metasploit-framework/lib/gemcache/ruby/1.9.1/gems/authlogic-3.1.0/README.rdoc

251 lines
18 KiB
Plaintext
Raw Normal View History

Cutting over rails3 to master. This switches the Metasploit Framework to a Rails 3 backend. If you run into new problems (especially around Active Record or your postgresql gem) you should try first updating your Ruby installation to 1.9.3 and use a more recent 'pg' gem. If that fails, we'd love to see your bug report (just drop all the detail you can into an issue on GitHub). In the meantime, you can checkout the rails2 branch, which was branched from master immediately before this cutover. Squashed commit of the following: commit 5802ec851580341c6717dfea529027c12678d35f Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 23:30:12 2012 -0500 Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable) commit 8102f98dce9eb0c73c4374e40dce09af7b51d060 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 23:30:03 2012 -0500 Add a method to expand win32 file paths commit bda6479d154cf75572dd5de8b66bfde661a55de9 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 18:53:44 2012 -0500 Fix 1.8.x compatibility commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 18:40:59 2012 -0500 Use verbose instead of stringio commit 5db467ffb593488285576d183b1662093e454b3e Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 18:30:06 2012 -0500 Hide the iconv warning, were stuck with it due to EBCDIC support commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 18:29:58 2012 -0500 Dont use GEM_HOME by default commit ca49271c22c314a4465fff934334df18c704cbc0 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 18:23:34 2012 -0500 Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads commit 34af04076a068e9f60c5526045ddbba5fca359fd Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 18:18:29 2012 -0500 Fallback to bundler when not running inside of a installer env commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 16:26:55 2012 -0500 Remove a mess of gems that were not actually required commit 21290a73926809e9049a59359449168f740d13d2 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 15:59:10 2012 -0500 Hack around a gem() call that is well-intentioned but an obstacle in this case commit 8e414a8bfab9641c81088d22f73033be5b37a700 Author: Tod Beardsley <todb@metasploit.com> Date: Sun Apr 15 15:06:08 2012 -0500 Ruby, come on. Ducktype this. Please. Use interpolated strings to get the to_s behavior you don't get with just plussing. commit 0fa92c58750f8f84edbecfaab72cd2da5062743f Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 15:05:42 2012 -0500 Add new eventmachine/thin gems commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 15:01:18 2012 -0500 Purge (reimport in a second) commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 14:54:42 2012 -0500 Cleanup uncessary .so files (ext vs lib) commit d219330a3cc563e9da9f01fade016c9ed8cda21c Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 14:53:02 2012 -0500 PG gems built against the older installation environment commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 14:06:35 2012 -0500 Rename to include the version commit a893de222b97ce1222a55324f1811b0262aae2d0 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 13:56:47 2012 -0500 Detect older installation environments and load the arch-lib directories into the search path commit 6444bba0a421921e2ebe2df2323277a586f9736f Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 13:49:25 2012 -0500 Merge in windows gems commit 95efbcfde220917bc7ee08e6083d7b383240d185 Author: Tod Beardsley <todb@metasploit.com> Date: Sun Apr 15 13:49:33 2012 -0500 Report_vuln shouldn't use :include in finder find_or_create_by doesn't take :include as a param. commit c5f99eb87f0874ef7d32fa42828841c9a714b787 Author: David Maloney <DMaloney@rapid7.com> Date: Sun Apr 15 12:44:09 2012 -0500 One more msised Mdm namespace issue commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68 Author: David Maloney <DMaloney@rapid7.com> Date: Sun Apr 15 12:33:41 2012 -0500 Fixes some mroe Mdm namespace confusion Fixes #6626 commit 10cee17f391f398bb2be3409137ff7348c7a66ee Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 03:40:44 2012 -0500 Add robots gem (required by webscan) commit 327e674c83850101364c9cca8f8d16da1de3dfb5 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 03:39:05 2012 -0500 Fix missing error checks commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 01:15:37 2012 -0500 Reorder requires and add a method for injecting a new migration path commit 250a5fa5ae8cb05807af022aa4168907772c15f8 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 00:56:09 2012 -0500 Remove missing constant (use string) and add gemcache cleaner commit 37ad6063fce0a41dddedb857fa49aa2c4834a508 Merge: d47ee82 4be0361 Author: Tod Beardsley <todb@metasploit.com> Date: Sun Apr 15 00:40:16 2012 -0500 Merge branch 'master-clone' into rails3-clone commit d47ee82ad7e66de53dd3d3a65649cc37299a2479 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 00:30:03 2012 -0500 cleanup leftovers from gems commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2 Author: HD Moore <hd_moore@rapid7.com> Date: Sun Apr 15 00:25:47 2012 -0500 MDM update with purged DBSave module commit 71e4f2d81f6da221b76150562a16c730888f5925 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 23:19:37 2012 -0500 Add new mdm commit 651cd5adac8211d65e0c8079371d8264e549533a Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 23:19:13 2012 -0500 Update mdm commit 0191a8bd0acec30ddb2a9e9c291111a12378537f Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 22:30:40 2012 -0500 This fixes numerous cases of missed Mdm:: prefixes on db objects commit a2a9bb3f2148622c135663dead80b3367b6f7695 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 18:30:18 2012 -0500 Add eventmachine commit 301ddeb12b906ed3c508613ca894347bedc3b499 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 18:18:12 2012 -0500 A nicer error for folks who need to upgrade pg commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 17:54:55 2012 -0500 Remove bundler requirements commit 2e3ab9ed211303f1116e602b9a450141b71e56a4 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 17:35:38 2012 -0500 Pull in eventmachine with actual .so's this time commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 17:19:12 2012 -0500 Update deps, still need to add eventmachine commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 13:07:06 2012 -0500 Handle older installer environments and only allow binary gems when the environment specifically asks for it commit b98eb7873a6342834840424699caa414a5cb172a Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 04:05:13 2012 -0500 Bump version to -testing commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 02:25:09 2012 -0500 Remove msf3 subdir commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 02:24:39 2012 -0500 Remove the old busted external commit 5fb5a0fc642b6c301934c319db854cc3145427a1 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 02:03:10 2012 -0500 Add the gemcache loader commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Apr 14 02:02:23 2012 -0500 Purge gemfile/bundler configure in exchange for new gemcache setup commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c Author: Tod Beardsley <todb@metasploit.com> Date: Thu Apr 12 14:11:45 2012 -0500 Mode change on modicon_ladder.apx commit c18b3d56efd639e461137acdc76b4b283fe978d4 Author: HD Moore <hd_moore@rapid7.com> Date: Thu Apr 12 01:38:56 2012 -0500 The go faster button commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a Merge: 674ee09 b8129f9 Author: Tod Beardsley <todb@metasploit.com> Date: Mon Apr 9 15:50:33 2012 -0500 Merge branch 'master-clone' into rails3-clone Picking up Packetfu upstream changes, all pretty minor commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b Merge: e9513e5 a26e844 Author: Tod Beardsley <todb@metasploit.com> Date: Mon Apr 9 13:57:26 2012 -0500 Merge branch 'master-clone' into rails3-clone Conflicts: lib/msf/core/handler/reverse_http.rb lib/msf/core/handler/reverse_https.rb modules/auxiliary/scanner/discovery/udp_probe.rb modules/auxiliary/scanner/discovery/udp_sweep.rb Resolved conflicts with the reverse_http handlers and the udp probe / scanners byt favoring the more recent changes (which happened to be the intent anyway). The reverse_http and reverse_https changes were mine so I know what the intent was, and @dmaloney-r7 changed udp_probe and udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the intent is clear there as well. commit e9513e54f984fdb100c13b44a1724246779ccb76 Author: David Maloney <dmaloney@melodie.gateway.2wire.net> Date: Fri Apr 6 18:21:46 2012 -0500 Some fixes to how services get reported to prevent issues with the web interface commit adeb44e9aaf1a329a0e587d2b26e678398730422 Author: David Maloney <David_Maloney@rapid7.com> Date: Mon Apr 2 15:39:46 2012 -0500 Some corrections to pcAnywhere discovery modules to distinguish between the two services commit b13900176484fea8f5217a2ef925ae2ad9b7af47 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Mar 31 12:03:21 2012 -0500 Enable additional migration-path parameters, use a temporary directory to bring the database online commit 526b4c56883f461417f71269404faef38639917c Author: David Maloney <David_Maloney@rapid7.com> Date: Wed Mar 28 23:24:56 2012 -0500 A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place commit 2cf3143370af808637d164ce59400605300f922c Author: HD Moore <hd_moore@rapid7.com> Date: Mon Mar 26 16:22:09 2012 -0500 Check for ruby 2.0 as well as 1.9 for encoding override commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee Author: HD Moore <hd_moore@rapid7.com> Date: Mon Mar 26 15:36:04 2012 -0500 Remove debug statement commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a Author: HD Moore <hd_moore@rapid7.com> Date: Mon Mar 26 15:01:55 2012 -0500 Be explicit about the Mdm namespace commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee Author: hdm <hdm@hypo.(none)> Date: Mon Mar 26 11:49:51 2012 -0500 Precalculate some uri strings in case the 1000-round generation fails commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0 Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Sat Mar 24 14:03:44 2012 -0500 Removed some non-namespaced calls to Host commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c Author: HD Moore <hd_moore@rapid7.com> Date: Tue Mar 20 00:37:00 2012 -0500 Purge the rvmrc, this is causing major headaches commit 76df18588917b7150a3bedf2569710a80bab51f8 Author: HD Moore <hd_moore@rapid7.com> Date: Tue Mar 20 00:31:52 2012 -0500 Switch .rvmrc to the shipping 1.9.3 version commit 7124971d0032b268f4ddf89aca125f15e284f345 Author: David Maloney <David_Maloney@rapid7.com> Date: Mon Mar 12 16:56:40 2012 -0500 Adds mixin for looking up Mime Types by extension commit b7ca8353164c43db6bacb2f3f16afa1269f66e43 Merge: a0b0c75 6b9a219 Author: Matt Buck <techpeace@gmail.com> Date: Tue Mar 6 19:38:53 2012 -0600 Merge from develop. commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0 Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Tue Mar 6 11:08:59 2012 -0600 Somehow migration file is new? commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105 Author: David Maloney <David_Maloney@rapid7.com> Date: Wed Feb 29 16:38:55 2012 -0600 Added ability to specify headers to redirects in http server commit e50d27cda83872c616722adb03dc1a6a5e685405 Author: HD Moore <hd_moore@rapid7.com> Date: Sat Feb 4 04:44:50 2012 -0600 Tweak the event dispatcher to enable customer events without a category and trigger http request events from the main exploit mixin. Experimental commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033 Author: Matt Buck <Matthew_Buck@rapid7.com> Date: Thu Feb 2 22:09:05 2012 -0600 Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot. commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Wed Feb 1 12:48:48 2012 -0600 Changed Gemfile to use new gem name commit 245c2063f06b4fddbfc607d243796669ef236136 Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Wed Feb 1 12:47:42 2012 -0600 Did find/replace for final namespace of Mdm commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Tue Jan 24 10:47:44 2012 -0600 Fix a bunch of namespace issues commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e Author: Matt Buck <Matthew_Buck@rapid7.com> Date: Fri Jan 20 14:37:37 2012 -0600 Update Msm contstants in migrations for initial DB builds. commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5 Author: Matt Buck <Matthew_Buck@rapid7.com> Date: Fri Jan 20 14:37:25 2012 -0600 Update Gemfile.lock. commit 1cc655b678f0a054a9a783da119237fe3f67faa4 Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Thu Jan 19 11:48:29 2012 -0600 Errant Workspaces needed namespace commit 607a78285582c530a68985add33ccf4d899c467a Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Tue Jan 17 15:44:02 2012 -0600 Refactored all models to use the new namespace * Every model using DBManager::* namespace is now Msm namespace * Almost all of this in msf/base/core * Some in modules commit a690cd959b3560fa2284975ca7ecca10c228fb05 Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Tue Jan 17 13:41:44 2012 -0600 Move bundler setup commit dae115cc8f7619ca7a827123079cb67fb4d9354b Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Mon Jan 9 15:51:07 2012 -0600 Moved ActiveSupport dep to gem commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Mon Jan 9 14:40:05 2012 -0600 Removed model require file commit d0c74cff8c44771e566ec63b03eda10d03b25c42 Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Tue Jan 3 16:06:10 2012 -0600 Update some more finds commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46 Author: Trevor Rosen <Trevor_Rosen@rapid7.com> Date: Tue Jan 3 14:21:15 2012 -0600 Yet another dumb commit commit a75febcb593d52fdfe930306b4275829759d81d1 Author: Trevor Rosen <trevor@catapult-creative.com> Date: Thu Dec 29 19:20:51 2011 -0600 Fixing deletion commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92 Author: Trevor Rosen <trevor@catapult-creative.com> Date: Wed Dec 7 17:06:45 2011 -0600 Fixed erroneous commit commit 531c1e611cf4d23aeb9c48350dabf7630d662d25 Author: Trevor Rosen <trevor@catapult-creative.com> Date: Mon Nov 21 16:11:35 2011 -0600 Remove AR patch stuff; attempting to debug non-connection between MSF and Pro commit 458611224189c7aa27e500aabd373d85dc2dc5c0 Author: Trevor Rosen <trevor@catapult-creative.com> Date: Fri Nov 18 16:17:27 2011 -0600 Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-16 04:35:38 +00:00
= Authlogic
** Please note the latest version is compatible with rails 3 only. Rails 2 should use version 2.X.X **
Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
A code example can replace a thousand words...
Authlogic introduces a new type of model. You can have as many as you want, and name them whatever you want, just like your other models. In this example, we want to authenticate with the User model, which is inferred by the name:
class UserSession < Authlogic::Session::Base
# specify configuration here, such as:
# logout_on_timeout true
# ...many more options in the documentation
end
Log in with any of the following. Create a UserSessionsController and use it just like your other models:
UserSession.create(:login => "bjohnson", :password => "my password", :remember_me => true)
session = UserSession.new(:login => "bjohnson", :password => "my password", :remember_me => true); session.save
UserSession.create(:openid_identifier => "identifier", :remember_me => true) # requires the authlogic-oid "add on" gem
UserSession.create(my_user_object, true) # skip authentication and log the user in directly, the true means "remember me"
The above handles the entire authentication process for you. It first authenticates, then it sets up the proper session values and cookies to persist the session. Just like you would if you rolled your own authentication solution.
You can also log out / destroy the session:
session.destroy
After a session has been created, you can persist it across requests. Thus keeping the user logged in:
session = UserSession.find
To get all of the nice authentication functionality in your model just do this:
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.my_config_option = my_value
end # the configuration block is optional
end
This handles validations, etc. It is also "smart" in the sense that it if a login field is present it will use that to authenticate, if not it will look for an email field, etc. This is all configurable, but for 99% of cases that above is all you will need to do.
Also, sessions are automatically maintained. You can switch this on and off with configuration, but the following will automatically log a user in after a successful registration:
User.create(params[:user])
This also updates the session when the user changes his/her password.
Authlogic is very flexible, it has a strong public API and a plethora of hooks to allow you to modify behavior and extend it. Check out the helpful links below to dig deeper.
== Helpful links
* <b>Documentation:</b> http://rdoc.info/projects/binarylogic/authlogic
* <b>Repository:</b> http://github.com/binarylogic/authlogic/tree/master
* <b>Railscasts Screencast:</b> http://railscasts.com/episodes/160-authlogic
* <b>Live example with OpenID "add on":</b> http://authlogicexample.binarylogic.com
* <b>Live example repository with tutorial in README:</b> http://github.com/binarylogic/authlogic_example/tree/master
* <b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
* <b>Issues:</b> http://github.com/binarylogic/authlogic/issues
* <b>Google group:</b> http://groups.google.com/group/authlogic
<b>Before contacting me directly, please read:</b>
If you find a bug or a problem please post it in the issues section. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.
== Authlogic "add ons"
* <b>Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
* <b>Authlogic LDAP addon:</b> http://github.com/binarylogic/authlogic_ldap
* <b>Authlogic Facebook Connect:</b> http://github.com/kalasjocke/authlogic_facebook_connect
* <b>Authlogic Facebook Connect (New JS API):</b> http://github.com/studybyte/authlogic_facebook_connect
* <b>Authlogic Facebook Shim</b> http://github.com/james2m/authlogic_facebook_shim
* <b>Authlogic OAuth (Twitter):</b> http://github.com/jrallison/authlogic_oauth
* <b>Authlogic Oauth and OpenID:</b> http://github.com/viatropos/authlogic-connect
* <b>Authlogic PAM:</b> http://github.com/nbudin/authlogic_pam
* <b>Authlogic x509:</b> http://github.com/auth-scc/authlogic_x509
If you create one of your own, please let me know about it so I can add it to this list. Or just fork the project, add your link, and send me a pull request.
== Session bugs (please read if you are having issues with logging in / out)
Apparently there is a bug with apache / passenger for v2.1.X with sessions not working properly. This is most likely your problem if you are having trouble logging in / out. This is *not* an Authlogic issue. This can be solved by updating passener or using an alternative session store solution, such as active record store.
== Documentation explanation
You can find anything you want about Authlogic in the {documentation}[http://rdoc.info/projects/binarylogic/authlogic], all that you need to do is understand the basic design behind it.
That being said, there are 2 models involved during authentication. Your Authlogic model and your ActiveRecord model:
1. <b>Authlogic::Session</b>, your session models that extend Authlogic::Session::Base.
2. <b>Authlogic::ActsAsAuthentic</b>, which adds in functionality to your ActiveRecord model when you call acts_as_authentic.
Each of the above has its various sub modules that contain common logic. The sub modules are responsible for including *everything* related to it: configuration, class methods, instance methods, etc.
For example, if you want to timeout users after a certain period of inactivity, you would look in <b>Authlogic::Session::Timeout</b>. To help you out, I listed the following publicly relevant modules with short descriptions. For the sake of brevity, there are more modules than listed here, the ones not listed are more for internal use, but you can easily read up on them in the {documentation}[http://rdoc.info/projects/binarylogic/authlogic].
=== Authlogic::ActsAsAuthentic sub modules
These modules are for the ActiveRecord side of things, the models that call acts_as_authentic.
* <b>Authlogic::ActsAsAuthentic::Base</b> - Provides the acts_as_authentic class method and includes all of the submodules.
* <b>Authlogic::ActsAsAuthentic::Email</b> - Handles everything related to the email field.
* <b>Authlogic::ActsAsAuthentic::LoggedInStatus</b> - Provides handy named scopes and methods for determining if the user is logged in or out.
* <b>Authlogic::ActsAsAuthentic::Login</b> - Handles everything related to the login field.
* <b>Authlogic::ActsAsAuthentic::MagicColumns</b> - Handles everything related to the "magic" fields: login_count, failed_login_count, last_request_at, etc.
* <b>Authlogic::ActsAsAuthentic::Password</b> - This one is important. It handles encrypting your password, salting it, etc. It also has support for transitioning password algorithms.
* <b>Authlogic::ActsAsAuthentic::PerishableToken</b> - Handles maintaining the perishable token field, also provides a class level method for finding record using the token.
* <b>Authlogic::ActsAsAuthentic::PersistenceToken</b> - Handles maintaining the persistence token. This is the token stored in cookies and sessions to persist the users session.
* <b>Authlogic::ActsAsAuthentic::RestfulAuthentication</b> - Provides configuration options to easily migrate from the restful_authentication plugin.
* <b>Authlogic::ActsAsAuthentic::SessionMaintenance</b> - Handles automatic session maintenance. EX: a new user registers, automatically log them in. Or a user changes their password, update their session.
* <b>Authlogic::ActsAsAuthentic::SingleAccessToken</b> - Handles maintaining the single access token.
* <b>Authlogic::ActsAsAuthentic::ValidationsScope</b> - Allows you to scope all validations, etc. Just like the :scope option for validates_uniqueness_of
=== Authlogic::Session sub modules
These modules are for the models that extend Authlogic::Session::Base.
* <b>Authlogic::Session::BruteForceProtection</b> - Disables accounts after a certain number of consecutive failed logins attempted.
* <b>Authlogic::Session::Callbacks</b> - Your tools to extend, change, or add onto Authlogic. Lets you hook in and do just about anything you want. Start here if you want to write a plugin or add-on for Authlogic
* <b>Authlogic::Session::Cookies</b> - Authentication via cookies.
* <b>Authlogic::Session::Existence</b> - Creating, saving, and destroying objects.
* <b>Authlogic::Session::HttpAuth</b> - Authentication via basic HTTP authentication.
* <b>Authlogic::Session::Id</b> - Allows sessions to be separated by an id, letting you have multiple sessions for a single user.
* <b>Authlogic::Session::MagicColumns</b> - Maintains "magic" database columns, similar to created_at and updated_at for ActiveRecord.
* <b>Authlogic::Session::MagicStates</b> - Automatically validates based on the records states: active?, approved?, and confirmed?. If those methods exist for the record.
* <b>Authlogic::Session::Params</b> - Authentication via params, aka single access token.
* <b>Authlogic::Session::Password</b> - Authentication via a traditional username and password.
* <b>Authlogic::Session::Persistence</b> - Persisting sessions / finding sessions.
* <b>Authlogic::Session::Session</b> - Authentication via the session, the controller session that is.
* <b>Authlogic::Session::Timeout</b> - Automatically logging out after a certain period of inactivity.
* <b>Authlogic::Session::UnauthorizedRecord</b> - Handles authentication by passing an ActiveRecord object directly.
* <b>Authlogic::Session::Validation</b> - Validation / errors.
=== Miscellaneous modules
Miscellaneous modules that shared across the authentication process and are more "utility" modules and classes.
* <b>Authlogic::AuthenticatesMany</b> - Responsible for allowing you to scope sessions to a parent record. Similar to a has_many and belongs_to relationship. This lets you do the same thing with sessions.
* <b>Authlogic::CryptoProviders</b> - Contains various encryption algorithms that Authlogic uses, allowing you to choose your encryption method.
* <b>Authlogic::I18n</b> - Acts JUST LIKE the rails I18n library, and provides internationalization to Authlogic.
* <b>Authlogic::Random</b> - A simple class to generate random tokens.
* <b>Authlogic::Regex</b> - Contains regular expressions used in Authlogic. Such as those to validate the format of the log or email.
* <b>Authlogic::TestCase</b> - Various helper methods for testing frameworks to help you test your code.
* <b>Authlogic::Version</b> - A handy class for determine the version of Authlogic in a number of ways.
== Quick Rails example
What if creating sessions worked like an ORM library on the surface...
UserSession.create(params[:user_session])
What if your user sessions controller could look just like your other controllers...
class UserSessionsController < ApplicationController
def new
@user_session = UserSession.new
end
def create
@user_session = UserSession.new(params[:user_session])
if @user_session.save
redirect_to account_url
else
render :action => :new
end
end
def destroy
current_user_session.destroy
redirect_to new_user_session_url
end
end
As you can see, this fits nicely into the RESTful development pattern. What about the view...
<% form_for @user_session do |f| %>
<%= f.error_messages %>
<%= f.label :login %><br />
<%= f.text_field :login %><br />
<br />
<%= f.label :password %><br />
<%= f.password_field :password %><br />
<br />
<%= f.submit "Login" %>
<% end %>
Or how about persisting the session...
class ApplicationController
helper_method :current_user_session, :current_user
private
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.user
end
end
== Install & Use
Install the gem / plugin (recommended)
Rails 3:
$ sudo gem install authlogic
Rails 2:
$ sudo gem install authlogic --version=2.1.6
Or install as a plugin:
script/plugin install git://github.com/binarylogic/authlogic.git
== Detailed Setup Tutorial
See the {authlogic example}[http://github.com/binarylogic/authlogic_example/tree/master] for a detailed setup tutorial. I did this because not only do you have a tutorial to go by, but you have an example app that uses the same tutorial, so you can play around with with the code. If you have problems you can compare the code to see what you are doing differently.
== Testing
I think one of the best aspects of Authlogic is testing. For one, it cuts out <b>a lot</b> of redundant tests in your applications because Authlogic is already thoroughly tested for you. It doesn't include a bunch of tests into your application, because it comes tested, just like any other library.
For example, think about ActiveRecord. You don't test the internals of ActiveRecord, because the creators of ActiveRecord have already tested the internals for you. It wouldn't make sense for ActiveRecord to copy it's hundreds of tests into your applications. The same concept applies to Authlogic. You only need to test code you write that is specific to your application, just like everything else in your application.
That being said, testing your code that uses Authlogic is easy. Since everyone uses different testing suites, I created a helpful module called Authlogic::TestCase, which is basically a set of tools for testing code using Authlogic. I explain testing Authlogic thoroughly in the {Authlogic::TestCase section of the documentation}[http://rdoc.info/rdoc/binarylogic/authlogic/blob/f2f6988d3b97e11770b00b72a7a9733df69ffa5b/Authlogic/TestCase.html]. It should answer any questions you have in regards to testing Authlogic.
== Tell me quickly how Authlogic works
Interested in how all of this all works? Think about an ActiveRecord model. A database connection must be established before you can use it. In the case of Authlogic, a controller connection must be established before you can use it. It uses that controller connection to modify cookies, the current session, login with HTTP basic, etc. It connects to the controller through a before filter that is automatically set in your controller which lets Authlogic know about the current controller object. Then Authlogic leverages that to do everything, it's a pretty simple design. Nothing crazy going on, Authlogic is just leveraging the tools your framework provides in the controller object.
== What sets Authlogic apart and why I created it
What inspired me to create Authlogic was the messiness of the current authentication solutions. Put simply, they just didn't feel right, because the logic was not organized properly. As you may know, a common misconception with the MVC design pattern is that the model "M" is only for data access logic, which is wrong. A model is a place for domain logic. This is why the RESTful design pattern and the current authentication solutions don't play nice. Authlogic solves this by placing the session maintenance logic into its own domain (aka "model"). Moving session maintenance into its own domain has its benefits:
1. <b>It's cleaner.</b> There are no generators in Authlogic. Authlogic provides a class that you can use, it's plain and simple ruby. More importantly, the code in your app is code you write, written the way you want, nice and clean. It's code that should be in your app and is specific to your app, not a redundant authentication pattern.
2. <b>Easier to stay up-to-date.</b> To make my point, take a look at the commits to any other authentication solution, then look at the {commits for authlogic}[http://github.com/binarylogic/authlogic/commits/master]. How many commits could you easily start using if you already had an app using that solution? With an alternate solution, very few, if any. All of those cool new features and bug fixes are going to have be manually added or wait for your next application. Which is the main reason a generator is not suitable as an authentication solution. With Authlogic you can start using the latest code with a simple update of a gem. No generators, no mess.
3. <b>It ties everything together on the domain level.</b> Take a new user registration for example, no reason to manually log the user in, authlogic handles this for you via callbacks. The same applies to a user changing their password. Authlogic handles maintaining the session for you.
4. <b>No redundant tests.</b> Because Authlogic doesn't use generators, #1 also applies to tests. Authlogic is *thoroughly* tested for you. You don't go and test the internals of ActiveRecord in each of your apps do you? So why do the same for Authlogic? Your application tests should be for application specific code. Get rid of the noise and make your tests focused and concise, no reason to copy tests from app to app.
5. <b>Framework agnostic</b>. Authlogic can be used in *any* ruby framework you want: Rails, Merb, Sinatra, Mack, your own framework, whatever. It's not tied down to Rails. It does this by abstracting itself from these framework's controllers by using a controller adapter. Thanks to {Rack}[http://rack.rubyforge.org/], there is a defined standard for controller structure, and that's what Authlogic's abstract adapter follows. So if your controller follows the rack standards, you don't need to do anything. Any place it deviates from this is solved by a simple adapter for your framework that closes these gaps. For an example, checkout the Authlogic::ControllerAdapters::MerbAdapter.
5. <b>You are not restricted to a single session.</b> Think about Apple's me.com, where they need you to authenticate a second time before changing your billing information. Why not just create a second session for this? It works just like your initial session. Then your billing controller can require an "ultra secure" session.
6. <b>Easily extendable.</b> One of the distinct advantages of using a library is the ability to use its API, assuming it has one. Authlogic has an *excellent* public API, meaning it can easily be extended and grow beyond the core library. Checkout the "add ons" list above to see what I mean.
Copyright (c) 2009 {Ben Johnson of Binary Logic}[http://www.binarylogic.com], released under the MIT license