Difference between revisions of "Auth Module"
Scotdalton (Talk | contribs) m (UmlautAuth Module moved to Auth Module: Properly reflect name of the module.) |
Scotdalton (Talk | contribs) (Updating for most recent version.) |
||
Line 1: | Line 1: | ||
− | == | + | == Auth Module (Developer Notes) == |
The Auth module extends functionality available from the [Authlogic|http://github.com/binarylogic/authlogic] (version 2.1.0) gem and included in the lib directory based on the [Authlogic OpenID add-on|http://github.com/binarylogic/authlogic_openid]. | The Auth module extends functionality available from the [Authlogic|http://github.com/binarylogic/authlogic] (version 2.1.0) gem and included in the lib directory based on the [Authlogic OpenID add-on|http://github.com/binarylogic/authlogic_openid]. | ||
Line 5: | Line 5: | ||
Several core Umlaut files were updated in order to develop the Auth module. | Several core Umlaut files were updated in order to develop the Auth module. | ||
==== app/controller/application.rb ==== | ==== app/controller/application.rb ==== | ||
− | The | + | The '''ApplicationController''' filters passwords and provides two methods for accessing the current user session and the current user. |
+ | # '''current_user_session''' (aliased as has_logged_in_user) - returns nil if no user session has been established | ||
+ | # '''current_user''' (aliased as logged_in_user) - returns either nil or the current logged in user | ||
+ | The application calls '''current_user_session''' as a before filter on every request. | ||
==== app/controllers/user_sessions_controller.rb ==== | ==== app/controllers/user_sessions_controller.rb ==== | ||
− | The | + | The '''UserSessionsController''' manages the routing of user session requests and provides three methods. |
− | # new - renders the login screen or redirects to external login screen | + | # '''new''' - renders the login screen or redirects to external login screen |
− | # validate - validates the user upon login | + | # '''validate''' - validates the user upon login |
− | # destroy - processes logout | + | # '''destroy''' - processes logout |
==== app/controllers/users_controller.rb ==== | ==== app/controllers/users_controller.rb ==== | ||
− | The | + | The '''UsersController''' manages the routing of user related requests and provides two methods. |
− | # edit (also called from show) - renders the user preferences screen | + | # '''edit''' (also called from show) - renders the user preferences screen |
− | # update - processes updates to user preferences | + | # '''update''' - processes updates to user preferences (not yet implemented) |
app/models/user_sessions | app/models/user_sessions | ||
− | + | '''UserSessions''' extends Authlogic::Session::Base | |
==== app/models/user ==== | ==== app/models/user ==== | ||
− | + | '''User''' serializes user_attributes and adds acts_as_authentic functionality to leverage the Authlogic gem. Also sets to_param to username rather than id for prettier urls. | |
==== app/views/user_sessions/new ==== | ==== app/views/user_sessions/new ==== | ||
− | The default login screen | + | The default login screen, doesn't currently do anything. |
==== app/views/users/edit ==== | ==== app/views/users/edit ==== | ||
− | The default user preferences screen. Users can update mobile phone numbers and the like | + | The default user preferences screen. Users can update mobile phone numbers and the like (not yet implemented) |
==== config/environment.rb ==== | ==== config/environment.rb ==== | ||
Added authlogic gem: | Added authlogic gem: | ||
Line 38: | Line 41: | ||
</pre> | </pre> | ||
==== db/schema.rb ==== | ==== db/schema.rb ==== | ||
− | Modified the user table to use with authlogic. Included column for mobile phone | + | Modified the user table to use with authlogic. Included column for mobile phone, user attributes and a refreshed_at date to track age of a particular record for better performance. |
+ | ==== lib/service.rb ==== | ||
+ | Make the user accessible from a particular user via the session_user method. | ||
+ | <pre> | ||
+ | # Returns the currently logged in user, if available, based on the user_credentials_id in the | ||
+ | # session from AuthLogic. May want to make this more sophisticated and check user_credentials | ||
+ | # against db. | ||
+ | def session_user | ||
+ | return User.find(session["user_credentials_id"]) unless session["user_credentials_id"].nil? | ||
+ | end | ||
+ | </pre> | ||
− | === | + | === Auth Module === |
− | The following files makeup the | + | The following files makeup the Auth module to extend the functionality of Authlogic for our purposes. They could probably be moved into the UserSession module, but may be useful as a template for further localization. |
==== vendor/plugins/umlaut_auth/lib/acts_as_authentic.rb ==== | ==== vendor/plugins/umlaut_auth/lib/acts_as_authentic.rb ==== | ||
Extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via expiration date), and handle user attributes hash. | Extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via expiration date), and handle user attributes hash. |
Revision as of 17:39, 20 January 2011
Contents
- 1 Auth Module (Developer Notes)
- 1.1 Core Umlaut Files Added or Updated
- 1.1.1 app/controller/application.rb
- 1.1.2 app/controllers/user_sessions_controller.rb
- 1.1.3 app/controllers/users_controller.rb
- 1.1.4 app/models/user
- 1.1.5 app/views/user_sessions/new
- 1.1.6 app/views/users/edit
- 1.1.7 config/environment.rb
- 1.1.8 config/routes.rb
- 1.1.9 db/schema.rb
- 1.1.10 lib/service.rb
- 1.2 Auth Module
- 1.1 Core Umlaut Files Added or Updated
- 2 Generating Local UmlautAuth Plugins
Auth Module (Developer Notes)
The Auth module extends functionality available from the [Authlogic|http://github.com/binarylogic/authlogic] (version 2.1.0) gem and included in the lib directory based on the [Authlogic OpenID add-on|http://github.com/binarylogic/authlogic_openid].
Core Umlaut Files Added or Updated
Several core Umlaut files were updated in order to develop the Auth module.
app/controller/application.rb
The ApplicationController filters passwords and provides two methods for accessing the current user session and the current user.
- current_user_session (aliased as has_logged_in_user) - returns nil if no user session has been established
- current_user (aliased as logged_in_user) - returns either nil or the current logged in user
The application calls current_user_session as a before filter on every request.
app/controllers/user_sessions_controller.rb
The UserSessionsController manages the routing of user session requests and provides three methods.
- new - renders the login screen or redirects to external login screen
- validate - validates the user upon login
- destroy - processes logout
app/controllers/users_controller.rb
The UsersController manages the routing of user related requests and provides two methods.
- edit (also called from show) - renders the user preferences screen
- update - processes updates to user preferences (not yet implemented)
app/models/user_sessions
UserSessions extends Authlogic::Session::Base
app/models/user
User serializes user_attributes and adds acts_as_authentic functionality to leverage the Authlogic gem. Also sets to_param to username rather than id for prettier urls.
app/views/user_sessions/new
The default login screen, doesn't currently do anything.
app/views/users/edit
The default user preferences screen. Users can update mobile phone numbers and the like (not yet implemented)
config/environment.rb
Added authlogic gem:
#require 'authlogic' config.gem 'authlogic', :version => "= 2.1.0"
config/routes.rb
Added url routes:
map.login "login", :controller => "user_sessions", :action => "new" map.logout "logout", :controller => "user_sessions", :action => "destroy" map.validate "validate", :controller => "user_sessions", :action => "validate" map.resources :user_sessions map.resources :users
db/schema.rb
Modified the user table to use with authlogic. Included column for mobile phone, user attributes and a refreshed_at date to track age of a particular record for better performance.
lib/service.rb
Make the user accessible from a particular user via the session_user method.
# Returns the currently logged in user, if available, based on the user_credentials_id in the # session from AuthLogic. May want to make this more sophisticated and check user_credentials # against db. def session_user return User.find(session["user_credentials_id"]) unless session["user_credentials_id"].nil? end
Auth Module
The following files makeup the Auth module to extend the functionality of Authlogic for our purposes. They could probably be moved into the UserSession module, but may be useful as a template for further localization.
vendor/plugins/umlaut_auth/lib/acts_as_authentic.rb
Extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via expiration date), and handle user attributes hash.
vendor/plugins/umlaut_auth/lib/session.rb
Establishes callback functions before_login, after_login, before_logout, after_logout, on_every_request as well as public methods login_url, logout_url for setting external login and logouts. The after_login callback is a bit of a hack since it only runs when the controller action is "validate." It also has private methods validate_url (for sending to external logins) and session_user (for setting the session_user attributes).
vendor/plugins/umlaut_auth/umlaut_auth.rb
Loads the relevant auth modules from configuration. (Only tested with one auth module. Probably won't work yet for multiple auto modules.)
vendor/plugins/umlaut_auth/generators/umlaut_auth/umlaut_auth_generator.rb
Uses the umlaut_auth template to create stubs for UmlautAuth localization.
Generating Local UmlautAuth Plugins
The following steps will generate a stub module for populating for local Auth needs (assumes authlogic version 2.1.0 is installed and user table is up to date).
- script/generate UmlautAuth YourModuleName
- put your code in the generated stub methods in vendor/plugins/your_module_name/lib/your_module_name.rb
- add the following to config/umlaut_config/environment.rb:
config.app_config.login_modules = [{:id => "your_module_name", :module => :YourModuleName, :default => true }] #default => true doesn't do anything yet
UmlautAuth Plugin Example
UmlautAuthOpenSSO was developed at NYU as an example of generating a plugin and populating the stub methods provided.
- /vendor/plugins/umlaut_auth_open_sso