Wristband plugin
- Author
- Version
-
1.0.0
The Wristband plug-in simplifies the user authentication process necessary in most web applications.
It handles:
-
Login and logout
-
Password storage with encryption
-
Remember me functionality
-
Authority definitions
Usage
From a clean project (assuming you just did rails myproject
)
1. Install the plugin
cd vendor/plugins
svn export http://twg.unfuddle.com/svn/twg_twgplugins/wristband/trunk wristband
2. Run the wristband generator:
script/generate wristband
This will output something like:
exists app/models
create app/models/user.rb
create app/controllers/users_controller.rb
create app/views/users/index.html.haml
exists app/controllers
create app/controllers/sessions_controller.rb
create app/views/sessions/new.html.haml
exists db/migrate
exists db/migrate
create db/migrate/001_wristband.rb
route specific routes
route map.resources :sessions, :users
3. Run migrations
rake db:migrate
4. Restart your server
5. Add whatever validations you need in your User model
6. Read the documentation on each one of the generated files
Configuration
User model
class User < ActiveRecord::Base
wristband []
end
Options:
- :login_with
-
Array of fields you want to authenticate the user with. Default: usename
wristband :login_with => [:username, :email]
- :before_authentication
-
Array of functions run after the user authentication takes place. Default: []
wristband :before_authentication => :do_something
- :after_authentication
-
Array of functions run before the user authentication takes place. Default: []
wristband :after_authentication => :do_something
- :plain_text_password
-
If true the password won’t be encrypted. Default: false
wristband :plain_text_password => true
- :has_authorities
-
If true the password won’t be encrypted. Default: false
wristband :plain_text_password => true
Remarks:
-
While password_crypt is limited to 40 characters, the standard output of the hashing function used to encrypt it, there is no such limit on the length of the password as input by the user.
-
There are no default restrictions on the content of the username. These should be added as required.
-
A user’s password is stored encrypted by default but support for plain- text passwords is also provided. Leaving ‘password_salt’ as blank or nil means the password is not encrypted. This makes the content of user
fixtures easy to read and understand.
-
The ‘remember_token’ field is used for login authentication via persistent cookie. This value changes each time the user’s password is reassigned.
Functionality
1. Remember me
If you want to automatically login a user when he comes back to your site, add before_filter :login_from_cookie
to your AplicationController.
2. Authority Definitions
Check the documentation on the files/lib/authority_check_rb.html file
Other Reading
“The Emerging Standards Bureau” on naming methods giantrobots.thoughtbot.com/2008/4/10/the-emerging-standards-bureau
Database configuration
The generator gives you a head start. The basic columns are defined as such:
create_table :users do |t|
t.string :email
t.string :password_crypt, :limit => 40
t.string :password_salt, :limit => 40
t.string :remember_token
t.string :email_validation_key
t.string :role
t.datetime :created_at
t.datetime :updated_at
# Add your own stuff here ...
end