レイルに乗ってみた〜 目次
書籍『Rails of Ruby on Rails ~Case of LOCUSANDWONDERS.COM~』で勉強してみた(P76〜)
ユーザ認証機能をつける(gitでインスコ失敗)
プラグインのRestful-authenticationを使うので、とりあえずMacportsで『git』を入れる。
[注]git-coreいれなくてもよいかも? でもいずれ使うかもなので入れとく
sudo port install git-core
gitからrestful-authenticationをインストールする。
(『Restful Authentication - yuumi3のお仕事日記』さんを参考にしました)
~/work/locus $ script/plugin install git://github.com/technoweenie/restful-authentication.git removing: /Users/username/work/locus/vendor/plugins/restful-authentication/.git Initialized empty Git repository in /Users/username/work/locus/vendor/plugins/restful-authentication/.git/ remote: Counting objects: 415, done. remote: Compressing objects: 100% (282/282), done. remote: Total 415 (delta 142), reused 342 (delta 100) Receiving objects: 100% (415/415), 363.59 KiB | 220 KiB/s, done. Resolving deltas: 100% (142/142), done. Plugin not found: ["git://github.com/technoweenie/restful-authentication.git"]
あれ?Plugin not foundってインストール失敗?
別の方法でやってみる
『認証機能:restful_authenticationを試してみる。 - 発声練習』さんを参考にrestful_authenticationをインストールしてみる
~/work/locus $ script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication/ + ./README + ./Rakefile + ./generators/authenticated/USAGE + ./generators/authenticated/authenticated_generator.rb + ./generators/authenticated/templates/activation.html.erb + ./generators/authenticated/templates/authenticated_system.rb + ./generators/authenticated/templates/authenticated_test_helper.rb + ./generators/authenticated/templates/controller.rb + ./generators/authenticated/templates/fixtures.yml + ./generators/authenticated/templates/functional_spec.rb + ./generators/authenticated/templates/functional_test.rb + ./generators/authenticated/templates/helper.rb + ./generators/authenticated/templates/login.html.erb + ./generators/authenticated/templates/mailer.rb + ./generators/authenticated/templates/mailer_test.rb + ./generators/authenticated/templates/migration.rb + ./generators/authenticated/templates/model.rb + ./generators/authenticated/templates/model_controller.rb + ./generators/authenticated/templates/model_functional_spec.rb + ./generators/authenticated/templates/model_functional_test.rb + ./generators/authenticated/templates/model_helper.rb + ./generators/authenticated/templates/observer.rb + ./generators/authenticated/templates/signup.html.erb + ./generators/authenticated/templates/signup_notification.html.erb + ./generators/authenticated/templates/unit_spec.rb + ./generators/authenticated/templates/unit_test.rb + ./install.rb + ./lib/restful_authentication/rails_commands.rb Restful Authentication Generator This is a basic restful authentication generator for rails, taken from acts as authenticated. Currently it requires Rails 1.2.6 or above. To use: ./script/generate authenticated user sessions \ --include-activation \ --stateful The first parameter specifies the model that gets created in signup (typically a user or account model). A model with migration is created, as well as a basic controller with the create method. The second parameter specifies the sessions controller name. This is the controller that handles the actual login/logout function on the site. The third parameter (--include-activation) generates the code for a ActionMailer and its respective Activation Code through email. The fourth (--stateful) builds in support for acts_as_state_machine and generates activation code. This was taken from: http://www.vaporbase.com/postings/stateful_authentication You can pass --skip-migration to skip the user migration. If you're using acts_as_state_machine, define your users resource like this: map.resources :users, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete } Also, add an observer to config/environment.rb if you chose the --include-activation option config.active_record.observers = :user_observer # or whatever you # named your model Security Alert I introduced a change to the model controller that's been tripping folks up on Rails 2.0. The change was added as a suggestion to help combat session fixation attacks. However, this resets the Form Authentication token used by Request Forgery Protection. I've left it out now, since Rails 1.2.6 and Rails 2.0 will both stop session fixation attacks anyway.
今度は入ったみたい。
ユーザ認証用のモデルとコントローラを自動生成
~/work/locus $ script/generate authenticated user sessions Ready to generate. ---------------------------------------------------------------------- Once finished, don't forget to: - Add routes to these resources. In config/routes.rb, insert routes like: map.signup '/signup', :controller => 'users', :action => 'new' map.login '/login', :controller => 'sessions', :action => 'new' map.logout '/logout', :controller => 'sessions', :action => 'destroy' ---------------------------------------------------------------------- We've create a new site key in config/initializers/site_keys.rb. If you have existing user accounts their passwords will no longer work (see README). As always, keep this file safe but don't post it in public. ---------------------------------------------------------------------- exists app/models/ exists app/controllers/ exists app/controllers/ exists app/helpers/ create app/views/sessions exists app/controllers/ exists app/helpers/ create app/views/users exists config/initializers exists test/functional/ exists test/functional/ exists test/unit/ exists test/fixtures/ create app/models/user.rb create app/controllers/sessions_controller.rb create app/controllers/users_controller.rb create lib/authenticated_system.rb create lib/authenticated_test_helper.rb create config/initializers/site_keys.rb create test/functional/sessions_controller_test.rb create test/functional/users_controller_test.rb create test/unit/user_test.rb create test/fixtures/users.yml create app/helpers/sessions_helper.rb create app/helpers/users_helper.rb create app/views/sessions/new.html.erb create app/views/users/new.html.erb create app/views/users/_user_bar.html.erb exists db/migrate create db/migrate/20080908101516_create_users.rb route map.resource :session route map.resources :users route map.signup '/signup', :controller => 'users', :action => 'new' route map.register '/register', :controller => 'users', :action => 'create' route map.login '/login', :controller => 'sessions', :action => 'new' route map.logout '/logout', :controller => 'sessions', :action => 'destroy'
マイグレーション実行
~/work/locus $ rake db:migrate
AuthenticatedSystemの組み込み
app/controllers/sessions_controller.rb の以下の行コメントアウト
#include AuthenticatedSystem
そして、その行をapp/controllers/application.rb に追加
include AuthenticatedSystem
Beforeフィルタでユーザ認証
そしてその行をapp/controllers/entries_controller.rbに追加
before_filter :login_required, :except => [:index, :show]
ユーザアカウントの作成を制限する
app/controllers/users_controller.rb次をコメントアウト、と一行追加。
#include AuthenticatedSystem before_filter :login_required
ルーティングを修正
config/routes.rbに追加
map.signup '/signup', :controller => 'users', :action => 'new' map.login '/login', :controller => 'sessions', :action => 'new' map.logout '/logout', :controller => 'sessions', :action => 'destroy'
これで例えばhttp://localhost:3000/logoutに行けばログアウトできるようになる。
管理用のボタン類をログイン時のみ表示する
app/views/entries/index.html.erbの「link_to('記事の追加',〜」の行にif logged_in?を追加
<%= link_to('記事の追加', new_entry_path, :class => "operation") if logged_in? %>
app/views/entries/_entry.html.erbの「<dd>link_to '編集'〜</dd>」あたりを修正
<dd> <% content_tag :dd, :class => "operation" do %> <%= link_to '編集', edit_entry_path(entry) %> <%= link_to '削除', entry, :confirm => '本当によろしいですか?', :method => :delete %> <% end if logged_in? %> </dd>
確実にサーバ再起動してみた
ブラウザの表示がおかしいので、サーバの再起動を確実にやってみた。 (バックアップ取りつつやってるからかも)
ターミナルでサーバを起動。
control + c でサーバ止める。
cd cd work/locus script/server
でサーバ再起動してみる。
メモ
- 区切りごとにバックアップとる
- エラーでまくりでにっちもさっちもいかなくなったら、バックアップで戻ってやり直してみる。
今日はここまで。