This engine will give you an instant authentication system for a new site, including support for user registration, openID authentication, and password resets via email. You will be able to customize look and feel, but it works right out of the box. Even with a completely empty app. ;-)
This Rails 2.3 engine is using the excellent Authlogic gem (github.com/binarylogic/authlogic/tree/master) from Ben Johnson at BinaryLogic, and is based on the sample application for that gem.
-
You need Rails 2.3! This engine is not based on the rails-engines plugin.
-
You need the Authlogic gem, but it will prompt for the gem if it’s missing
-
The OpenID Authentication plugin. Yes, I built in OpenID support by default.
-
The authlogic_oid gem.
$ script/plugin install git://github.com/angantyr/authentication_engine.git $ script/plugin install git://github.com/rails/open_id_authentication.git $ script/plugin install git://github.com/iain/i18n_label.git $ rake authentication_engine:sync $ rake db:migrate
the authentication_engine:sync rake task does the following, so use it with care on an existing site:
-
moves the migration files over to db/migrate
-
moves an authentication_config.yml file and it’s initializer into config
-
moves a mailer template over. rails doesn’t seem to pick up mailer templates inside engines
A couple of simple steps to get up and running:
In your application_controller.rb, you need to include authentication_system, like so:
class ApplicationController < ActionController::Base include AuthenticationEngine include LocalizedSystem helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details end
If you are starting with a completely empty rails site, add a site root like this:
map.root :controller => "home", :action => "index"
and remove index.html in public folder,
and then for every controller you want to protect, simply add:
class WidgetsController < ApplicationController before_filter :require_user ... end
or use a combination of user requirements on a per action level:
before_filter :require_no_user, :only => [:new, :create] before_filter :require_user, :only => :destroy
In your application layout include the javascript defaults if you are not already:
<%= javascript_include_tag :defaults %>
(This is only used for for switching between standard and openid login forms.)
In your layouts and views you can also call the login status bar:
<%= render :partial => 'shared/user_status' %>
Just remember to add this line to your routes.rb:
map.root :controller => "home", :action => "index"
First, you need to install the basic gems:
$ gem install rspec-rails $ gem install cucumber $ gem install webrat $ gem install bmabey-email_spec -s http://gems.github.com $ script/generate rspec $ script/generate cucumber $ script/generate email_spec
Then you can test the features of authentication_engine via rake command:
$ rake authentication_engine:features
Or test it manually:
$ rake db:test:prepare $ cucumber vendor/plugins/authentication_engine/features
Build out admin interfaces, which will expose full data on the included models. This step will also require some kind of authorization scheme. I’m currently planning on using the authorization plugin. Any thoughts on that are welcome. Perhaps that gets rolled into a separate authorization_engine ?
-
OpenID-based User creation: I would love for the user creation to use the OpenID functionality to the fullest.
On this one, all credit goes to Ben Johnson at BinaryLogic for providing a fresh start on authentication systems for Rails: github.com/binarylogic/authlogic/tree/master
Enjoy!
Copyright © 2009 Mans Angantyr, released under the MIT license