牌語備忘録 -pygo

あくまでもメモです。なるべくオフィシャルの情報を参照してください。

牌語備忘録 -pygo

レイルに乗ってみた〜Rails of Ruby on Rails その03「プラグインで躓いた(つдT)」

レイルに乗ってみた〜 目次
書籍『Rails of Ruby on Rails ~Case of LOCUSANDWONDERS.COM~』で勉強してみた(P76〜)

ユーザ認証機能をつける(gitでインスコ失敗)

プラグインのRestful-authenticationを使うので、とりあえずMacportsで『git』を入れる。
[注]git-coreいれなくてもよいかも? でもいずれ使うかもなので入れとく

sudo port install git-core

gitからrestful-authenticationをインストールする。
(『Restful Authentication - yuumi3のお仕事日記』さんを参考にしました)

~/work/locus $ script/plugin install git://github.com/technoweenie/restful-authentication.git
removing: /Users/username/work/locus/vendor/plugins/restful-authentication/.git
Initialized empty Git repository in /Users/username/work/locus/vendor/plugins/restful-authentication/.git/
remote: Counting objects: 415, done.        
remote: Compressing objects: 100% (282/282), done.        
remote: Total 415 (delta 142), reused 342 (delta 100)        
Receiving objects: 100% (415/415), 363.59 KiB | 220 KiB/s, done.
Resolving deltas: 100% (142/142), done.
Plugin not found: ["git://github.com/technoweenie/restful-authentication.git"]

あれ?Plugin not foundってインストール失敗?

別の方法でやってみる

認証機能:restful_authenticationを試してみる。 - 発声練習』さんを参考にrestful_authenticationをインストールしてみる

~/work/locus $ script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication/
+ ./README
+ ./Rakefile
+ ./generators/authenticated/USAGE
+ ./generators/authenticated/authenticated_generator.rb
+ ./generators/authenticated/templates/activation.html.erb
+ ./generators/authenticated/templates/authenticated_system.rb
+ ./generators/authenticated/templates/authenticated_test_helper.rb
+ ./generators/authenticated/templates/controller.rb
+ ./generators/authenticated/templates/fixtures.yml
+ ./generators/authenticated/templates/functional_spec.rb
+ ./generators/authenticated/templates/functional_test.rb
+ ./generators/authenticated/templates/helper.rb
+ ./generators/authenticated/templates/login.html.erb
+ ./generators/authenticated/templates/mailer.rb
+ ./generators/authenticated/templates/mailer_test.rb
+ ./generators/authenticated/templates/migration.rb
+ ./generators/authenticated/templates/model.rb
+ ./generators/authenticated/templates/model_controller.rb
+ ./generators/authenticated/templates/model_functional_spec.rb
+ ./generators/authenticated/templates/model_functional_test.rb
+ ./generators/authenticated/templates/model_helper.rb
+ ./generators/authenticated/templates/observer.rb
+ ./generators/authenticated/templates/signup.html.erb
+ ./generators/authenticated/templates/signup_notification.html.erb
+ ./generators/authenticated/templates/unit_spec.rb
+ ./generators/authenticated/templates/unit_test.rb
+ ./install.rb
+ ./lib/restful_authentication/rails_commands.rb
Restful Authentication Generator

This is a basic restful authentication generator for rails, taken 
from acts as authenticated.  Currently it requires Rails 1.2.6 or above.

To use:

  ./script/generate authenticated user sessions \
		--include-activation \
		--stateful

The first parameter specifies the model that gets created in signup
(typically a user or account model).  A model with migration is 
created, as well as a basic controller with the create method.

The second parameter specifies the sessions controller name.  This is
the controller that handles the actual login/logout function on the 
site.

The third parameter (--include-activation) generates the code for a 
ActionMailer and its respective Activation Code through email.

The fourth (--stateful) builds in support for acts_as_state_machine
and generates activation code.  This was taken from:

http://www.vaporbase.com/postings/stateful_authentication

You can pass --skip-migration to skip the user migration.

If you're using acts_as_state_machine, define your users resource like this:

	map.resources :users, :member => { :suspend   => :put,
                                     :unsuspend => :put,
                                     :purge     => :delete }

Also, add an observer to config/environment.rb if you chose the 
--include-activation option

  config.active_record.observers = :user_observer # or whatever you 
																									# named your model

Security Alert

I introduced a change to the model controller that's been tripping 
folks up on Rails 2.0.  The change was added as a suggestion to help
combat session fixation attacks.  However, this resets the Form 
Authentication token used by Request Forgery Protection.  I've left
it out now, since Rails 1.2.6 and Rails 2.0 will both stop session
fixation attacks anyway.

今度は入ったみたい。

ユーザ認証用のモデルとコントローラを自動生成

~/work/locus $ script/generate authenticated user sessions
Ready to generate.
----------------------------------------------------------------------
Once finished, don't forget to:

- Add routes to these resources. In config/routes.rb, insert routes like:
    map.signup '/signup', :controller => 'users', :action => 'new'
    map.login  '/login',  :controller => 'sessions', :action => 'new'
    map.logout '/logout', :controller => 'sessions', :action => 'destroy'

----------------------------------------------------------------------

We've create a new site key in config/initializers/site_keys.rb.  If you have existing
user accounts their passwords will no longer work (see README). As always,
keep this file safe but don't post it in public.

----------------------------------------------------------------------
      exists  app/models/
      exists  app/controllers/
      exists  app/controllers/
      exists  app/helpers/
      create  app/views/sessions
      exists  app/controllers/
      exists  app/helpers/
      create  app/views/users
      exists  config/initializers
      exists  test/functional/
      exists  test/functional/
      exists  test/unit/
      exists  test/fixtures/
      create  app/models/user.rb
      create  app/controllers/sessions_controller.rb
      create  app/controllers/users_controller.rb
      create  lib/authenticated_system.rb
      create  lib/authenticated_test_helper.rb
      create  config/initializers/site_keys.rb
      create  test/functional/sessions_controller_test.rb
      create  test/functional/users_controller_test.rb
      create  test/unit/user_test.rb
      create  test/fixtures/users.yml
      create  app/helpers/sessions_helper.rb
      create  app/helpers/users_helper.rb
      create  app/views/sessions/new.html.erb
      create  app/views/users/new.html.erb
      create  app/views/users/_user_bar.html.erb
      exists  db/migrate
      create  db/migrate/20080908101516_create_users.rb
       route  map.resource :session
       route  map.resources :users
       route  map.signup '/signup', :controller => 'users', :action => 'new'
       route  map.register '/register', :controller => 'users', :action => 'create'
       route  map.login '/login', :controller => 'sessions', :action => 'new'
       route  map.logout '/logout', :controller => 'sessions', :action => 'destroy'

マイグレーション実行

~/work/locus $ rake db:migrate

AuthenticatedSystemの組み込み

app/controllers/sessions_controller.rb の以下の行コメントアウト

  #include AuthenticatedSystem

そして、その行をapp/controllers/application.rb に追加

  include AuthenticatedSystem

Beforeフィルタでユーザ認証

そしてその行をapp/controllers/entries_controller.rbに追加

  before_filter :login_required, :except => [:index, :show]

ブラウザで動作確認

http://localhost:3000/entriesで記事の追加するとログイン画面


ユーザアカウント作成

http://localhost:3000/users/newでユーザ登録したらエラーに。
サーバを再起動(script/server )したら登録できた。


ユーザアカウントの作成を制限する

app/controllers/users_controller.rb次をコメントアウト、と一行追加。

  #include AuthenticatedSystem
  
  before_filter :login_required

ルーティングを修正

config/routes.rbに追加

  map.signup '/signup', :controller => 'users', :action => 'new'
  
  map.login  '/login',  :controller => 'sessions', :action => 'new'
                      
  map.logout '/logout', :controller => 'sessions', :action => 'destroy'

これで例えばhttp://localhost:3000/logoutに行けばログアウトできるようになる。

管理用のボタン類をログイン時のみ表示する

app/views/entries/index.html.erbの「link_to('記事の追加',〜」の行にif logged_in?を追加

<%= link_to('記事の追加', new_entry_path, :class => "operation") if logged_in? %>


app/views/entries/_entry.html.erbの「<dd>link_to '編集'〜</dd>」あたりを修正

<dd> 
<% content_tag :dd, :class => "operation" do %>
<%= link_to '編集', edit_entry_path(entry) %>
<%= link_to '削除', entry, :confirm => '本当によろしいですか?', 
:method => :delete %>
<% end if logged_in? %>
</dd>

確実にサーバ再起動してみた

ブラウザの表示がおかしいので、サーバの再起動を確実にやってみた。 (バックアップ取りつつやってるからかも)
ターミナルでサーバを起動。
control + c でサーバ止める。

cd
cd work/locus
script/server 

でサーバ再起動してみる。


メモ

  • 区切りごとにバックアップとる
  • エラーでまくりでにっちもさっちもいかなくなったら、バックアップで戻ってやり直してみる。


今日はここまで。