# -*- coding: utf-8 -*- # at_authlogic_basic_setup.rb # # See also: # http://m.onkey.org/2008/12/4/rails-templates # http://www.binarylogic.com/2008/11/3/tutorial-authlogic-basic-setup # 1. Install Authlogic plugin "authlogic", :git => "git://github.com/binarylogic/authlogic.git" # 2. Create your UserSession model file "app/models/user_session.rb", <<-CODE class UserSession < Authlogic::Session::Base # various configuration goes here. see AuthLogic::Session::Config for more details end CODE # 3. Create your UserSessions controller generate :controller, "user_sessions" route %|map.resource :user_session| route %|map.root :controller => "user_sessions", :action => "new"| file "app/controllers/user_sessions_controller.rb", <<-CODE class UserSessionsController < ApplicationController def new @user_session = UserSession.new end def create @user_session = UserSession.new(params[:user_session]) if @user_session.save flash[:notice] = "Login successful!" redirect_back_or_default account_url else render :action => :new end end def destroy current_uesr_session.destroy flash[:notice] = "Logout successful!" redirect_back_or_default new_user_session_url end end CODE # 4. Create and setup your User model generate :scaffold, "user",\ "login:string",\ "crypted_password:string",\ "password_salt:string",\ "persistence_token:string",\ "login_count:integer",\ "last_request_at:datetime",\ "last_login_at:datetime",\ "current_login_at:datetime",\ "last_login_ip:string",\ "current_login_ip:string" rake "db:migrate" file "app/models/user.rb", <<-CODE class User < ActiveRecord::Base acts_as_authentic end CODE # 5. Create your UsersController route %|map.resource :account, :controller => "users"| route %|map.resources :users| file "app/controllers/users_controller.rb", <<-CODE class UsersController < ApplicationController def new @user = User.new end def create @user = User.new(params[:user]) if @user.save flash[:notice] = "Account registered!" redirect_back_or_default account_url else render :action => :new end end def show @user = @current_user end def edit @user = @current_user end def update @user = @current_user if @user.update_attributes(params[:user]) flash[:notice] = "Account updated!" redirect_to account_url else render :action => :edit end end end CODE # 6. Setup your views #inside("app/views") do # run "mkdir password_resets" # run "mkdir user_sessions" # run "mkdir users" #end file "app/views/layouts/application.html.erb", <<-CODE
<%= flash[:notice] %>
<%= yield %> CODE file "app/views/password_resets/edit.html.erb", <<-CODELogin: <%=h @user.login %>
Login count: <%=h @user.login_count %>
Last request at: <%=h @user.last_request_at %>
Last login at: <%=h @user.last_login_at %>
Current login at: <%=h @user.current_login_at %>
Last login ip: <%=h @user.last_login_ip %>
Current login ip: <%=h @user.current_login_ip %>
<%= link_to 'Edit', edit_account_path %> CODE # 8. Restrict access file "app/controllers/application_controller.rb", <<-CODE class ApplicationController < ActionController::Base helper :all # include all helpers, all the time helper_method :current_user_session, :current_user protect_from_forgery # See ActionController::RequestForgeryProtection for details # Scrub sensitive parameters from your log filter_parameter_logging :password, :password_confirmation private def current_user_session return @current_user_session if defined?(@current_user_session) @current_user_session = UserSession.find end def current_user return @current_user if defined?(@current_user) @current_user = current_user_session && current_user_session.record end def require_user unless current_user store_location flash[:notice] = "You must be logged in to access this page" redirect_to new_user_session_url return false end end def require_no_user if current_user store_location flash[:notice] = "You must be logged out to access this page" redirect_to account_url return false end end def store_location session[:return_to] = request.request_uri end def redirect_back_or_default(default) redirect_to(session[:return_to] || default) session[:return_to] = nil end end CODE file "app/controllers/user_sessions_controller.rb", <<-CODE class UserSessionsController < ApplicationController before_filter :require_no_user, :only => [:new, :create] before_filter :require_user, :only => :destroy def new @user_session = UserSession.new end def create @user_session = UserSession.new(params[:user_session]) @user_session.save do |result| if result flash[:notice] = "Login successful!" redirect_back_or_default account_url else render :action => :new end end end def destroy current_user_session.destroy flash[:notice] = "Logout successful!" redirect_back_or_default new_user_session_url end end CODE file "app/controllers/users_controller.rb", <<-CODE class UsersController < ApplicationController before_filter :require_no_user, :only => [:new, :create] before_filter :require_user, :only => [:show, :edit, :update] def new @user = User.new end def create @user = User.new(params[:user]) if @user.save flash[:notice] = "Account registered!" redirect_back_or_default account_url else render :action => :new end end def show @user = @current_user end def edit @user = @current_user end def update @user = @current_user # makes our views "cleaner" and more consistent if @user.update_attributes(params[:user]) flash[:notice] = "Account updated!" redirect_to account_url else render :action => :edit end end end CODE