Plugins - Restful Authentication

StarAdd to favorites

This is a basic restful authentication generator for rails, taken from acts as authenticated. Currently it requires Rails 1.2 (or edge).

To use:

  ./script/generate authenticated user sessions

The first parameter specifies the model that gets created in signup (typically a user or account model). A model with migration is created, as well as a basic controller with the create method.

The second parameter specifies the sessions controller name. This is the controller that handles the actual login/logout function on the site.

You can pass —skip_migration to skip the user migration.

From here, you will need to add the resource routes in config/routes.rb.

  map.resources :users
  map.resource :session

Generate your mailer:

  ./script/generate authenticated user --include-activation

Rick Olson

git://github.com/technoweenie/restful-authentication.git

Rails' (MIT)

  • Currently 4.0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Security

Tags

Comments

Add a comment
Tom S. 20 Oct 2008

I am trying to generate the authentication components and I get the following: script/generate authenticated user sessions ./script/../config/../vendor/rails/actionpack/lib/action_controller/routing.rb:936:in build': undefined method[]' for :session:Symbol (NoMethodError) from ./script/../config/../vendor/rails/actionpack/lib/action_controller/routing.rb:1161:in add_route' from ./script/../config/../vendor/rails/actionpack/lib/action_controller/routing.rb:1167:inaddnamedroute' from ./script/../config/../vendor/rails/actionpack/lib/action_controller/routing.rb:992:in method_missing' from ./script/../config/../config/routes.rb:4 from ./script/../config/../vendor/rails/actionpack/lib/action_controller/routing.rb:1128:indraw' from ./script/../config/../config/routes.rb:1 from ./script/../config/../vendor/rails/activerecord/lib/../../activesupport/lib/active_support/dependencies.rb:489:in load' from ./script/../config/../vendor/rails/activerecord/lib/../../activesupport/lib/active_support/dependencies.rb:489:inload' ... 9 levels... from ./script/../config/../vendor/rails/railties/lib/commands/generate.rb:1:in require' from ./script/../config/../vendor/rails/railties/lib/commands/generate.rb:1 from script/generate:5:inrequire'

from script/generate:5

Any ideas?

John Wyles 13 Oct 2008

@ carlivar:

RE: "Plugins::Restful-authentication::Lib" is not a valid constant name!

If you "mv mv restful-authentication/ restful_authentication/" your problems are solved, albeit this doesn't seem to be the "right" solution...

If you would like to do this beforehand simply perform the following from within the vendor/plugins directory:

git clone git://github.com/technoweenie/restful-authentication.git restful_authentication

Chris 2 Oct 2008

We had issues with users on Windows copying and pasting in their login names, thus trying to log in as "Bob " instead of "Bob" (Windows adds a trailing space to a double-clicked selection) and failing. I'd suggest changing this line in the User model:

u = find_by_login(login)

to:

u = User.find(:first, :conditions => ["login = ?", login.strip])

Additionally, if you are using PostgreSQL you'll get caught by its strict case-sensitivity. Trying to log in as "bob" if your user name is "Bob" will fail. In PostgreSQL you'll then need to create a unique index on lower(login) and then use this in the User model instead of what I gave above:

u = User.find(:first, :conditions => ["lower(login) = ?", login.strip.downcase])

The latest version of this plugin seems to store the login name as lower case, even if it is entered as uppercase. I believe this isn't what should be happening (changing user data behind their backs). Better to store the login name as it is entered.

Eric 29 Aug 2008

I was wondering why validation isn't working. It errors out of the app instead of highlighting the offending fields and passing an error. Is it something I did wrong or is it broken?

Ben 11 Aug 2008

I would like to use this plugin to work in the context of users belonging to accounts. That means I will take off the uniqueness validation for logins and manually check if the login is unique for all users that belong to a certain account. Will that somehow interfere with salt or any other aspect of this plugin?

BR

geolev 10 Aug 2008

I can't install this plugin. I'm running Ruby 1.8.4 and Rails 2.0.2.

When I install with : $ script/plugin install git://github.com/technoweenie/restful-authentication.git

Results in : Plugin not found: ["git://github.com/technoweenie/restful-authentication.git"]

Any idea what I'm doing wrong?

Dolný Kubín 18 Jul 2008

I'm having some problems when i use this plugin in rails 1.2.x. I have to remove http basic auth from code to get it working...

dk

Rafael Schär 20 Jun 2008

activation only works if user object is gonna be reloaded before sending the email. I think, the activation_code is salted before saving. (@user.register!)

protected def setup_email(user) user.reload @recipients = "#{user.email}" @from = "Marketplace" @subject = "Activation User Account " @sent_on = Time.now @body[:user] = user end

Gah 20 Jun 2008

I'm with Wayne. Some good ideas were introduced into this plugin, but the quality is waaay down. There is cruft everywhere, and I had to patch quite a few things to get it working. Someone needs to audit this, or at least put a disclaimer on it ;)

Todd 20 Jun 2008

Please add "edu" as a top level domain. My university was one of the first six domain names, but it doesn't pass the filter =( -- BTW, I love the plugin!

REDOMAINTLD = '(?:[A-Z]{2}|com|org|edu|net|gov|mil|biz|info|mobi|name|aero|jobs|museum)'

GG Crew 9 Jun 2008

Thanks for the response.

I've come to a solution that's similar to the Userstamp plugin. In fact, both the Userstamp plugin and my implementation pulled inspiration from the same RoR wiki article: http://wiki.rubyonrails.org/rails/pages/ExtendingActiveRecordExample

I've been journaling my progress at RailsForum, if anyone is curious: http://railsforum.com/viewtopic.php?pid=64505

giorgi 9 Jun 2008

To access #current_user from inside another model, one might want to consider Userstamp plugin ( http://agilewebdevelopment.com/plugins/userstamp )and ( http://github.com/delynn/userstamp/tree ). HTH :)

GG Crew 5 Jun 2008
Is there a way to access #current_user from inside another model? I am attempting to assign a 'created_by_user_id' field as part of a model callback function. def before_create self.created_by_user_id = current_user end The code consistently throws the error "undefined local variable or method `current_user'" All the functions in the AuthenticatedSystem module are protected, although two of them (#current_user and #logged_in?) are extended into the ActionView module. I've fiddled with the AuthenticatedSystem module, attempting to make various things public (which causes session errors in migrations) and tried including AuthenticatedSystem in other modules. Nothing I've tried has worked. All other aspects of Restful_Authentication are working correctly. Using Rails v2.0.2 and a recent version of RA.
carlivar 4 Jun 2008

I was able to workaround the previous problem I posted by monkey-patching Rails. I think the problem should exist in most versions of Rails, not just 2.1.0. Rails does not want hyphens in certain names, which this violates.

Posted workaround in the github wiki for the project:

http://github.com/technoweenie/restful-authentication/wikis/home

carlivar 4 Jun 2008

There seem to be problems with Rails 2.1.0, but only when I enable the observer as per the docs. When this is in environment.rb:

config.activerecord.observers = :userobserver

I get this when starting Rails (or 'rake spec' in this case):

rake aborted! "Plugins::Restful-authentication::Lib" is not a valid constant name!

Hunting it down, but could use some help.

Antonio 1 Jun 2008

Hey Tim, just a quick update on the link that you mentioned as working better.

The url is: http://svn.techno-weenie.net/projects/plugins/restful_authentication/

Thanks

Wayne 26 May 2008

Normally I love restful_authentication, and would recommend it, but the newest version on github is terrible for some reason. Things are changed around, it still is using the old Rails 1.2.x way of doing migrations instead of "sexy migrations", and overall it's not as flexible as I remember it being.

Tim 14 May 2008

This link works much better http://svn.techno-weenie.net/projects/plugins/restful -authentication/

Mark Robinson 17 Apr 2008

I'm having a problem with this. I've developed an application with restful_authentication and it's running fine locally under mongrel but when I deploy it to my host running fast-cgi the routes act differently.

so the line <% formfor sessionpath do -%> should direct to the create action in the sessions controller (as it does locally) but instead it calls the show action.

In my routes.rb I have: map.resource :session, :controller => 'sessions'

which should create the default routes to actions create and show (plus others) the difference being show is GET and create is POST. I've tried specifying the form_for as POST with :method => "POST" but it still directs to show (via GET) in fast-cgi. Any ideas how to debug this?

Sergio 14 Apr 2008

An exception occurs if I delete cookies (clean personal info in firefox) just before submit in the login: ActionController::InvalidAuthenticityToken in SessionsController#create

Any idea? Thanks.

Todd Conley 8 Apr 2008

If you're visiting this plugin for the first time, you might consider writing your own from scratch. At least you'll learn something, and it might even save you some time.

tom 4 Apr 2008

Eventually, I also had to skip the verifyauthenticitytoken in both controllers to avoid ActionController::InvalidAuthenticityToken exceptions flying low:

class SessionsController < ApplicationController skipbeforefilter :verifyauthenticitytoken

class UsersController < ApplicationController skipbeforefilter :verifyauthenticitytoken

tom 4 Apr 2008

Hm, with the latest security patch for restful_authentication installed, this spec fails for me:

it 'does not activate user without key' do get :activate flash[:notice].should be_nil end

My route for :activate looks like this: map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate' so the spec won't hit it. I get

$ rake ActionController::RoutingError in 'UsersController does not activate user without key' No route matches {:action=>"activate", :controller=>"users"} ./spec/controllers/userscontrollerspec.rb:68:

Probably what I want in production, but I'd feel better if ALL tests would succeed. I changed the test to this:

it 'does not activate user without key' do get :activate, :activation_code => "" flash[:notice].should be_nil end

and am a happy customer. Well, kinda. Took way too long to make this plugin work. Anyway, glad you did the hard part, Rick.

Thomas 3 Apr 2008

Hi,

maybe a really stupid question, but is there somewhere a documentation for the plugin "restful_authentication". I searched the web but could not find more than some small tutorials or the well known README from the plugin itself.

Thanks!

Tiago 3 Apr 2008

Hello, im having some problem here to get it to work. Ive just created a new rails project to test it. When i try: ./script/generate authenticated account sessions i get this error message: Couldn't find 'account' generator

what did i do wrong?

Randall 2 Apr 2008

this plugin installation errors out after copying the several files into the plugin folder. Error msg states: "plugin not found...". Anyone else getting this?

Randall 2 Apr 2008

this plugin installation errors out after copying the several files into the plugin folder. Error msg states: "plugin not found...". Anyone else getting this?

ai 30 Mar 2008

Documentation for this plugin states that it will work for rails 1.2.6 and above. However, it only works for rails 2.0 and above. Directions below provide work around solutions. Also, this plugin uses observers which can be a pain because it sends out the wrong email notification at the wrong time when used with actas_statefulmachine. Follow instructions to modify the plugin to get rid of observers. Hope this helps!

Directions

1) Install Plugin (enter following command in terminal) ruby script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication/

2) Then enter this command: ./script/generate authenticated user sessions \ --include-activation \ --stateful

3) Create the user table by running this command: rake db:migrate

4) The above will create the following: Controller sessions_controller users_controller

Model user_mailer user_observer user

Views for Session and User_mailer and Users

It also creates authenticated_system.rb in the lib folder (this is the one the doesn't work in rails 1.x)

5) In a brand new folder outside of your apps folder, e.g. temp, install a older version of this plugin.

svn export -r 2563 http://svn.techno-weenie.net/projects/plugins/restful_authentication

Copy the lib/authenticated_system.rb file from this temp folder into our apps/lib. It will overwrite the version you downloaded previously.

6) How to get rid of Observers Follow instructions from here written by Emil Tin Comment #6 :

http://harrylove.org/2007/12/17/activation-emails-with-restful-authentication-and-actsas_statemachine

Doug 29 Mar 2008

The UserObserver seems incorrect for activation. I believe instead of aftersave, beforesave should be used, and the existing record and new record must be checked to see if it's being activate at that time in order to trigger the mailer.

def before_save(user) if user && user.id old_user = User.find(user.id) if olduser && !olduser.active? && user.active? UserMailer.deliver_activation(user) end end end

Doug 21 Mar 2008

Anyone else getting:

ArgumentError in UsersController#create

A copy of UserObserver has been removed from the module tree but is still active!

c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.0.2/lib/active_support/dependencies.rb:237:in load_missing_constant' c:/ruby/lib/ruby/gems/1.8/gems/activesupport-2.0.2/lib/active_support/dependencies.rb:469:inconst_missing' app/models/user_observer.rb:3:in after_create' app/controllers/users_controller.rb:21:increate'

Gordon McCreight 21 Mar 2008

I was experiencing the same issue as Emil Tin, which he describes this way:

"Also the 'activation succeeded' email is send out at the same time (somewhere in UsersController#create), even though the state of the user is still pending."

It's actually sent out by the UserObserver class. The UserObserver.aftersave method sends the "deliveractivation" email if the user is "pending". Since the default state of the user is "pending", it will send the second email right away. The UserObserver.after_save method should check if the user is "active" instead.

Ralph 18 Mar 2008

Got a tarball of the trunk.

It just does not work. This plugin might be useful to generate some files (the tests for example) and quickly see how to do some authentication in rails, but it is not working out of the box.

First error during the generation of the skeleton (in fixtures), second with this Session(s)Controller oddness, then I see in the code that some presumably important line could be "uncommented at your own risk" for some obscure reason (no link in the comment)... is this a "plug in"?

Really poor quality software.

Ralph 18 Mar 2008

Where is the tarball or the pure http access (git anyone)?

I'm behind a http proxy and svn does not work over it...

Jigar Gosar 27 Feb 2008

rails 2.0.2, latest version of plugin.

routes.rb map.resource :session

no change to any files.

am getting this error when trying to view login form.

No route matches "/session/new" with {:method=>:get}

chris 23 Feb 2008

My last post lost a line-break. Try this:

map.resources :sessions

map.resource :session, :controller => 'sessions'

chris 16 Feb 2008

@euro: I had the same problem as you outline in (2) - session or sessions? I solved it by having a sessions controller and this in my routes file:

map.resources :sessions map.resource :session, :controller => 'sessions'

euro 12 Feb 2008

hi, I have restful auth and act as state machine working as per Bparanj screencast BUT

  1. Validation is not now working - wonder is it because register is used rather than the core save method in create new user.

  2. Session or sessions?. I have to use both session (singular) and sessions (plural) controlllers. Rails 2 seems to require session (singular) for new and destroy actions BUT sessions (plural) for create action - real mystery for me - I have both controllers in the app at present - must try to solve this.

Just for info! Rgs Ray

ches 11 Feb 2008

@bruz -

Just change the 'record' expression on the referenced line to '@user.valid?'. I'm working through getting the stateful setup working with the behavior I want too -- you'll probably find that more changes are needed, but that'll get you going.

bruz 6 Feb 2008
I've been using restful_authentication for several months, and noticed there have been some security fixes so I figured it was time to upgrade. I ran into an error, and thought it might have been specific to the app I'm working on, but I tried creating an app from scratch and setting up restful_authentication and get the same error. Here's what I tired: <code>rails test_app cd test_app script/plugin install restful_authentication script/plugin install http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/trunk script/generate authenticated user sessions --include-activation -- stateful # configure database.yml rake db:migrate script/server </code> Then when I go to http://localhost/users/new and try to sign up a new user, I get the following: NameError (undefined local variable or method `record' for #<UsersController:0xb7be35ec>): /app/controllers/users_controller.rb:21:in `create' Has anyone else seen this? I'm running rails 2.0.2, and using the latest versions of the plugins as of today (2/6/2008). If I leave out the --stateful option, everything works, but of course I'm not using all of the acts_as_state_machine improvements to restful_authentication.
nimp 2 Feb 2008

The solution I found is to simply add this to user.rb

beforecreate :makeactivation_code

It work great.

nimp 2 Feb 2008

The problem is that at the creation of a new user, we never using

state :pending, :enter => :makeactivationcode

So activation_code stay always at nil.

Any idea ?

nimp 1 Feb 2008

Hi,

I still have the problem with the empty activation code in the email. Have some one a good solution ? Is any update of restful auth coming soon ?

Thanks in advance.

Yi Wen 30 Jan 2008

I am confused by logout route, why it is a HTTP GET? Shouldn't it be an HTTP DELETE

emil tin 28 Jan 2008

i found the problem. a solution is to send out emails directly from the state change methods, and discard the observer all together. for more, see my post at http://harrylove.org/2007/12/17/activation-emails-with-restful-authentication-and-actsas_statemachine#comment-208

Emil Tin 24 Jan 2008

I should note that I'm using rails 2.0.1.

Emil Tin 24 Jan 2008

Hi, I'm having a problem with the otherwise great restful authentication plugin.

The 'signup, please activate' email that's send out contain an empty activation code. Also the 'activation succeeded' email is send out at the same time (somewhere in UsersController#create), even though the state of the user is still pending.

It seems that User#makeactivationcode is called after UserMailer has send out the signup notification email.

Josh 22 Jan 2008

@Gabrielle

I'm using Rails 1.2.6 but here's what worked for me. In the lib>authenticatedsystem.rb there's an action called loginfrombasicauth that contains the 'authenticatewithhttp_basic' Rails 2.0 method. I changed this to:

# Rails 1.2.6 version
def login_from_basic_auth 
    username, passwd = get_auth_data 
    self.current_user = User.authenticate(username, passwd) if username &amp;&amp; passwd 
end

and had to add the getauthdata method at the end of authenticated_system:

private

# Called from #login_from_basic_auth used with Rails 1.2.6 version
@@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
# gets BASIC auth info
def get_auth_data
  auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
  auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
  return auth_data &amp;&amp; auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
end
tl 6 Jan 2008
hi, i don't know if its a bug, but i have to change the "redirect_to new_session" to "redirect_to new_session_path" in authenticated_system.rb, because i get an error "undefined local variable or method `new_session'". now all works fine.
tl 6 Jan 2008
hi, i don't know if its a bug, but i have to change the "redirect_to new_session" to "redirect_to new_session_path" in authenticated_system.rb, because i get an error "undefined local variable or method `new_session'". now all works fine.
nathan sharkey 4 Jan 2008

hi,

in response to my own post below, I found a more detailed screencast which i found useful in getting me started.

http://www.rubyplus.org/episodes/20-Extended-RESTful-Authentication-Rails-2-App.html

so now i' up and running with it my next question is where is best to post questions about the code itself. I would like to modify it so that a child model is created at the same time as user during signup but i don;t fully understand the create method in users controller.

cheers Nathan

Gabriele Tassoni 30 Dec 2007
I'm having problems with rails 1.2.4, whenever I try http://localhost:3000 it throws me an error: undefined method `authenticate_with_http_basic' for #<HomesController:0x2aaaac764f18>, reading around I managed to understand that the mentioned method is a prerogative of rails 2.0, but I cannot upgrade to that version since it's different from the one on the provider's site, however in the README from the plugin is clearly stated that works with rails 1.2 and edge... I'm a bit confused, Have I downloaded the wrong version? is there a version for 1.2? Thanks
nathan 28 Dec 2007

hi can anyone tell me where to find some documentation for this that i might understand. i have checked Ryans screencast although they usually make complete sense to me this one passes me by completely. I need to see an example of it in action. all i have is a company model and a product model company has many products product belong to company. i would like company has many users user belongs to company. then a logged in user can edit company and products.. any similar permutation would suffice as an example, i just need to see the code in action. spent numerous hours now trying to find examples but not found anything.

Johan van der Kuijl 28 Dec 2007

@raj: add this to your routes.rb

map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate'

Dustin Anderson 18 Nov 2007

Railscasts has an excellent screencast about using restful_authentication. I highly recommend: http://www.railscasts.com/episodes/67

raj 15 Nov 2007

This plugin looks good. I am not able to activate the account after the installation. I tried to debug the code using netbeans and It is not able to retrieve the instance of the User.

self.currentuser = params[:activationcode].blank? ? :false : User.findby_activationcode(params[:activation_code])

self.current_user sounds to be nil (Note:- this is a single line in my code.) Please let me know any ideas.

da991319 29 Oct 2007

Thank you for all the comments. I have a little problem (may be because i am new to RoR). Everything is OK with the logging and athentication, etc...

but what i want is to put an observer onto a table and write the login of the current user, which made the change, into an audit table. i try to put "include authenticatedSystem" into my observer but i got en error.

Anyone as already got that kind of problem before? thank you

kadoudal 7 Oct 2007

FAILURE IN TESTS 1) Failure: testshouldfailexpiredcookielogin(SessionsControllerTest) [./test/functional/sessionscontroller_test.rb:67]: <false> is not true.

15 tests, 31 assertions, 1 failures, 0 errors

def testshouldfailexpiredcookie_login users(:quentin).remember_me users(:quentin).updateattribute :remembertokenexpiresat, 5.minutes.ago @request.cookies["authtoken"] = cookiefor(:quentin) get :new assert !@controller.send(:logged_in?) end

Scott Meade 6 Oct 2007

Don't know if this is the right place for this type of question or not. Please delete if not.

I use this plugin for most projects, so thank you for it. I'm been trying to get my hands around when to create a RESTful resource. Restful Authentication is a good example of this decision. Specifically, would anyone like to share their thoughts on why, for example, this plugin has the activate method for Users instead of an Activation resource (where to activate a user you would post a :create to Activation)? I'm not proposing this plug-in be any different - it works just fine. Just thought it might be a good and very well known example to use on discussion of when to use the constrained set of actions and when not to. Are there any guidelines or is it mostly a judgment call from experience?

Mike Bailey 5 Oct 2007

Rails2.0 requires you to replace redirectto_url with redirectto.

In the plugin: restfulauthentication/generators/authenticated/templates/authenticatedsystem.rb

In existing apps: RAILSROOT/lib/authenticatedsystem.rb

linoj 24 Sep 2007

I wanted user records in my app to have various statuses. Here's how I modified restfulauthentication with actsasstatemachine to accomplish this. I'll call it stateful_authentication http://www.vaporbase.com/postings/stateful_authentication

Will Merydith 4 Sep 2007

Using this plugin successfully except . . . it doesn't seem to be persisting sessions to the db. It appears that when I log out, it attempts to destroy the session record in the db, but when I log in I see no attempt to create the session in the db.

No matter what, the sessions table never gets written to.

Vadimir 1 Sep 2007

@durant

Previous message obsolete, I finally found the reason (I had the same bug).

you must put the "map.resources" part in the BEGINNING of the routes.rb!

(The comments say: # The priority is based upon order of creation: first created -> highest priority.)

I'm feeling dumb :)

Vadimir 1 Sep 2007

durant, maybe this note will help:

If you're on rails 1.2.3 you may need to specify the controller name for the session singular resource:

map.resource :session, :controller => 'sessions'

Also, add an observer to config/environment.rb if you chose the --include-activation option config.activerecord.observers = :userobserver # or whatever you named your model

Ryan 28 Aug 2007

I tried moving the UsersController to Admin::UsersController, and I can get to the /admin/users/new screen, but I get an undefined constant UsersController on the create action. I've hunted around in the code but can't figure out why create is still looking for UsersController instead of Admin::UsersController. Any ideas?

Also, has anyone tried using RestfulAuthentication with RoleRequirement?

David Andrew Thompson 18 Aug 2007

Here's my take on a 'smart login' (this is a RESTful approach)... I used a partial navlogin.rhtml in my 'shared' folder and call it in my application.rhtml layout: http://pastie.caboo.se/89494

Theyaa 10 Aug 2007

Hello Everyone, I am really new to Rails and when trying to run this plugin after installing it it gives me this error:

ou have a nil object when you didn't expect it! You might have expected an instance of ActiveRecord::Base. The error occurred while evaluating nil.errors

Extracted source (around line #1):

1: <%= errormessagesfor :user %> 2: <% formfor :user, :url => userspath do |f| -%> 3: <p><label for="login">Login</label><br/> 4: <%= f.text_field :login %></p>

Anyone have an idea on how to fix this

guillaume belleguic 2 Aug 2007

Thanks for this plugins, I make some change in authenticated_system.rb to prevent
Session Hijacking :

def current_user=(new_user)
  session[:remote_ip] = request.remote_ip
  session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
  @current_user = new_user
end

and :

def current_user
  @current_user ||= (session[:user] &amp;&amp; User.find_by_id(session[:user]) &amp;&amp; (session[:remote_ip] == request.remote_ip)) || :false
end
Greg Lorriman 1 Aug 2007

To add to my previous comment. Immediately after calling

reset_session

you'll need to either have copied the session data to put in to the new session, or issue this call again :

self.current_user = User.authenticate(params[:login], params[:password])

durant 30 Jul 2007

Here is an answer to which version works with rails 1.2.3 (from Jacob Atzen http://www.ruby-forum.com/topic/117043#536293)

I tried this, ran "rake test" and all tests succeeded.

cd [into/rails-root]

svn export -r 2563 http://svn.techno-weenie.net/projects/plugins/restful_authentication/ vendor/plugins/restful_authentication

This version of the plugin should work with Rails 1.2.3.

===

unfortunately, when I try logging in, I still get an error about index not being found.

GregL 26 Jul 2007

To strengthen the ramparts against session fixation and hijacking vulnerabilities call reset_session right after the line :

if LoggedIn? reset_session blah blah.....

in the method

'LoginsessionsController.create'

It doesn't solve the problem, but it is simple and the hacker will need to be much more motivated: most hackers are lazy crims who want something for nothing.

durant 19 Jul 2007

Suggestion: Newbies, remember to run "rake db:migrate" (or if that's supposed to be automatic, it didn't happen for me)

Fix: (I'm a newbie, myself, but maybe this fix will earn me some help with my problem below)

in app/views/users/new.rhtml the label tags: label for="login" label for="email" should be: label for="user_login" label for="user_email" etc. so that when you click on the name, the corresponding textfield is selected. At least, this is how input id's area being named for me when I view the page source.

Problem: When I go to "http://localhost:3000/users/new" and fill out the form, I get directed to a page:

Unknown action

No action responded to index

I've tried modifying config/routes.rb with the suggestions below to no avail. It looks like the submit form is generating an "index" action and the UsersController doesn't know what to do with it. What's supposed to happen? Is email supposed to be sent and I'm somehow missing an emailer program?

thanks

note: I'm using Rails version 1.2.3

Keeran 13 Jul 2007

Which revision of the plugin is suitable for Rails 1.2.3? Trunk has failing tests which are apparently due to an update for edge.

Benjamin Curtis 14 May 2007

A full working sample application with restfulauthentication + openid_authenication is available at http://www.bencurtis.com/archives/2007/05/openid-sample-application/

Miguel Cobá 14 May 2007

I have written a small tutorial showing how to build a basic system using restfulauthentication and openid_authentication. The tutorial is written in spanish, but the code should be pretty understandable. Maybe can be useful for you. The url is http://blog.leugim.com.mx/index.php/2007/04/27/usando-ruby-on-rails-parte-1/

Luis Felipe Hurtado 10 May 2007

¿Is there a download-able version?. I can't get the plugin because I'm behind a firewall. Thanks!

hari 25 Apr 2007

Can someone point me to a tutorial that explains in a little bit more detail on how to use this? I see so many folks down in the comments section offering suggestions to this plugin that I don't understand the heads or tail of it. Can someone atleast aggregate the changes that are required to make this plugin work?

Thanks

ivar vasara 23 Apr 2007

The plugin has been modified since this post (thx to BillSays below) the new syntax for generating the mailer is -

./script/generate authenticated user --include-activation

Jim Morris 7 Apr 2007

It seems if you want to use the default activation code and templates you will need to add this to config/routes.rb

map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate'

travis 5 Apr 2007

in authenticated.rb there is one instance of redirect_to_url

I had to change to to redirect_to

I guess they took that method out of rails?

JB 1 Apr 2007

Can't generate the mailer either. Here's what I get:

./script/generate authenticated_mailer user Couldn't find 'authenticated_mailer' generator

NeoMike 13 Mar 2007

If you like acts_as_authenicated you'll love restful auth.

BillSaysThis 10 Mar 2007

I think the --include-activation parameter replaces the separate mailer generator. Though I could be wildly incorrect.

Nick Urban 3 Mar 2007

If you are using singular resources, don't forget to change sessionspath to sessionpath wherever it is needed (ie in app/views/session/new.rhtml).

Fyodor Golos 21 Feb 2007

Answering my own questions... :)

Rails 1.2.2 added a concept of "singular resources: http://weblog.rubyonrails.org/2007/2/6/rails-1-2-2-sqlite3-gems-singular-resources

In a nutshell, SessionsController needs to be renamed to SessionController (note singular form), and map.resource(:session) needs tobe used instead of map.resources(:session) (again, note singular form). That should take care of it.

Mike Jones 21 Feb 2007

Fyodor 1.2.2 introduced singular resources, if you modify the generated files to match the new convention then it should old work.

eg routes.rb
map.resource :session

sessionscontroller to sessioncontroller

etc...

Fyodor Golos 21 Feb 2007

Looks like Rails 1.2.2 is not happy about this in view: <%= linkto("Log out", sessionpath, :method => :delete) %>

It gives the following error: sessionurl failed to generate from {:controller=>"sessions", :action=>"show"} - you may have ambiguous routes, or you may need to supply additional parameters for this route. contenturl has the following required parameters: ["sessions", :id] - are they all satisifed?

Any suggestions as to how this should be addressed? I obviously do not want to expose current_user id in the URL. I will if I have to, but I would rather not.

Brian Yamabe 18 Feb 2007

Another request for clarification on the authenticated_mailer.

andrej 15 Feb 2007

The usercontrollertest functional test fails.

1) Failure: testshouldactivate_user:64 <nil> expected to not be nil.

The relevant code is:

def testshouldactivate_user assert_nil User.authenticate('aaron', 'test') get :activate, :activationcode => users(:aaron).activationcode assertredirectedto '/' assertnotnil flash[:notice] assert_equal users(:aaron), User.authenticate('aaron', 'test') end

Does anyone know why?

GregL 12 Feb 2007

Another newbie tip (from a newbie), look in your project's 'lib' folder and open and read the relevant files, ie. authenticated_system.rb. Much of the plugin's callable/useful methods are here.

iMei 12 Feb 2007

Couldn't find 'authenticated_mailer' generator. What is wrong here ??

Patrick Leytham 7 Feb 2007

Was attempting to generate the authenticatedmailer, yet the error I recieve is, "Couldn't find 'authenticatedmailer' generator. I checked in my vendor/plugins/restful_authentication/authenticated/templates directory, and obviously the mailer isn't present. Wondering if this file was removed from the svn site? if so, where can I get it?

Andrej Gombar 27 Jan 2007

This is just a comment for newbies out there (like me) that might be trying to use restful authentication in an existing app. When starting your application server (script/server) and you get this kind of error during server startup:

action_controller/routing.rb:406:in initialize_components': undefined methodfirst' for :users:Symbol (NoMethodError)

It means that your environment is set to use an older version of Rails. If you're running Rails 1.2, then open environment.rb in your project and change the RAILSGEMVERSION line to say " RAILSGEMVERSION = '1.2' "

Michael Mahemoff 20 Jan 2007

<i>What is "restful" about using cookies for authentication?</i>

In practice, you don't have much choice. The important thing is to treat it as a binary decision - the service either permits or rejects a user based on their cookie, and that's the only effect it has ... what you don't do is change how the service behaves, because that should be determined purely by the action and (optionally) the message.

Mercury 19 Jan 2007

I really like you plugin, and I am amazed how clean it is implemented.

But I'm quite new to this rails thing, and I have one question: If you provide a bug fix/update for your plugin, how are the users able to implement these changes?

For example, Rudy Lu mentions a bug here in the comments. You could release a new version that fixes the bug, but maybe I have already changed some of the generated files? What is the best practice to import the new code into my app?

R McAfee 5 Jan 2007

Thanks for the tip Rudy Lu!

Rudy Lu 19 Dec 2006

I found that in loginrequired of authenticatedsystem.rb, the following line: self.current_user ||= User.authenticate(username,passwd) || :false if username && passwd

should be changed to

self.current_user = User.authenticate(username,passwd) || :false if username && passwd

otherwise, http authorization can't work.

Christopher York 16 Dec 2006

In both Rails 1.2RC1 and Edge Rails, I get the following:

No such file or directory - script/../config/../vendor/plugins/restfulauthentication/generators/authenticatedmailer/templates/notifier.rb

Suggestions?

Chris Dwan 13 Dec 2006

Erik: Looks to me like the auth is done via HTTP headers. Cookies are only (optionally) used for 'remember me' functionality.

Erik Hetzner 27 Nov 2006

What is "restful" about using cookies for authentication?

Matt Zukowski 3 Nov 2006

Just wanted to say that this is a really well thought out and implemented piece of code.

Good job.

Search Plugins

Query syntax

Plugins by Category

Sponsors

Rails Kits: Get Code. Get Moving.

Have a comment?