Ever wonder how to implement OpenID authentication in your Rails app? This episode will show you how to add it to a site with an existing authentication system.
# routes.rb
map.open_id_complete 'session', :controller => "session", :action => "create", :requirements => { :method => :get }
# session_controller.rb
class SessionController < ApplicationController
# render new.rhtml
def new
end
def create
if using_open_id?
open_id_authentication(params[:openid_url])
else
password_authentication(params[:login], params[:password])
end
end
def destroy
self.current_user.forget_me if logged_in?
cookies.delete :auth_token
reset_session
flash[:notice] = "You have been logged out."
redirect_back_or_default('/')
end
protected
def open_id_authentication(openid_url)
authenticate_with_open_id(openid_url, :required => [:nickname, :email]) do |result, identity_url, registration|
if result.successful?
@user = User.find_or_initialize_by_identity_url(identity_url)
if @user.new_record?
@user.login = registration['nickname']
@user.email = registration['email']
@user.save(false)
end
self.current_user = @user
successful_login
else
failed_login result.message
end
end
end
def password_authentication(login, password)
self.current_user = User.authenticate(login, password)
if logged_in?
successful_login
else
failed_login
end
end
def failed_login(message = "Authentication failed.")
flash.now[:error] = message
render :action => 'new'
end
def successful_login
if params[:remember_me] == "1"
self.current_user.remember_me
cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
end
redirect_back_or_default('/')
flash[:notice] = "Logged in successfully"
end
end