation.erb +3 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/authenticated_system.rb +189 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/authenticated_test_helper.rb +22 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/controller.rb +43 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/helper.rb +2 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/login.html.erb +16 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/mailer.rb +25 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/migration.rb +26 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/model.rb +83 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/model_controller.rb +85 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/model_helper.rb +93 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/model_helper_spec.rb +158 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/observer.rb +11 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/signup.html.erb +19 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/signup_notification.erb +8 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/site_keys.rb +38 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/access_control_spec.rb +90 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb +102 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb +139 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/spec/controllers/users_controller_spec.rb +198 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/spec/fixtures/users.yml +60 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/spec/helpers/users_helper_spec.rb +141 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/spec/models/user_spec.rb +290 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/rest_auth_stories.rb +22 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/rest_auth_stories_helper.rb +81 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb +49 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_resource_steps.rb +179 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb +171 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/user_steps.rb +153 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/users/accounts.story +186 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/users/sessions.story +134 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/test/functional_test.rb +82 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/test/mailer_test.rb +31 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/test/model_functional_test.rb +93 -0
- data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/test/unit_test.rb +164 -0
- data/webgui/vendor/plugins/restful_authentication/init.rb +1 -0
- data/webgui/vendor/plugins/restful_authentication/install.rb +1 -0
- data/webgui/vendor/plugins/restful_authentication/lib/authentication/by_cookie_token.rb +82 -0
- data/webgui/vendor/plugins/restful_authentication/lib/authentication/by_password.rb +64 -0
- data/webgui/vendor/plugins/restful_authentication/lib/authentication.rb +40 -0
- data/webgui/vendor/plugins/restful_authentication/lib/authorization/aasm_roles.rb +63 -0
- data/webgui/vendor/plugins/restful_authentication/lib/authorization/stateful_roles.rb +62 -0
- data/webgui/vendor/plugins/restful_authentication/lib/authorization.rb +14 -0
- data/webgui/vendor/plugins/restful_authentication/lib/trustification/email_validation.rb +20 -0
- data/webgui/vendor/plugins/restful_authentication/lib/trustification.rb +14 -0
- data/webgui/vendor/plugins/restful_authentication/notes/AccessControl.txt +2 -0
- data/webgui/vendor/plugins/restful_authentication/notes/Authentication.txt +5 -0
- data/webgui/vendor/plugins/restful_authentication/notes/Authorization.txt +154 -0
- data/webgui/vendor/plugins/restful_authentication/notes/RailsPlugins.txt +78 -0
- data/webgui/vendor/plugins/restful_authentication/notes/SecurityFramework.graffle +0 -0
- data/webgui/vendor/plugins/restful_authentication/notes/SecurityFramework.png +0 -0
- data/webgui/vendor/plugins/restful_authentication/notes/SecurityPatterns.txt +163 -0
- data/webgui/vendor/plugins/restful_authentication/notes/Tradeoffs.txt +126 -0
- data/webgui/vendor/plugins/restful_authentication/notes/Trustification.txt +49 -0
- data/webgui/vendor/plugins/restful_authentication/rails/init.rb +3 -0
- data/webgui/vendor/plugins/restful_authentication/restful-authentication.gemspec +33 -0
- data/webgui/vendor/plugins/restful_authentication/tasks/auth.rake +33 -0
- metadata +288 -8
- data/tasks/annotations.rake +0 -22
@@ -0,0 +1,224 @@
|
|
1
|
+
h1. "Restful Authentication Generator":http://github.com/technoweenie/restful-authentication
|
2
|
+
|
3
|
+
This widely-used plugin provides a foundation for securely managing user
|
4
|
+
authentication:
|
5
|
+
* Login / logout
|
6
|
+
* Secure password handling
|
7
|
+
* Account activation by validating email
|
8
|
+
* Account approval / disabling by admin
|
9
|
+
* Rudimentary hooks for authorization and access control.
|
10
|
+
|
11
|
+
Several features were updated in May, 2008.
|
12
|
+
* "Stable newer version":http://github.com/technoweenie/restful-authentication/tree/master
|
13
|
+
* "'Classic' (backward-compatible) version":http://github.com/technoweenie/restful-authentication/tree/classic
|
14
|
+
* "Experimental version":http://github.com/technoweenie/restful-authentication/tree/modular (Much more modular, needs testing & review)
|
15
|
+
|
16
|
+
!! important: if you upgrade your site, existing user account !!
|
17
|
+
!! passwords will stop working unless you use --old-passwords !!
|
18
|
+
|
19
|
+
***************************************************************************
|
20
|
+
|
21
|
+
h2. Issue Tracker
|
22
|
+
|
23
|
+
Please submit any bugs or annoyances on the lighthouse tracker at
|
24
|
+
* "http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview
|
25
|
+
|
26
|
+
For anything simple enough, please github message both maintainers: Rick Olson
|
27
|
+
("technoweenie":http://github.com/technoweenie) and Flip Kromer
|
28
|
+
("mrflip":http://github.com/mrflip).
|
29
|
+
|
30
|
+
***************************************************************************
|
31
|
+
|
32
|
+
h2. Documentation
|
33
|
+
|
34
|
+
This page has notes on
|
35
|
+
* "Installation":#INSTALL
|
36
|
+
* "New Features":#AWESOME
|
37
|
+
* "After installing":#POST-INSTALL
|
38
|
+
|
39
|
+
See the "wiki":http://github.com/technoweenie/restful-authentication/wikis/home
|
40
|
+
(or the notes/ directory) if you want to learn more about:
|
41
|
+
|
42
|
+
* "Extensions, Addons and Alternatives":addons such as HAML templates
|
43
|
+
* "Security Design Patterns":security-patterns with "snazzy diagram":http://github.com/technoweenie/restful-authentication/tree/master/notes/SecurityFramework.png
|
44
|
+
* [[Authentication]] -- Lets a visitor identify herself (and lay claim to her corresponding Roles and measure of Trust)
|
45
|
+
* "Trust Metrics":Trustification -- Confidence we can rely on the outcomes of this visitor's actions.
|
46
|
+
* [[Authorization]] and Policy -- Based on trust and identity, what actions may this visitor perform?
|
47
|
+
* [[Access Control]] -- How the Authorization policy is actually enforced in your code (A: hopefully without turning it into a spaghetti of if thens)
|
48
|
+
* [[Rails Plugins]] for Authentication, Trust, Authorization and Access Control
|
49
|
+
* [[Tradeoffs]] -- for the paranoid or the curious, a rundown of tradeoffs made in the code
|
50
|
+
* [[CHANGELOG]] -- Summary of changes to internals
|
51
|
+
* [[TODO]] -- Ideas for how you can help
|
52
|
+
|
53
|
+
These best version of the release notes are in the notes/ directory in the
|
54
|
+
"source code":http://github.com/technoweenie/restful-authentication/tree/master
|
55
|
+
-- look there for the latest version. The wiki versions are taken (manually)
|
56
|
+
from there.
|
57
|
+
|
58
|
+
***************************************************************************
|
59
|
+
|
60
|
+
<a id="AWESOME"/> </a>
|
61
|
+
h2. Exciting new features
|
62
|
+
|
63
|
+
h3. Stories
|
64
|
+
|
65
|
+
There are now RSpec stories that allow expressive, enjoyable tests for the
|
66
|
+
authentication code. The flexible code for resource testing in stories was
|
67
|
+
extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
|
68
|
+
|
69
|
+
h3. Modularize to match security design patterns:
|
70
|
+
|
71
|
+
* Authentication (currently: password, browser cookie token, HTTP basic)
|
72
|
+
* Trust metric (email validation)
|
73
|
+
* Authorization (stateful roles)
|
74
|
+
* Leave a flexible framework that will play nicely with other access control / policy definition / trust metric plugins
|
75
|
+
|
76
|
+
h3. Other
|
77
|
+
|
78
|
+
* Added a few helper methods for linking to user pages
|
79
|
+
* Uniform handling of logout, remember_token
|
80
|
+
* Stricter email, login field validation
|
81
|
+
* Minor security fixes -- see CHANGELOG
|
82
|
+
|
83
|
+
***************************************************************************
|
84
|
+
|
85
|
+
h2. Non-backwards compatible Changes
|
86
|
+
|
87
|
+
Here are a few changes in the May 2008 release that increase "Defense in Depth"
|
88
|
+
but may require changes to existing accounts
|
89
|
+
|
90
|
+
* If you have an existing site, none of these changes are compelling enough to
|
91
|
+
warrant migrating your userbase.
|
92
|
+
* If you are generating for a new site, all of these changes are low-impact.
|
93
|
+
You should apply them.
|
94
|
+
|
95
|
+
h3. Passwords
|
96
|
+
|
97
|
+
The new password encryption (using a site key salt and stretching) will break
|
98
|
+
existing user accounts' passwords. We recommend you use the --old-passwords
|
99
|
+
option or write a migration tool and submit it as a patch. See the
|
100
|
+
[[Tradeoffs]] note for more information.
|
101
|
+
|
102
|
+
h3. Validations
|
103
|
+
|
104
|
+
By default, email and usernames are validated against a somewhat strict pattern; your users' values may be now illegal. Adjust to suit.
|
105
|
+
|
106
|
+
***************************************************************************
|
107
|
+
|
108
|
+
<a id="INSTALL"/> </a>
|
109
|
+
h2. Installation
|
110
|
+
|
111
|
+
This is a basic restful authentication generator for rails, taken from
|
112
|
+
acts as authenticated. Currently it requires Rails 1.2.6 or above.
|
113
|
+
|
114
|
+
**IMPORTANT FOR RAILS > 2.1 USERS** To avoid a @NameError@ exception ("lighthouse tracker ticket":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/tickets/2-not-a-valid-constant-name-errors#ticket-2-2), check out the code to have an _underscore_ and not _dash_ in its name:
|
115
|
+
* either use <code>git clone git://github.com/technoweenie/restful-authentication.git restful_authentication</code>
|
116
|
+
* or rename the plugin's directory to be <code>restful_authentication</code> after fetching it.
|
117
|
+
|
118
|
+
To use the generator:
|
119
|
+
|
120
|
+
./script/generate authenticated user sessions \
|
121
|
+
--include-activation \
|
122
|
+
--stateful \
|
123
|
+
--rspec \
|
124
|
+
--skip-migration \
|
125
|
+
--skip-routes \
|
126
|
+
--old-passwords
|
127
|
+
|
128
|
+
* The first parameter specifies the model that gets created in signup (typically
|
129
|
+
a user or account model). A model with migration is created, as well as a
|
130
|
+
basic controller with the create method. You probably want to say "User" here.
|
131
|
+
|
132
|
+
* The second parameter specifies the session controller name. This is the
|
133
|
+
controller that handles the actual login/logout function on the site.
|
134
|
+
(probably: "Session").
|
135
|
+
|
136
|
+
* --include-activation: Generates the code for a ActionMailer and its respective
|
137
|
+
Activation Code through email.
|
138
|
+
|
139
|
+
* --stateful: Builds in support for acts_as_state_machine and generates
|
140
|
+
activation code. (@--stateful@ implies @--include-activation@). Based on the
|
141
|
+
idea at [[http://www.vaporbase.com/postings/stateful_authentication]]. Passing
|
142
|
+
@--skip-migration@ will skip the user migration, and @--skip-routes@ will skip
|
143
|
+
resource generation -- both useful if you've already run this generator.
|
144
|
+
(Needs the "acts_as_state_machine plugin":http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/,
|
145
|
+
but new installs should probably run with @--aasm@ instead.)
|
146
|
+
|
147
|
+
* --aasm: Works the same as stateful but uses the "updated aasm gem":http://github.com/rubyist/aasm/tree/master
|
148
|
+
|
149
|
+
* --rspec: Generate RSpec tests and Stories in place of standard rails tests.
|
150
|
+
This requires the
|
151
|
+
"RSpec and Rspec-on-rails plugins":http://rspec.info/
|
152
|
+
(make sure you "./script/generate rspec" after installing RSpec.) The rspec
|
153
|
+
and story suite are much more thorough than the rails tests, and changes are
|
154
|
+
unlikely to be backported.
|
155
|
+
|
156
|
+
* --old-passwords: Use the older password scheme (see [[#COMPATIBILITY]], above)
|
157
|
+
|
158
|
+
* --skip-migration: Don't generate a migration file for this model
|
159
|
+
|
160
|
+
* --skip-routes: Don't generate a resource line in @config/routes.rb@
|
161
|
+
|
162
|
+
***************************************************************************
|
163
|
+
<a id="POST-INSTALL"/> </a>
|
164
|
+
h2. After installing
|
165
|
+
|
166
|
+
The below assumes a Model named 'User' and a Controller named 'Session'; please
|
167
|
+
alter to suit. There are additional security minutae in @notes/README-Tradeoffs@
|
168
|
+
-- only the paranoid or the curious need bother, though.
|
169
|
+
|
170
|
+
* Add these familiar login URLs to your @config/routes.rb@ if you like:
|
171
|
+
|
172
|
+
<pre><code>
|
173
|
+
map.signup '/signup', :controller => 'users', :action => 'new'
|
174
|
+
map.login '/login', :controller => 'session', :action => 'new'
|
175
|
+
map.logout '/logout', :controller => 'session', :action => 'destroy'
|
176
|
+
</code></pre>
|
177
|
+
|
178
|
+
* With @--include-activation@, also add to your @config/routes.rb@:
|
179
|
+
|
180
|
+
<pre><code>
|
181
|
+
map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
|
182
|
+
</code></pre>
|
183
|
+
|
184
|
+
and add an observer to @config/environment.rb@:
|
185
|
+
|
186
|
+
<pre><code>
|
187
|
+
config.active_record.observers = :user_observer
|
188
|
+
</code></pre>
|
189
|
+
|
190
|
+
Pay attention, may be this is not an issue for everybody, but if you should
|
191
|
+
have problems, that the sent activation_code does match with that in the
|
192
|
+
database stored, reload your user object before sending its data through email
|
193
|
+
something like:
|
194
|
+
|
195
|
+
<pre><code>
|
196
|
+
class UserObserver < ActiveRecord::Observer
|
197
|
+
def after_create(user)
|
198
|
+
user.reload
|
199
|
+
UserMailer.deliver_signup_notification(user)
|
200
|
+
end
|
201
|
+
def after_save(user)
|
202
|
+
user.reload
|
203
|
+
UserMailer.deliver_activation(user) if user.recently_activated?
|
204
|
+
end
|
205
|
+
end
|
206
|
+
</code></pre>
|
207
|
+
|
208
|
+
|
209
|
+
* With @--stateful@, add an observer to config/environment.rb:
|
210
|
+
|
211
|
+
<pre><code>
|
212
|
+
config.active_record.observers = :user_observer
|
213
|
+
</code></pre>
|
214
|
+
|
215
|
+
and modify the users resource line to read
|
216
|
+
|
217
|
+
map.resources :users, :member => { :suspend => :put,
|
218
|
+
:unsuspend => :put,
|
219
|
+
:purge => :delete }
|
220
|
+
|
221
|
+
* If you use a public repository for your code (such as github, rubyforge,
|
222
|
+
gitorious, etc.) make sure to NOT post your site_keys.rb (add a line like
|
223
|
+
'/config/initializers/site_keys.rb' to your .gitignore or do the svn ignore
|
224
|
+
dance), but make sure you DO keep it backed up somewhere safe.
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rake/rdoctask'
|
4
|
+
require 'rake/gempackagetask'
|
5
|
+
|
6
|
+
desc 'Default: run unit tests.'
|
7
|
+
task :default => :test
|
8
|
+
|
9
|
+
desc 'Test the restful_authentication plugin.'
|
10
|
+
Rake::TestTask.new(:test) do |t|
|
11
|
+
t.libs << 'lib'
|
12
|
+
t.pattern = 'test/**/*_test.rb'
|
13
|
+
t.verbose = true
|
14
|
+
end
|
15
|
+
|
16
|
+
desc 'Generate documentation for the restful_authentication plugin.'
|
17
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
18
|
+
rdoc.rdoc_dir = 'rdoc'
|
19
|
+
rdoc.title = 'RestfulAuthentication'
|
20
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
21
|
+
rdoc.rdoc_files.include('README')
|
22
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
23
|
+
end
|
24
|
+
|
25
|
+
gemspec = eval(File.read("#{File.dirname(__FILE__)}/restful-authentication.gemspec"))
|
26
|
+
PKG_NAME = gemspec.name
|
27
|
+
PKG_VERSION = gemspec.version
|
28
|
+
|
29
|
+
Rake::GemPackageTask.new(gemspec) do |pkg|
|
30
|
+
pkg.need_zip = true
|
31
|
+
pkg.need_tar = true
|
32
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
|
2
|
+
h3. Authentication security projects for a later date
|
3
|
+
|
4
|
+
|
5
|
+
* Track 'failed logins this hour' and demand a captcha after say 5 failed logins
|
6
|
+
("RECAPTCHA plugin.":http://agilewebdevelopment.com/plugins/recaptcha)
|
7
|
+
"De-proxy-ficate IP address": http://wiki.codemongers.com/NginxHttpRealIpModule
|
8
|
+
|
9
|
+
* Make cookie spoofing a little harder: we set the user's cookie to
|
10
|
+
(remember_token), but store digest(remember_token, request_IP). A CSRF cookie
|
11
|
+
spoofer has to then at least also spoof the user's originating IP
|
12
|
+
(see "Secure Programs HOWTO":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html)
|
13
|
+
|
14
|
+
* Log HTTP request on authentication / authorization failures
|
15
|
+
http://palisade.plynt.com/issues/2004Jul/safe-auth-practices
|
@@ -0,0 +1 @@
|
|
1
|
+
./script/generate authenticated USERMODEL CONTROLLERNAME
|