Authlogic is useful to create authentication for our Ruby on Rails application. Here are few steps to implement in Ruby on Rails 3.0 application,
Create new Rails application with Rails 3.0 as created in previous post,
rails new commentsApp -d mysql
1) To implement Authlogic in Ruby on Rails 3.0 application, include following gem in your Gemfile,
gem "authlogic" gem "rails3-generators"
so your Gemfile will look like,
source 'http://rubygems.org' gem 'rails', '3.0.3' gem 'mysql2' gem "authlogic" gem "rails3-generators"
Run following command to install above gems,
bundle install
2) Create UserSession with following command,
rails g authlogic:sessionUserSession
After creating this UserSession Authlogic model, make it look like following,
class UserSession < Authlogic::Session::Base
def to_key
new_record? ? nil : [ self.send(self.class.primary_key) ]
end
end
3) Create User model as,
rails g model User
4) To add fields for users table, open respective migrations
from /db/migrate folder, and make it look like following,
class CreateUsers < ActiveRecord::Migration
def self.up
create_table :users do |t|
t.string :login, :null => false
t.string :email, :null => false
t.string :crypted_password, :null => false
t.string :password_salt, :null => false
t.string :persistence_token, :null => false
t.string :single_access_token, :null => false # optional, see Authlogic::Session::Params
t.string :perishable_token, :null => false # optional, see Authlogic::Session::Perishability
# magic fields (all optional, see Authlogic::Session::MagicColumns)
t.integer :login_count, :null => false, :default => 0
t.integer :failed_login_count, :null => false, :default => 0
t.datetime :last_request_at
t.datetime :current_login_at
t.datetime :last_login_at
t.string :current_login_ip
t.string :last_login_ip
t.timestamps
end
add_index :users, ["login"], :name => "index_users_on_login", :unique => true
add_index :users, ["email"], :name => "index_users_on_email", :unique => true
add_index :users, ["persistence_token"], :name => "index_users_on_persistence_token", :unique => true
end
def self.down
drop_table :users
end
end
5) Add ‘acts_as_authentic’ in User model so that it will look like,
class User < ActiveRecord::Base
acts_as_authentic
end
6) Write following code in your ApplicationController,
class ApplicationController < ActionController::Base
protect_from_forgery
helper_method :current_user_session, :current_user
private
def current_user_session
logger.debug "ApplicationController::current_user_session"
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
logger.debug "ApplicationController::current_user"
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.user
end
def require_user
logger.debug "ApplicationController::require_user"
unless current_user
store_location
flash[:notice] = "You must be logged in to access this page"
redirect_to new_user_session_url
return false
end
end
def require_no_user
logger.debug "ApplicationController::require_no_user"
if current_user
store_location
flash[:notice] = "You must be logged out to access this page"
redirect_to account_url
return false
end
end
def store_location
session[:return_to] = request.request_uri
end
def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end
end
7) Create UserSessions controller with following command,
rails g controller UserSessionsnew
Add following code to UserSessionsController file,
class UserSessionsController < ApplicationController before_filter :require_no_user,nly => [:new, :create] before_filter :require_user,
9) Add following in /app/views/user_sessions/new.html.erb,
<%= form_for @user_session, :url => user_sessions_path do |f| %> <%= f.error_messages %>
Enter your e-mail and password to sign in. <%= f.label :login %> <%= f.text_field :login %> <%= f.label :password %> <%= f.password_field :password %> <%= f.submit "SIGN IN" %> <% end %>
10) f.error_message is removed from Rails 3, so to display error messages properly, install plugin as following,
rails plugin install git://github.com/rails/dynamic_form.git
11) In /config/routes.rb file, add following,
resources :user_sessions match 'login' => "user_sessions#new", :as => :login match 'logout' => "user_sessions#destroy", :as => :logout
12) Generate User Controller,
rails g controller users
13) Add routes for user controller in /config/routes.rb file,
resource :account, :controller => "users" resources :users
14) Add following code in UsersController file,
class UsersController < ApplicationController before_filter :require_no_user,
15) You need to create view files for Users,
Create /app/views/users/new.html.erb with following code,
Register<% form_for @user, :url => account_path do |f| %>
<%= f.error_messages %>
<%= render :partial => "form",
<%= f.submit "Register" %>
<% end %>
Create /app/views/users/_form.html.erb with following code,
<%= form.label :login %> <%= form.text_field :login %> <%= form.label :email %> <%= form.text_field :email %> <%= form.label :password, form.object.new_record? ? nil : "Change password" %> <%= form.password_field :password %> <%= form.label :password_confirmation %> <%= form.password_field :password_confirmation %>
Create /app/views/users/edit.html.erb with following code,
Edit My Account <% form_for @user, :url => account_path do |f| %> <%= f.error_messages %> <%= render :partial => "form",
Create /app/views/users/show.html.erb with following code,
Login: <%=h @user.login %> Login count: <%=h @user.login_count %> Last request at: <%=h @user.last_request_at %> Last login at: <%=h @user.last_login_at %> Current login at: <%=h @user.current_login_at %> Last login ip: <%=h @user.last_login_ip %> Current login ip: <%=h @user.current_login_ip %> <%= link_to 'Edit', edit_account_path %> | <%= link_to 'Logout', :logout %
16) Run migration to create “users” table,
rake db:create rake db:migrate
17) Now start rails server with following command,
rails s
18) Access application in browser as,
http://localhost:3000/users/new
New user can register from this registration page. After registration, user will be taken to Account page. Once logout, you will be taken to Login page.
19) To login, open following page,
http://localhost:3000/user_sessions/new
From above page, user can login to own account.
This was incredibly useful. Thanks!
after login how to authenticate user by mail in above code
and how an admin can login from the same user login without any other page