Changes

The Auth module extends functionality available from the [Authlogic|http://github.com/binarylogic/authlogic] (version 2.1.0) gem and included in the lib directory based on the [Authlogic OpenID add-on|http://github.com/binarylogic/authlogic_openid].' The idea is to allow services to be customized based on a logged in user's attributes.Some examples could be: * Store a user's mobile phone number or email address to default the txt/email values for those services.* Provide extended request or paging functionality that is only available to a subset of patrons.* Allow faculty members to place items on reserve from the Umlaut screen. Currently the Auth module requires existing Umlaut users to install the authlogic gem and perform a rails migration to update the user model to work with authlogic and the auth module. After these two steps have been taken, the auth module should only take effect if a particular instance has defined a auth module in their local config.

=== Core Umlaut Files Added or Updated ===Several core Umlaut files were added and updated in order to develop support the Auth module.

Modified the user table to use with authlogic. Included column for mobile phone, user attributes and a refreshed_at date to track age of a particular record for better performance. By default, data expires after 1 week.

The following files makeup the Auth module to extend the functionality of Authlogic for our purposes. They could probably be moved into the UserSession module, but may be useful as a template for further localization.

The '''ActsAsAuthentic''' module extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via refreshed_at date), and handle user attributes hash.

The '''Session''' module establishes the following Auth module callback functionsand can serve as a template for further localizations.Callback functions to be overridden locally as appropriate:# '''before_login'''- called when a new user session is being established, before the actual login is called# '''login_url''' - called if before_login isn't defined or returns false, convenience method for redirecting to an external login url# '''after_login'''- called after login user has been validated, provides mechanism for authorization# '''before_logout'''- called before current user session is destroyed# '''after_logout'''- called after current user session is destroyed# '''on_every_request''' - called on every requestAlso establishes The module also has two public private methods for setting external login and logout urlsuse in extended local classes.# '''login_urlvalidate_url'''- generates the return url to send to external logins services# '''logout_urlsession_user''' The after_login callback is a bit - facilitates saving user attributes to the user model == Configuring Local Auth Modules == === Auth Module Example ===AuthPDS was developed at NYU as an example of generating a hack since it only runs when plugin and populating the controller action is "validatestub methods provided. At NYU we're currently using the Auth module in our holdings table to offer request functionality based on " patron status". It also We display a request button, if the patron has private methods validate_url the appropriate status to be able to request/page items and use a custom controller to provide this functionality seamlessly. Screenshots of this functionality can be seen below. ==== lib/auth/local/auth_pds.rb ====The AuthPDS module gets mixed in with the Session module to log in via PDS (customized for sending NYU). It implements the following callback functions:# '''login_url''' - provides PDS login URL to external loginsredirect to# '''after_login''' - checks authorization, stores some cookies to improve performance, saves some user data when appropriate# '''logout_url''' - provides PDS logout URL# '''after_logout''' - destroys some cookies that were stored to improve performance# '''on_every_request''' - checks if the user has logged in (e.g. from another PDS SSO system)  ==== config/umlaut_config/environment.rb ====The auth configuration settings are added to the local environment.rb to establish the appropriate class to mix in and session_user (for setting to pass various options to the session_user module.<pre> config.app_config.login = { # File name :id => "auth_pds", # Class name :module => :AuthPDS, :options => { # Make expiration date configurable :expiration_date => lambda {return 1.week.ago}, # OpenSSO URL, specific to NYU's implementation of PDS. # Could easily be removed to make the local PDS module more generic. :opensso_path => "https://login.nyu.edu:443/sso", # PDS URL :pds_url => "https://pds.library.institution.edu:443/", # System name since the module is used in many different contexts and different apps :system_name => :umlaut, # Cookie name that is used to help with performance since the module is used in # many different contexts and different apps :cookie_name => :nyulibrary_opensso_umlaut, :additional_user_attributes => lambda do |user_session| h = {} # NYU is using this module for several of our ruby apps # and this mechanism allows us to include different user attributes)per system. # It's included here to give an idea of the flexibility of the module. return h end } }</pre>==== Screenshots of Request Functionality ========= Not logged in, no request =====No request button because generally patrons can't request available items. [[Image:Umlaut_no_request.png]]

== Generating Local UmlautAuth Plugins ==The following steps will generate a stub module for populating for local Auth needs (assumes authlogic version 2.1.0 is installed and user table is up to date).#  script/generate UmlautAuth YourModuleName#  put  your code = Logged in the generated stub methods in vendor/plugins/your_module_name/lib/your_module_name.rb, request =====#  add Now the following request button appears because I have permission to config/umlaut_config/environmentrequest available items.rb:<pre>config.app_config.login_modules = [{[Image:id => "your_module_name", :module => :YourModuleName, :default => true }Umlaut_request.png]] #default => true doesn't do anything yet</pre>

=== UmlautAuth Plugin Example == Pretty jQuery modal dialog =====UmlautAuthOpenSSO was developed at NYU as an example of generating a plugin and populating You get the stub methods provided.modal dialog upon clicking the request button* /vendor/plugins/umlaut_auth_open_sso[[Image:Umlaut_request_modal.png]]