authlogic FTW!

This commit is contained in:
Espen Antonsen 2009-05-22 16:14:07 +02:00
parent 69d6b5326a
commit a60a9d56f9
26 changed files with 356 additions and 297 deletions

View file

@ -1,8 +0,0 @@
class Admin::ApplicationController < ApplicationController
protected
before_filter :login_required
end

View file

@ -5,16 +5,44 @@ class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time helper :all # include all helpers, all the time
protect_from_forgery # See ActionController::RequestForgeryProtection for details protect_from_forgery # See ActionController::RequestForgeryProtection for details
# Scrub sensitive parameters from your log filter_parameter_logging :password, :password_confirmation
# filter_parameter_logging :password helper_method :current_user, :current_user_session
protected private
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def set_current_person def current_user
@current_user = session[:user] return @current_user if defined?(@current_user)
end @current_user = current_user_session && current_user_session.user
end
def login_required def require_user
redirect_to(login_path) unless @current_user unless current_user
end store_location
flash[:notice] = "You must be logged in to access this page"
redirect_to new_user_session_url
return false
end
end
def require_no_user
if current_user
store_location
flash[:notice] = "You must be logged out to access this page"
redirect_to account_url
return false
end
end
def store_location
session[:return_to] = request.request_uri
end
def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end
end end

View file

@ -0,0 +1,24 @@
class UserSessionsController < ApplicationController
before_filter :require_no_user, :only => [:new, :create]
before_filter :require_user, :only => :destroy
def new
@user_session = UserSession.new
end
def create
@user_session = UserSession.new(params[:user_session])
if @user_session.save
flash[:notice] = "Login successful!"
redirect_back_or_default account_url
else
render :action => :new
end
end
def destroy
current_user_session.destroy
flash[:notice] = "Logout successful!"
redirect_back_or_default new_user_session_url
end
end

View file

@ -0,0 +1,36 @@
class UsersController < ApplicationController
before_filter :require_no_user, :only => [:new, :create]
before_filter :require_user, :only => [:show, :edit, :update]
def new
@user = User.new
end
def create
@user = User.new(params[:user])
if @user.save
flash[:notice] = "Account registered!"
redirect_back_or_default account_url
else
render :action => :new
end
end
def show
@user = @current_user
end
def edit
@user = @current_user
end
def update
@user = @current_user # makes our views "cleaner" and more consistent
if @user.update_attributes(params[:user])
flash[:notice] = "Account updated!"
redirect_to account_url
else
render :action => :edit
end
end
end

View file

@ -0,0 +1,2 @@
module UserSessionsHelper
end

View file

@ -0,0 +1,2 @@
module UsersHelper
end

3
app/models/user.rb Normal file
View file

@ -0,0 +1,3 @@
class User < ActiveRecord::Base
acts_as_authentic
end

View file

@ -0,0 +1,3 @@
class UserSession < Authlogic::Session::Base
# configuration here, see documentation for sub modules of Authlogic::Session
end

View file

@ -0,0 +1,14 @@
<h1>Login</h1>
<% form_for @user_session, :url => user_session_path do |f| %>
<%= f.error_messages %>
<%= f.label :email %><br />
<%= f.text_field :email %><br />
<br />
<%= f.label :password %><br />
<%= f.password_field :password %><br />
<br />
<%= f.check_box :remember_me %><%= f.label :remember_me %><br />
<br />
<%= f.submit "Login" %>
<% end %>

View file

@ -0,0 +1,8 @@
<%= form.label :email %><br />
<%= form.text_field :email %><br />
<br />
<%= form.label :password, form.object.new_record? ? nil : "Change password" %><br />
<%= form.password_field :password %><br />
<br />
<%= form.label :password_confirmation %><br />
<%= form.password_field :password_confirmation %><br />

View file

@ -0,0 +1,9 @@
<h1>Edit My Account</h1>
<% form_for @user, :url => account_path do |f| %>
<%= f.error_messages %>
<%= render :partial => "form", :object => f %>
<%= f.submit "Update" %>
<% end %>
<br /><%= link_to "My Profile", account_path %>

View file

@ -0,0 +1,7 @@
<h1>Register</h1>
<% form_for @user, :url => account_path do |f| %>
<%= f.error_messages %>
<%= render :partial => "form", :object => f %>
<%= f.submit "Register" %>
<% end %>

View file

@ -0,0 +1,32 @@
<p>
<b>Login count:</b>
<%=h @user.login_count %>
</p>
<p>
<b>Last request at:</b>
<%=h @user.last_request_at %>
</p>
<p>
<b>Last login at:</b>
<%=h @user.last_login_at %>
</p>
<p>
<b>Current login at:</b>
<%=h @user.current_login_at %>
</p>
<p>
<b>Last login ip:</b>
<%=h @user.last_login_ip %>
</p>
<p>
<b>Current login ip:</b>
<%=h @user.current_login_ip %>
</p>
<%= link_to 'Edit', edit_account_path %>

View file

@ -6,8 +6,12 @@ RAILS_GEM_VERSION = '2.3.2' unless defined? RAILS_GEM_VERSION
# Bootstrap the Rails environment, frameworks, and default configuration # Bootstrap the Rails environment, frameworks, and default configuration
require File.join(File.dirname(__FILE__), 'boot') require File.join(File.dirname(__FILE__), 'boot')
Rails::Initializer.run do |config| Rails::Initializer.run do |config|
config.gem "authlogic"
#config.gem "image_science"
config.time_zone = 'Copenhagen' config.time_zone = 'Copenhagen'
config.i18n.default_locale = 'no-NB' config.i18n.default_locale = 'no-NB'
@ -25,6 +29,4 @@ Rails::Initializer.run do |config|
:user_name => "espen@inspired.no", :user_name => "espen@inspired.no",
:password => "tkg5megmeg" :password => "tkg5megmeg"
} }
#config.gem "image_science"
end end

View file

@ -1,6 +1,14 @@
ActionController::Routing::Routes.draw do |map| ActionController::Routing::Routes.draw do |map|
map.resources :users
map.resource :user_session
map.resource :account, :controller => "users"
map.login "login", :controller => "user_sessions", :action => "new"
map.logout "logout", :controller => "user_sessions", :action => "destroy"
map.resources :photos map.resources :photos
map.resources :albums map.resources :albums
#map.connect ':controller/:action/:id' #map.connect ':controller/:action/:id'
#map.connect ':controller/:action/:id.:format' #map.connect ':controller/:action/:id.:format'
map.root :controller => "user_sessions", :action => "new" # optional, this just sets the root route
end end

View file

@ -0,0 +1,26 @@
class CreateUsers < ActiveRecord::Migration
def self.up
create_table :users do |t|
t.string :email, :null => false # optional, you can use login instead, or both
t.string :crypted_password, :null => false # optional, see below
t.string :password_salt, :null => false # optional, but highly recommended
t.string :persistence_token, :null => false # required
t.string :single_access_token, :null => false # optional, see Authlogic::Session::Params
t.string :perishable_token, :null => false # optional, see Authlogic::Session::Perishability
# Magic columns, just like ActiveRecord's created_at and updated_at. These are automatically maintained by Authlogic if they are present.
t.integer :login_count, :null => false, :default => 0 # optional, see Authlogic::Session::MagicColumns
t.integer :failed_login_count, :null => false, :default => 0 # optional, see Authlogic::Session::MagicColumns
t.datetime :last_request_at # optional, see Authlogic::Session::MagicColumns
t.datetime :current_login_at # optional, see Authlogic::Session::MagicColumns
t.datetime :last_login_at # optional, see Authlogic::Session::MagicColumns
t.string :current_login_ip # optional, see Authlogic::Session::MagicColumns
t.string :last_login_ip # optional, see Authlogic::Session::MagicColumns
t.timestamps
end
end
def self.down
drop_table :users
end
end

View file

@ -9,7 +9,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20090520230047) do ActiveRecord::Schema.define(:version => 20090522131931) do
create_table "albums", :force => true do |t| create_table "albums", :force => true do |t|
t.string "title", :null => false t.string "title", :null => false
@ -28,4 +28,22 @@ ActiveRecord::Schema.define(:version => 20090520230047) do
t.text "path" t.text "path"
end end
create_table "users", :force => true do |t|
t.string "email", :null => false
t.string "crypted_password", :null => false
t.string "password_salt", :null => false
t.string "persistence_token", :null => false
t.string "single_access_token", :null => false
t.string "perishable_token", :null => false
t.integer "login_count", :default => 0, :null => false
t.integer "failed_login_count", :default => 0, :null => false
t.datetime "last_request_at"
t.datetime "current_login_at"
t.datetime "last_login_at"
t.string "current_login_ip"
t.string "last_login_ip"
t.datetime "created_at"
t.datetime "updated_at"
end
end end

View file

@ -1,275 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Ruby on Rails: Welcome aboard</title>
<style type="text/css" media="screen">
body {
margin: 0;
margin-bottom: 25px;
padding: 0;
background-color: #f0f0f0;
font-family: "Lucida Grande", "Bitstream Vera Sans", "Verdana";
font-size: 13px;
color: #333;
}
h1 {
font-size: 28px;
color: #000;
}
a {color: #03c}
a:hover {
background-color: #03c;
color: white;
text-decoration: none;
}
#page {
background-color: #f0f0f0;
width: 750px;
margin: 0;
margin-left: auto;
margin-right: auto;
}
#content {
float: left;
background-color: white;
border: 3px solid #aaa;
border-top: none;
padding: 25px;
width: 500px;
}
#sidebar {
float: right;
width: 175px;
}
#footer {
clear: both;
}
#header, #about, #getting-started {
padding-left: 75px;
padding-right: 30px;
}
#header {
background-image: url("images/rails.png");
background-repeat: no-repeat;
background-position: top left;
height: 64px;
}
#header h1, #header h2 {margin: 0}
#header h2 {
color: #888;
font-weight: normal;
font-size: 16px;
}
#about h3 {
margin: 0;
margin-bottom: 10px;
font-size: 14px;
}
#about-content {
background-color: #ffd;
border: 1px solid #fc0;
margin-left: -11px;
}
#about-content table {
margin-top: 10px;
margin-bottom: 10px;
font-size: 11px;
border-collapse: collapse;
}
#about-content td {
padding: 10px;
padding-top: 3px;
padding-bottom: 3px;
}
#about-content td.name {color: #555}
#about-content td.value {color: #000}
#about-content.failure {
background-color: #fcc;
border: 1px solid #f00;
}
#about-content.failure p {
margin: 0;
padding: 10px;
}
#getting-started {
border-top: 1px solid #ccc;
margin-top: 25px;
padding-top: 15px;
}
#getting-started h1 {
margin: 0;
font-size: 20px;
}
#getting-started h2 {
margin: 0;
font-size: 14px;
font-weight: normal;
color: #333;
margin-bottom: 25px;
}
#getting-started ol {
margin-left: 0;
padding-left: 0;
}
#getting-started li {
font-size: 18px;
color: #888;
margin-bottom: 25px;
}
#getting-started li h2 {
margin: 0;
font-weight: normal;
font-size: 18px;
color: #333;
}
#getting-started li p {
color: #555;
font-size: 13px;
}
#search {
margin: 0;
padding-top: 10px;
padding-bottom: 10px;
font-size: 11px;
}
#search input {
font-size: 11px;
margin: 2px;
}
#search-text {width: 170px}
#sidebar ul {
margin-left: 0;
padding-left: 0;
}
#sidebar ul h3 {
margin-top: 25px;
font-size: 16px;
padding-bottom: 10px;
border-bottom: 1px solid #ccc;
}
#sidebar li {
list-style-type: none;
}
#sidebar ul.links li {
margin-bottom: 5px;
}
</style>
<script type="text/javascript" src="javascripts/prototype.js"></script>
<script type="text/javascript" src="javascripts/effects.js"></script>
<script type="text/javascript">
function about() {
if (Element.empty('about-content')) {
new Ajax.Updater('about-content', 'rails/info/properties', {
method: 'get',
onFailure: function() {Element.classNames('about-content').add('failure')},
onComplete: function() {new Effect.BlindDown('about-content', {duration: 0.25})}
});
} else {
new Effect[Element.visible('about-content') ?
'BlindUp' : 'BlindDown']('about-content', {duration: 0.25});
}
}
window.onload = function() {
$('search-text').value = '';
$('search').onsubmit = function() {
$('search-text').value = 'site:rubyonrails.org ' + $F('search-text');
}
}
</script>
</head>
<body>
<div id="page">
<div id="sidebar">
<ul id="sidebar-items">
<li>
<form id="search" action="http://www.google.com/search" method="get">
<input type="hidden" name="hl" value="en" />
<input type="text" id="search-text" name="q" value="site:rubyonrails.org " />
<input type="submit" value="Search" /> the Rails site
</form>
</li>
<li>
<h3>Join the community</h3>
<ul class="links">
<li><a href="http://www.rubyonrails.org/">Ruby on Rails</a></li>
<li><a href="http://weblog.rubyonrails.org/">Official weblog</a></li>
<li><a href="http://wiki.rubyonrails.org/">Wiki</a></li>
</ul>
</li>
<li>
<h3>Browse the documentation</h3>
<ul class="links">
<li><a href="http://api.rubyonrails.org/">Rails API</a></li>
<li><a href="http://stdlib.rubyonrails.org/">Ruby standard library</a></li>
<li><a href="http://corelib.rubyonrails.org/">Ruby core</a></li>
<li><a href="http://guides.rubyonrails.org/">Rails Guides</a></li>
</ul>
</li>
</ul>
</div>
<div id="content">
<div id="header">
<h1>Welcome aboard</h1>
<h2>You&rsquo;re riding Ruby on Rails!</h2>
</div>
<div id="about">
<h3><a href="rails/info/properties" onclick="about(); return false">About your application&rsquo;s environment</a></h3>
<div id="about-content" style="display: none"></div>
</div>
<div id="getting-started">
<h1>Getting started</h1>
<h2>Here&rsquo;s how to get rolling:</h2>
<ol>
<li>
<h2>Use <tt>script/generate</tt> to create your models and controllers</h2>
<p>To see all available options, run it without parameters.</p>
</li>
<li>
<h2>Set up a default route and remove or rename this file</h2>
<p>Routes are set up in config/routes.rb.</p>
</li>
<li>
<h2>Create your database</h2>
<p>Run <tt>rake db:migrate</tt> to create your database. If you're not using SQLite (the default), edit <tt>config/database.yml</tt> with your username and password.</p>
</li>
</ol>
</div>
</div>
<div id="footer">&nbsp;</div>
</div>
</body>
</html>

7
test/fixtures/users.yml vendored Normal file
View file

@ -0,0 +1,7 @@
# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
# one:
# column: value
#
# two:
# column: value

View file

@ -0,0 +1,82 @@
require File.dirname(__FILE__) + '/../test_helper'
require 'sessions_controller'
# Re-raise errors caught by the controller.
class SessionsController; def rescue_action(e) raise e end; end
class SessionsControllerTest < ActionController::TestCase
# Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
# Then, you can remove it from this and the units test.
include AuthenticatedTestHelper
fixtures :users
def test_should_login_and_redirect
post :create, :login => 'quentin', :password => 'monkey'
assert session[:user_id]
assert_response :redirect
end
def test_should_fail_login_and_not_redirect
post :create, :login => 'quentin', :password => 'bad password'
assert_nil session[:user_id]
assert_response :success
end
def test_should_logout
login_as :quentin
get :destroy
assert_nil session[:user_id]
assert_response :redirect
end
def test_should_remember_me
@request.cookies["auth_token"] = nil
post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1"
assert_not_nil @response.cookies["auth_token"]
end
def test_should_not_remember_me
@request.cookies["auth_token"] = nil
post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0"
puts @response.cookies["auth_token"]
assert @response.cookies["auth_token"].blank?
end
def test_should_delete_token_on_logout
login_as :quentin
get :destroy
assert @response.cookies["auth_token"].blank?
end
def test_should_login_with_cookie
users(:quentin).remember_me
@request.cookies["auth_token"] = cookie_for(:quentin)
get :new
assert @controller.send(:logged_in?)
end
def test_should_fail_expired_cookie_login
users(:quentin).remember_me
users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
@request.cookies["auth_token"] = cookie_for(:quentin)
get :new
assert !@controller.send(:logged_in?)
end
def test_should_fail_cookie_login
users(:quentin).remember_me
@request.cookies["auth_token"] = auth_token('invalid_auth_token')
get :new
assert !@controller.send(:logged_in?)
end
protected
def auth_token(token)
CGI::Cookie.new('name' => 'auth_token', 'value' => token)
end
def cookie_for(user)
auth_token users(user).remember_token
end
end

View file

@ -0,0 +1,8 @@
require 'test_helper'
class UserSessionsControllerTest < ActionController::TestCase
# Replace this with your real tests.
test "the truth" do
assert true
end
end

View file

@ -0,0 +1,8 @@
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
# Replace this with your real tests.
test "the truth" do
assert true
end
end

View file

@ -0,0 +1,4 @@
require 'test_helper'
class UserSessionsHelperTest < ActionView::TestCase
end

View file

@ -0,0 +1,4 @@
require 'test_helper'
class UsersHelperTest < ActionView::TestCase
end

8
test/unit/user_test.rb Normal file
View file

@ -0,0 +1,8 @@
require 'test_helper'
class UserTest < ActiveSupport::TestCase
# Replace this with your real tests.
test "the truth" do
assert true
end
end

@ -1 +0,0 @@
Subproject commit 7235d9150e8beb80a819923a4c871ef4069c6759