Restful authentication with Rails 2: Usage

Posted on January 18, 2009 by ekeretex

This blog has been inactive for ages and one of my 2009 resolutions is to show the poor thing some love! I will try to keep it even if it’s the only resolution I don’t give up on. Things have become a bit less hectic at work (or maybe I’ve just gotten used to the system) and the spirit is willing so hopefully …

In my post detailing the installation of the Restful authentication plugin, it was pointed out to me in the comments that I didn’t show the actual usage of the plugin. My bad! This post will amend that oversight.

As an aside, while my tutorial post is still very relevant, I don’t do the installation from scratch anymore. In one of my earlier posts, I mentioned Bort and I still recommend it as a way of speeding up the initial setup of your rails project. However, the usage is the same whether you do the installation manually or use Bort.
Another Rails starter app I have used is leethal’s blank-rails-app. This is as light as they come and I use this when I do smaller sites in Rails rather than full fledged apps.

One of the advantages of installing manually is that Bort defaults to using RSpec as the test framework (at least on my system).
A manual installation checks for the presence of the spec folder and if it doesn’t exist, it creates the default Test::Unit tests.
However, Rails creates both a spec and test folder when i create a new Rails project (presumably because I’ve got the rspec gem installed ) and so to use Test::Unit I have to delete the spec folder before running the plugin’s generator.

To use the Restful Authentication plugin in your Rails app:

  • Include AuthenticatedSystem
    The generated controllers include the AuthenticatedSystem module but we need this available to all controllers.
    Delete the ‘include AuthenticatedSystem’ line from the Sessions and Users controllers and move the line to the application controller.
    The AuthenticatedSystem module (located in lib/authenticated_system.rb) contains the core methods used in our application code for authentication.
  • Add a before filter in the controllers you want to protect
    For any controller with actions that need protecting, add a before filter to the controller.

    class PageController < ApplicationController
# protect all actions in this controller
before_filter :login_required
...

    class PageController < ApplicationController
# protect all actions in this controller except the index action
before_filter :login_required, :except => :index
...

    class PageController < ApplicationController
# protect all actions in this controller except the index and contact actions
before_filter :login_required, :except => [:index, :contact]
...

    class PageController < ApplicationController
# protect only the support action
before_filter :login_required, :o nly => :support
...

    For the protected actions, the user is redirected to the new session url. We’ve already added a named route called ‘login’ to the routes.rb file pointing to this same action and I’d rather have my urls end with ‘/login’ than ‘/sessions/new’.
    To do that I override the access_denied method in the application_controller.rb.

    class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time

include AuthenticatedSystem

def access_denied
alias new_session_path login_path
super
end
...
  • Use the plugin methods in your controller 
    def index
if logged_in?
@profile = current_user.profile
# or
# @profile = Profile.find(current_user)
end
end
  • Use the plugin methods in your view 
    
<% if logged_in? %>
Welcome <%= current_user.login %>
Your Profile: <%= @profile.description %>
<% end %>

And that’s all there is to it. Now get building!

Related posts:

  1. Restful Authentication with rails 2
  2. Jump start your next Rails 2 application
This entry was posted in Rails. Bookmark the permalink.

4 Responses to Restful authentication with Rails 2: Usage

  1. Jeff says:
    April 23, 2009 at 1:18 pm

    First off, I’d like to say thank you for an excellent walkthrough of setting up this restful authentication plugin. I’m very, very new to Rails and this has really helped me to get a running start.

    After I had walked through the installation process I was wondering – now how do I plug this into my soon-to-be running app? Glad to find this second part!

    Question – in your ‘use the plugin methods in your controller’ section above, where is the app supposed to find the ‘profile’ method of current user or the ‘Profile’ object? I’m getting errors trying both methods.

    Using @profile = Profile.find(current_user)
    “uninitialized constant MPatController::Profile”

    Using @profile = current_user.profile
    “undefined method `profile’ for #”

    I see no ‘profile’ method in any of the plugin code.

    Please help…thanks!
    ~

    Reply
  2. Ekerete says:
    April 23, 2009 at 4:38 pm

    I’m afraid that section wasn’t explicit enough. All it’s trying to show is the usage of the logged_in method in a controller action.

    The assumption is that a profile model which belongs to a user already exists.
    For instance, you would do something like this to get a username:
    if logged_in?
    @username = current_user.login
    end

    Reply
  3. Tim says:
    June 3, 2009 at 6:00 pm

    where is logged_in supposed to be defined? is that a part of the plugin or is that something you’re supposed to define?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>