ruby script/plugin install http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/trunk/
ruby script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication/
=========================================
Restful Authentication Generator
====
This is a basic restful authentication generator for rails, taken
from acts as authenticated. Currently it requires Rails 1.2.6 or above.
To use:
./script/generate authenticated user sessions \
--include-activation \
--stateful
The first parameter specifies the model that gets created in signup
(typically a user or account model). A model with migration is
created, as well as a basic controller with the create method.
The second parameter specifies the sessions controller name. This is
the controller that handles the actual login/logout function on the
site.
The third parameter (--include-activation) generates the code for a
ActionMailer and its respective Activation Code through email.
The fourth (--stateful) builds in support for acts_as_state_machine
and generates activation code. This was taken from:
http://www.vaporbase.com/postings/stateful_authentication
You can pass --skip-migration to skip the user migration.
If you're using acts_as_state_machine, define your users resource like this:
map.resources :users, :member => { :suspend => :put,
:unsuspend => :put,
:purge => :delete }
Also, add an observer to config/environment.rb if you chose the
--include-activation option
config.active_record.observers = :user_observer # or whatever you
# named your model
Security Alert
====
I introduced a change to the model controller that's been tripping
folks up on Rails 2.0. The change was added as a suggestion to help
combat session fixation attacks. However, this resets the Form
Authentication token used by Request Forgery Protection. I've left
it out now, since Rails 1.2.6 and Rails 2.0 will both stop session
fixation attacks anyway.
=========================================
ruby script/generate authenticated user sessions --include-activation --stateful
ruby script/generate controller home index
=========================================
map.root :controller => "home"
map.home '/', :controller => 'home', :action => 'index'
map.resources :users
map.resource :session
map.signup '/signup', :controller => 'users', :action => 'new'
map.login '/login', :controller => 'sessions', :action => 'new'
map.logout '/logout', :controller => 'sessions', :action => 'destroy'
map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
=========================================
<!-- home/index.rhtml -->
<h1>Welcome</h1>
<% if logged_in? %>
<p><strong>You are logged in as <%=h current_user.login %></strong></p>
<p><%= link_to 'Logout', logout_path %></p>
<% else %>
<p><strong>You are currently not logged in.</strong></p>
<p>
<%= link_to 'Login', login_path %> or
<%= link_to 'Sign Up', signup_path %>
</p>
<% end %>
更详细的文章
http://www.360doc.com/content/09/0407/22/4131_3053944.shtml
643
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
