レイルに乗ってみた〜 目次
書籍『Rails of Ruby on Rails ~Case of LOCUSANDWONDERS.COM~
ユーザ認証機能をつける(gitでインスコ失敗)
プラグインのRestful-authenticationを使うので、とりあえずMacportsで『git』を入れる。
[注]git-coreいれなくてもよいかも? でもいずれ使うかもなので入れとく
sudo port install git-core
gitからrestful-authenticationをインストールする。
(『Restful Authentication - yuumi3のお仕事日記』さんを参考にしました)
~/work/locus $ script/plugin install git://github.com/technoweenie/restful-authentication.git removing: /Users/username/work/locus/vendor/plugins/restful-authentication/.git Initialized empty Git repository in /Users/username/work/locus/vendor/plugins/restful-authentication/.git/ remote: Counting objects: 415, done. remote: Compressing objects: 100% (282/282), done. remote: Total 415 (delta 142), reused 342 (delta 100) Receiving objects: 100% (415/415), 363.59 KiB | 220 KiB/s, done. Resolving deltas: 100% (142/142), done. Plugin not found: ["git://github.com/technoweenie/restful-authentication.git"]
あれ?Plugin not foundってインストール失敗?
別の方法でやってみる
『認証機能:restful_authenticationを試してみる。 - 発声練習』さんを参考にrestful_authenticationをインストールしてみる
~/work/locus $ script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication/
+ ./README
+ ./Rakefile
+ ./generators/authenticated/USAGE
+ ./generators/authenticated/authenticated_generator.rb
+ ./generators/authenticated/templates/activation.html.erb
+ ./generators/authenticated/templates/authenticated_system.rb
+ ./generators/authenticated/templates/authenticated_test_helper.rb
+ ./generators/authenticated/templates/controller.rb
+ ./generators/authenticated/templates/fixtures.yml
+ ./generators/authenticated/templates/functional_spec.rb
+ ./generators/authenticated/templates/functional_test.rb
+ ./generators/authenticated/templates/helper.rb
+ ./generators/authenticated/templates/login.html.erb
+ ./generators/authenticated/templates/mailer.rb
+ ./generators/authenticated/templates/mailer_test.rb
+ ./generators/authenticated/templates/migration.rb
+ ./generators/authenticated/templates/model.rb
+ ./generators/authenticated/templates/model_controller.rb
+ ./generators/authenticated/templates/model_functional_spec.rb
+ ./generators/authenticated/templates/model_functional_test.rb
+ ./generators/authenticated/templates/model_helper.rb
+ ./generators/authenticated/templates/observer.rb
+ ./generators/authenticated/templates/signup.html.erb
+ ./generators/authenticated/templates/signup_notification.html.erb
+ ./generators/authenticated/templates/unit_spec.rb
+ ./generators/authenticated/templates/unit_test.rb
+ ./install.rb
+ ./lib/restful_authentication/rails_commands.rb
Restful Authentication Generator
This is a basic restful authentication generator for rails, taken
from acts as authenticated. Currently it requires Rails 1.2.6 or above.
To use:
./script/generate authenticated user sessions \
--include-activation \
--stateful
The first parameter specifies the model that gets created in signup
(typically a user or account model). A model with migration is
created, as well as a basic controller with the create method.
The second parameter specifies the sessions controller name. This is
the controller that handles the actual login/logout function on the
site.
The third parameter (--include-activation) generates the code for a
ActionMailer and its respective Activation Code through email.
The fourth (--stateful) builds in support for acts_as_state_machine
and generates activation code. This was taken from:
http://www.vaporbase.com/postings/stateful_authentication
You can pass --skip-migration to skip the user migration.
If you're using acts_as_state_machine, define your users resource like this:
map.resources :users, :member => { :suspend => :put,
:unsuspend => :put,
:purge => :delete }
Also, add an observer to config/environment.rb if you chose the
--include-activation option
config.active_record.observers = :user_observer # or whatever you
# named your model
Security Alert
I introduced a change to the model controller that's been tripping
folks up on Rails 2.0. The change was added as a suggestion to help
combat session fixation attacks. However, this resets the Form
Authentication token used by Request Forgery Protection. I've left
it out now, since Rails 1.2.6 and Rails 2.0 will both stop session
fixation attacks anyway.今度は入ったみたい。
ユーザ認証用のモデルとコントローラを自動生成
~/work/locus $ script/generate authenticated user sessions
Ready to generate.
----------------------------------------------------------------------
Once finished, don't forget to:
- Add routes to these resources. In config/routes.rb, insert routes like:
map.signup '/signup', :controller => 'users', :action => 'new'
map.login '/login', :controller => 'sessions', :action => 'new'
map.logout '/logout', :controller => 'sessions', :action => 'destroy'
----------------------------------------------------------------------
We've create a new site key in config/initializers/site_keys.rb. If you have existing
user accounts their passwords will no longer work (see README). As always,
keep this file safe but don't post it in public.
----------------------------------------------------------------------
exists app/models/
exists app/controllers/
exists app/controllers/
exists app/helpers/
create app/views/sessions
exists app/controllers/
exists app/helpers/
create app/views/users
exists config/initializers
exists test/functional/
exists test/functional/
exists test/unit/
exists test/fixtures/
create app/models/user.rb
create app/controllers/sessions_controller.rb
create app/controllers/users_controller.rb
create lib/authenticated_system.rb
create lib/authenticated_test_helper.rb
create config/initializers/site_keys.rb
create test/functional/sessions_controller_test.rb
create test/functional/users_controller_test.rb
create test/unit/user_test.rb
create test/fixtures/users.yml
create app/helpers/sessions_helper.rb
create app/helpers/users_helper.rb
create app/views/sessions/new.html.erb
create app/views/users/new.html.erb
create app/views/users/_user_bar.html.erb
exists db/migrate
create db/migrate/20080908101516_create_users.rb
route map.resource :session
route map.resources :users
route map.signup '/signup', :controller => 'users', :action => 'new'
route map.register '/register', :controller => 'users', :action => 'create'
route map.login '/login', :controller => 'sessions', :action => 'new'
route map.logout '/logout', :controller => 'sessions', :action => 'destroy'
マイグレーション実行
~/work/locus $ rake db:migrate
AuthenticatedSystemの組み込み
app/controllers/sessions_controller.rb の以下の行コメントアウト
#include AuthenticatedSystem
そして、その行をapp/controllers/application.rb に追加
include AuthenticatedSystem
Beforeフィルタでユーザ認証
そしてその行をapp/controllers/entries_controller.rbに追加
before_filter :login_required, :except => [:index, :show]
ユーザアカウントの作成を制限する
app/controllers/users_controller.rb次をコメントアウト、と一行追加。
#include AuthenticatedSystem before_filter :login_required
ルーティングを修正
config/routes.rbに追加
map.signup '/signup', :controller => 'users', :action => 'new' map.login '/login', :controller => 'sessions', :action => 'new' map.logout '/logout', :controller => 'sessions', :action => 'destroy'
これで例えばhttp://localhost:3000/logoutに行けばログアウトできるようになる。
管理用のボタン類をログイン時のみ表示する
app/views/entries/index.html.erbの「link_to('記事の追加',〜」の行にif logged_in?を追加
<%= link_to('記事の追加', new_entry_path, :class => "operation") if logged_in? %>
app/views/entries/_entry.html.erbの「<dd>link_to '編集'〜</dd>」あたりを修正
<dd> <% content_tag :dd, :class => "operation" do %> <%= link_to '編集', edit_entry_path(entry) %> <%= link_to '削除', entry, :confirm => '本当によろしいですか?', :method => :delete %> <% end if logged_in? %> </dd>
確実にサーバ再起動してみた
ブラウザの表示がおかしいので、サーバの再起動を確実にやってみた。 (バックアップ取りつつやってるからかも)
ターミナルでサーバを起動。
control + c でサーバ止める。
cd cd work/locus script/server
でサーバ再起動してみる。
メモ
- 区切りごとにバックアップとる
- エラーでまくりでにっちもさっちもいかなくなったら、バックアップで戻ってやり直してみる。
今日はここまで。
