Difference between revisions of "Auth Module"

From Code4Lib
Jump to: navigation, search
m (Core Umlaut Files Added or Updated)
m (Core Umlaut Files Added or Updated)
Line 28: Line 28:
 
#require 'authlogic'
 
#require 'authlogic'
 
config.gem 'authlogic', :version => "= 2.1.0"</pre>
 
config.gem 'authlogic', :version => "= 2.1.0"</pre>
* config/routes.rb
+
==== config/routes.rb ====
 
Added url routes:
 
Added url routes:
 
<pre>
 
<pre>
Line 37: Line 37:
 
   map.resources :users
 
   map.resources :users
 
</pre>
 
</pre>
* db/schema.rb
+
==== db/schema.rb ====
 
Modified the user table to use with authlogic.  Included column for mobile phone and user attributes.
 
Modified the user table to use with authlogic.  Included column for mobile phone and user attributes.
  

Revision as of 19:16, 19 October 2009

UmlautAuth Module (Developer Notes)

The UmlautAuth module extends functionality available from the [Authlogic|http://github.com/binarylogic/authlogic] (version 2.1.0) gem and configured as a plugin based on the [Authlogic OpenID add-on|http://github.com/binarylogic/authlogic_openid].

Core Umlaut Files Added or Updated

Several core Umlaut files were updated in order to develop the UmlautAuth module.

app/controller/application.rb

The application controller was updated to filter passwords and provide two methods for accessing the current user session and the current user. The method current_user_session (aliased as has_logged_in_user) returns nil if no user session has been established. The method current_user (aliased as logged_in_user) return either nil or the current logged in user.

app/controllers/user_sessions_controller.rb

The user sessions controller manages the routing of user session requests. Three methods are available:

  1. new - renders the login screen or redirects to external login screen
  2. validate - validates the user upon login
  3. destroy - processes logout

app/controllers/users_controller.rb

The users controller manages the routing of user related requests. Two methods are available:

  1. edit (also called from show) - renders the user preferences screen.
  2. update - processes updates to user preferences.
app/models/user_sessions

Extends Authlogic::Session::Base

app/models/user

Serializes user_attributes and adds acts_as_authentic functionality to leverage the Authlogic gem. Also sets to_param to username rather than id for prettier urls.

app/views/user_sessions/new

The default login screen

app/views/users/edit

The default user preferences screen. Users can update mobile phone numbers and the like.

config/environment.rb

Added authlogic gem:

#require 'authlogic'
config.gem 'authlogic', :version => "= 2.1.0"

config/routes.rb

Added url routes:

  map.login "login", :controller => "user_sessions", :action => "new"
  map.logout "logout", :controller => "user_sessions", :action => "destroy"
  map.validate "validate", :controller => "user_sessions", :action => "validate"
  map.resources :user_sessions
  map.resources :users

db/schema.rb

Modified the user table to use with authlogic. Included column for mobile phone and user attributes.

UmlautAuth Plugin

The following files makeup the UmlautAuth module to extend the functionality of Authlogic for our purposes. They could probably be moved into the UserSession module, but may be useful as a template for further localization.

  • vendor/plugins/umlaut_auth/lib/acts_as_authentic.rb

Extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via expiration date), and handle user attributes hash.

  • vendor/plugins/umlaut_auth/lib/session.rb

Establishes callback functions before_login, after_login, before_logout, after_logout, on_every_request as well as public methods login_url, logout_url for setting external login and logouts. The after_login callback is a bit of a hack since it only runs when the controller action is "validate." It also has private methods validate_url (for sending to external logins) and session_user (for setting the session_user attributes).

  • vendor/plugins/umlaut_auth/umlaut_auth.rb

Loads the relevant auth modules from configuration. (Only tested with one auth module. Probably won't work yet for multiple auto modules.)

  • vendor/plugins/umlaut_auth/generators/umlaut_auth/umlaut_auth_generator.rb

Uses the umlaut_auth template to create stubs for UmlautAuth localization.

Generating Local UmlautAuth Plugins

The following steps will generate a stub module for populating for local Auth needs (assumes authlogic version 2.1.0 is installed and user table is up to date).

  1.  script/generate UmlautAuth YourModuleName
  2.  put  your code in the generated stub methods in vendor/plugins/your_module_name/lib/your_module_name.rb
  3.  add the following to config/umlaut_config/environment.rb:
config.app_config.login_modules = [{:id => "your_module_name", :module => :YourModuleName, :default => true }] #(the default => true doesn't do anything yet.)

UmlautAuth Plugin Example

UmlautAuthOpenSSO was developed at NYU as an example of generating a plugin and populating the stub methods provided.

  • /vendor/plugins/umlaut_auth_open_sso