Tutorial: Authlogic Basic Setup
Posted by benjohnson in AuthlogicNov 3rd, 2008 | 65 responsesPlease note this tutorial has been moved to the README in the authlogic_example respository. This tutorial is stored with the example app incase you are more of a hands on learner, you can play around with the resulting code.
65 Responses to “Tutorial: Authlogic Basic Setup”
About Me
Is it possible in authologic to activate users via sending emails rather than authorizing right away? I see that there is a mechanism to reset the passwords? Is it possible to activate users only after they click on there email? Please let me know it would really be helpful.
It seems that your tutorial insists on having accounts and users. I’m slugging away at this and trying to figure out why you have both. I ended up taking out all the routes to make sure I actually understood what was going on (educational part for me) and found that I have to put in the :account resources, even though I believe I have no mention of account in my code.
Is this hard coded or am I missing something?
And why is there this accounts/users duality? Future purpose that I’m not yet aware of?
I would like to log my user in after he clicks the activation link in signup email. Looks like I need to maintain the session in User model? But I really have no idea how to write this. Any thoughts, thanks a lot!
class User < ActiveRecord::Base
after_save :maintain_sessions!
private
def maintain_sessions!
# If we aren’t logged in and a user is created, log them in as that user
# If we aren’t logged in and a user’s password changes, log them in as that user
# If we are logged in and they change their password, update the session so they remain logged in
end
end
To create a user via the console:
Launch the console: ./script/console
Enter:
u = User.new
u.login = ‘blah’
u.password = ‘pass’
u.password_confirmation = ‘pass’
u.save
Tada
@NBee
If you follow the reset passwords article its pretty simples to adapt it for account activation. Perishable token is your friend.
@Tom
As I understand it the :account resource is an alias to the :users one, if you will.
# config/routes.rb
map.resource :account, :controller => "users"
map.resources :users
So there’s actually no accounts and users, just users (and account alias) and user_sessions.
Would someone be willing to post some code illustrating how to test using authlogic. I can’t seem to get a test logged in user to work. Something simple like:
get :restricted_action
assert_redirected_to :login_url
login_as :somebody # a fixture
get :restricted_action
assert_response :success
Obviously there’s not login_as method but that’s the logic that escapes me despite having read all the docs and tutorials.
Would someone be willing to post some code illustrating how to test using authlogic. I can’t seem to get a test logged in user to work. Something simple like:
get :restricted_action
assert_redirected_to :login_url
login_as :somebody # a fixture
get :restricted_action
assert_response :success
Obviously there’s not login_as method but that’s the logic that escapes me despite having read all the docs and tutorials.
Awesome gem!!
In addition I’ve wrote the simplest role admin check function, usefull for applications that only need one administrator user.
0. (followed the above tutorial)
1. I’ve created an account with login name ‘administrator’
2. I’ve added the next code to app/controllers/application.rb after request_user and request_no_user defs
# app/controllers/application.rb
…
def require_user_admin
unless current_user.login==’administrator’
store_location
flash[:notice] = "You must be logged as ‘administrador’ to access this page"
redirect_to :back
return false
end
end
…
Now I can use require_user_admin with before_filter as require_user or require_no_user
Example app:
- public users can see all the items, registered users can add new items too, only ‘administrator’ can destroy or modify items:
class ItemsController < ApplicationController
before_filter :require_user_admin, :only => [ :destroy, :update ]
before_filter :require_user, :only => [ :new, :create]
Is this aproximation correct for this kinds of apps?
(sorry for bad coding, please remove comment above)
Awesome gem!!
In addition I’ve wrote the simplest role admin check function, usefull for applications that only need one administrator user.
0. (followed the above tutorial)
1. I’ve created an account with login name ‘administrator’
2. I’ve added the next code to app/controllers/application.rb after request_user and request_no_user defs
app/controllers/application.rb
def require_user_admin
unless current_user.login==’administrador’
store_location
flash[:notice] = "You must be ‘administrador’ to access this page"
redirect_to :back
return false
end
end
Now I can use require_user_admin with before_filter as require_user or require_no_user
Example app:
- public users can see all the items, registered users can add new items too, only ‘administrator’ can destroy or modify items:
class ItemsController < ApplicationController
before_filter :require_user_admin, :only => [ :destroy, :update ]
before_filter :require_user, :only => [ :new, :create]
Is this aproximation correct for this kinds of apps?
I had to change the methods in the UsersController to read @user = current_user in order for this to work for me.
This is great! I’ve tried to get a number of auth systems up and running and this is the first that’s worked as advertised. Kudos for a fantastic tutorial as well as a great gem!
The plugin looks promising, but I am having trouble getting it to work… I followed everything to the book. But I get validation errors for creating a new user on both the login and password fields. I’m using the authlogic plugin…
Any ideas on what could have gone wrong?
@Marlon
I have the same issues, and it is worrisome. I’m digging into things now to see what’s up.
@Marlon & @neilmock:
Same issue here. I’m running from the plugin, not the gem. Don’t know if that makes a difference, but it’s the only difference I can see from the example app.
@Ben:
What I can’t find is any code that sets the @current_user, thus I have to call the methods in application.rb directly. Should there be a be some before filter somewhere that sets @current_user so that I can reference it in my code without calling the current_user method directly?
@marlon & @neilmock
I found my problem. During the install tutorial, I put the before_filters in my UserSession controller but not in my User controller. The @current_user is loaded during those filters, which I was not getting. So, now I can successfully call:
@user = @current_user
in my show, edit, and update actions of UsersController.