Difference between revisions of "Auth Module"

From Code4Lib
Jump to: navigation, search
m
m
Line 55: Line 55:
  
 
=== Auth Module ===
 
=== Auth Module ===
The following files makeup the Auth module to extend the functionality of Authlogic for our purposes.  They could probably be moved into the UserSession module, but may be useful as a template for further localization.
+
The following files makeup the Auth module to extend the functionality of Authlogic for our purposes.   
 
==== lib/auth/acts_as_authentic.rb ====
 
==== lib/auth/acts_as_authentic.rb ====
 
'''ActsAsAuthentic''' extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via refreshed_at date), and handle user attributes hash.
 
'''ActsAsAuthentic''' extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via refreshed_at date), and handle user attributes hash.
 
==== lib/auth/session.rb ====
 
==== lib/auth/session.rb ====
'''Session''' establishes the following callback functions:
+
'''Session''' establishes the Auth module callback functions and can serve as a template for further localizations.
# '''before_login'''
+
Callback functions to be overridden locally as appropriate:
# '''after_login'''
+
# '''before_login''' - called when a new user session is being established, before the actual login is called
# '''before_logout'''
+
# '''login_url''' - called if before_login isn't defined or returns false, convenience method for redirecting to an external login url
# '''after_logout'''
+
# '''after_login''' - called after login user has been validated, provides mechanism for authorization
# '''on_every_request'''  
+
# '''before_logout''' - called before current user session is destroyed
Also establishes two public methods for setting external login and logout urls.
+
# '''after_logout''' - called after current user session is destroyed
# '''login_url'''
+
# '''on_every_request''' - called on every request
# '''logout_url'''   The after_login callback is a bit of a hack since it only runs when the controller action is "validate."  It also has private methods validate_url (for sending to external logins) and session_user (for setting the session_user attributes).
+
 
 +
It also has private methods validate_url (for sending to external logins) and session_user (for setting the session_user attributes).
  
 
== Generating Local UmlautAuth Plugins ==
 
== Generating Local UmlautAuth Plugins ==

Revision as of 18:10, 20 January 2011

Auth Module (Developer Notes)

The Auth module extends functionality available from the [Authlogic|http://github.com/binarylogic/authlogic] (version 2.1.0) gem and included in the lib directory based on the [Authlogic OpenID add-on|http://github.com/binarylogic/authlogic_openid].

Core Umlaut Files Added or Updated

Several core Umlaut files were updated in order to develop the Auth module.

app/controller/application.rb

The ApplicationController filters passwords and provides two methods for accessing the current user session and the current user.

  1. current_user_session (aliased as has_logged_in_user) - returns nil if no user session has been established
  2. current_user (aliased as logged_in_user) - returns either nil or the current logged in user

The application calls current_user_session as a before filter on every request.

app/controllers/user_sessions_controller.rb

The UserSessionsController manages the routing of user session requests and provides three methods.

  1. new - renders the login screen or redirects to external login screen
  2. validate - validates the user upon login
  3. destroy - processes logout

app/controllers/users_controller.rb

The UsersController manages the routing of user related requests and provides two methods.

  1. edit (also called from show) - renders the user preferences screen
  2. update - processes updates to user preferences (not yet implemented)

app/models/user_sessions.rb

UserSessions extends Authlogic::Session::Base

app/models/user.rb

User serializes user_attributes and adds acts_as_authentic functionality to leverage the Authlogic gem. Also sets to_param to username rather than id for prettier urls.

app/views/user_sessions/new.html.rb

The default login screen, doesn't currently do anything.

app/views/users/edit.html.rb

The default user preferences screen. Users can update mobile phone numbers and the like (not yet implemented)

config/environment.rb

Added authlogic gem:

#require 'authlogic'
config.gem 'authlogic', :version => "= 2.1.0"

config/routes.rb

Added url routes:

  map.login "login", :controller => "user_sessions", :action => "new"
  map.logout "logout", :controller => "user_sessions", :action => "destroy"
  map.validate "validate", :controller => "user_sessions", :action => "validate"
  map.resources :user_sessions
  map.resources :users

db/schema.rb

Modified the user table to use with authlogic. Included column for mobile phone, user attributes and a refreshed_at date to track age of a particular record for better performance.

lib/service.rb

Make the user accessible from a particular user via the session_user method.

  # Returns the currently logged in user, if available, based on the user_credentials_id in the 
  # session from AuthLogic.  May want to make this more sophisticated and check user_credentials
  # against db.
  def session_user
    return User.find(session["user_credentials_id"]) unless session["user_credentials_id"].nil?
  end

Auth Module

The following files makeup the Auth module to extend the functionality of Authlogic for our purposes.

lib/auth/acts_as_authentic.rb

ActsAsAuthentic extends the authlogic user model to ignore passwords, reset_persistence_token when the username changes, manage stale data (via refreshed_at date), and handle user attributes hash.

lib/auth/session.rb

Session establishes the Auth module callback functions and can serve as a template for further localizations. Callback functions to be overridden locally as appropriate:

  1. before_login - called when a new user session is being established, before the actual login is called
  2. login_url - called if before_login isn't defined or returns false, convenience method for redirecting to an external login url
  3. after_login - called after login user has been validated, provides mechanism for authorization
  4. before_logout - called before current user session is destroyed
  5. after_logout - called after current user session is destroyed
  6. on_every_request - called on every request

It also has private methods validate_url (for sending to external logins) and session_user (for setting the session_user attributes).

Generating Local UmlautAuth Plugins

The following steps will generate a stub module for populating for local Auth needs (assumes authlogic version 2.1.0 is installed and user table is up to date).

  1.  script/generate UmlautAuth YourModuleName
  2.  put  your code in the generated stub methods in vendor/plugins/your_module_name/lib/your_module_name.rb
  3.  add the following to config/umlaut_config/environment.rb:
config.app_config.login_modules = [{:id => "your_module_name", :module => :YourModuleName, :default => true }] #default => true doesn't do anything yet

UmlautAuth Plugin Example

UmlautAuthOpenSSO was developed at NYU as an example of generating a plugin and populating the stub methods provided.

  • /vendor/plugins/umlaut_auth_open_sso