There is space in link to
"067_resful_authentication.mov", and some
browser have problem with download.
Use wget is solution.
so good.这个正是我现在项目需要的东西啊。及时!!!
Yes, k is right. For example my iTunes can't download this episode!
Could you fix the download error please?
The url that actually works is http://media.railscasts.com/videos/067_restful_authentication.mov
Fixed, sorry about that guys.
Thanks, this is the one I've been looking for. I'm looking forward the next episode on OpenID's.
I'm downloading the video as i write this so i'm not sure if its covered within or not. The tests generated by the plugin use assert_difference and assert_no_difference methods not yet available on stable Rails (i've heard they are available only on edge rails).
Hi, I'll work out where to send this (I guess to RO) but I thought I'd note here that the before filter method in lib/authenticated system wants to call login in the session controller, but the default routing and setup use new. So if I just bolt in the default before filter it blows up... changing it to call new makes it all go.
Anyway, thanks for another awesome screencast. It really helped me.
Ryan, thank you for making every Monday special.
Ryan, was wondering if you could describe how to differentiate the flash.now[:error] to tell the difference between an incorrect password and a user who may not have yet activated their account?
I use RESTful Auth a lot and recently ran into a problem with redirects I cant seem to solve. I dont want to clutter up your comments so:
http://railsforum.com/viewtopic.php?id=8794
i love you!
excellent work, was gonna tackle this alone this week...
now i have a podcast, ho ho ho!
;-)
good work
John.
A fantastic screencast as always - RESTful authentication is a excellent start to an authentication system, and nice to build upon. I recently worked in role based authentication (as seen in the Rails Recipes book) into this setup with surprising ease. Which offers a great RESTful way to control access to controller/action pairs through rights and roles.
For those that want to keep the URL of "/login" when you submit, you can do the following in your routes.rb:
map.login '/login', :controller => 'session', :action => 'new', :conditions => { :method => :get }
just add the :conditions part to the current named route map.login
map.connect '/login', :controller => 'sessions', :action => 'create', :conditions => { :method => :post }
and in your form, put login_path. Now when you submit your form it will stay on '/login' instead of '/session'
if you run rake routes, you can see it.
@viniosity, I haven't checked how restful_authentication handles the account activation, so I'm not sure on the details. You would likely have an "if" condition in the controller checking whether or not the account is activated and display the appropriate error message.
Rick handled the activation part really well, you'll just have to tweak the files a bit. I did a quick post to show the ideas on how to extend it with activation: http://rubyurl.com/gFX
Can you post a link for your code to review please
I am getting an error
"NameError in SessionController#new "
when I go to
http://localhost:3000/login or
http://localhost:3000/logout
can anyone help me?
I recommend posting this problem on railsforum.com so you can post the details on what you've done and the full stack trace.
nice screencast!, ey ryan, maybe a railscast of a simple rbac?, it will be nice ;).
anyway great railscasts ryan!
c'ya
Ryan, I think it would be great if you made a quick little episode demonstrating how to add a forgot password function to the restful_authentication system. This would not only demonstrate the function itself, but demonstrate adding custom actions to a restful application. Just a thought!
@bug
I believe the restful_auth plugin has been updated since this railscast.
As such, the users controller no longer exists.
Routes that work for me, YMMV.
map.resources :users
map.resource :session
map.signup '/signup', :controller => 'session', :action => 'signup'
map.login '/login', :controller => 'session', :action => 'login'
map.logout '/logout', :controller => 'session', :action => 'logout'
Hope that helps others, threw me for a while as I've got a few projects using this plugin, all as per the railscast.
thanks, I've been waiting for a restful_auth screencast for a while
I just installed this and somehow didn't notice that there was an activation option. I wrote my own before figuring it out, and it ended up being the same thing anyway.
Just wanted to say that it is super easy to install with activation, and even without knowing that option was there, this screencast made my decision for me on how to authenticate.
Thanks Ryan!!!
Just thought I should add that if you want it to install with activation, just include :include_activation as an option when you install
Great Job Ryan,
One little recommendation; If you could show how to do tests with this plugin that could help some people out. I've been trying to do TDD but having a hard time learning everything at once.
(Mainly referring to before_filter :login_required and how to create a login during a test on a controller)
Keep up the great work!
Andrew
In my case (edge rails and latest plugin) I think it should be "sessions" controller not "session" as this matches the routing.
@KL, yeah, just noticed this myself recently. If you are using the singular name then you will need to specify it in the routes (in edge rails).
map.resource :session, :controller => 'session'
Or alternatively (in Rails > 1.2.3), simply go with Rails' flow and use "sessions" as the controller name:
script/generate authenticated user sessions
:-)
I wonder if they'll change the singular resource name convention again next time?
Nice screencasts, helped a lot! BTW, what software have you made it with?
I wanted user records in my app to have various statuses. Here's how I modified restful_authentication with acts_as_state_machine to accomplish this. I'll call it stateful_authentication
I installed this plugin but encountered the following problems. Thanks in advance, to anyone who help enlighten me.
1. For my case, MVC for HOME (home/index) is not generated automatically. Do I have to create it myself? Anyway, I created Home controller and view.
2. When I entered the wrong password, I do see error message "Authentication failed".
But, when I entered the correct password, I was re-directed to "http://localhost:3000/", but it does not display the Welcome page (/home/index.rhtml). I did change routes.rb to enter the first line - "map.home '', :controller => 'home', :action => 'index'".
@Lucky, I believe I answered this on railsforum.com, but I'll answer it here for completeness. You need to remove the index.html file from the public directory so the home page will work.
If use 'sessions' as plural when i generate, i get this error when i try to start the login page: "uninitialized constant SessionController". I have "map.resource :session, :controller => 'session'" in my routes.rb.
Try this (pluralize sessions):
map.resource :session, :controller => 'sessions'
Do you know why one of the tests fails:
ruby test/unit/user_test.rb
1) Failure:test_should_require_password(UserTest) [test/unit/user_test.rb:23:in `test_should_require_password' /Users/ia00stai/railsdev/signmeup/trunk/signmeup/config/../lib/authenticated_test_helper.rb:16:in `assert_difference' /Users/ia00stai/railsdev/signmeup/trunk/signmeup/config/../lib/authenticated_test_helper.rb:24:in `assert_no_difference' test/unit/user_test.rb:21:in `test_should_require_password']:<nil> is not true.
i just switched from acts_as_authenticated to restful_authentication and am having a problem that i had with a_a_a but since it happened again, i thought i'd see what teh real problem is (dont know where's better - here or railsforum)
i think its simple to describe: when i try to access a page, it seems (via development log) to be caught in some sort of redirect loop and firefox give me a "the page isnt redirecting properly" message..
any ideas? last time i just said not to check for authentication for the login page (or else the loop) but the code doesnt seem to be doing that. plus you dont do that in the screencast.. where did i goof?
thanks... ~a
@ari, I recommend posting this on railsforum.com as I need to see the code and more details before knowing what's wrong.
@ryan, thanks for tip. think i figured it out but i posted to railsforum for others..
Ryan,
Great screencasts, these are incredibly useful. How about a screencast that looks at adding roles/authorization, so admin can edit anything but users can only edit there stuff?
David
@David, I talk a little bit about this in episodes 20 and 21, but I haven't gone into details on role based authorization. Thanks for the suggestion.
http://railscasts.com/tags/9
Thank you for the excellent casts. Executing script/generate authenticated user session as shown in the cast doesn't create the users_controller.
Env:
Windows xp
Ruby 1.8.6
Rails 1.2.3
I got to generate the users_controller by executing "script/generate authenticated user" first, then "script/generate authenticated user session" to generate the session files.
Ryan, in episode #13, "Dangers of Model in Session" you mention that it is a good practice to avoid storing model data within a session, or at least minimizing the amount of model data you store in a session.
In looking through the source code for the restful_authentication plugin, it appears as though that plugin is storing information in a @current_user variable and in a session variable (assuming your model is called user).
Is the approach being used in that plugin to store the user model in the session, I was just a little confused and thought you might be able to chime in on the topic.
hi,
if i override the to_param in user model, I will get more meaningful urls in
localhots:3000/users/peter_permalink/tests
instead of
localhots:3000/users/2/tests
however, that makes my restful_authentication plugin not work so well.
is there a way out?
thanks
going to try this in rails 2.0 right now, i will let you know how it goes. great screencasts ryan they have been helping me out alot!
Best,
Good vid but don't follow the advice about not pluralising your sessionscontroller - rails is notorious for throwing up bugs when it comes to this kind of thing, and it took me several hours to work out why there were weird 'uninitialized constant SessionsController' errors. Totally bad advice.
I followed this using Rails 2.0.2 and found I had to alter line 67 of authenticated_system.rb from:
redirect_to new_session
to
redirect_to :controller => 'session', :action => 'new'
... in order to avoid the "undefined local variable or method `new_session'" error.
Hi,
I followed this using Rails 2.0.2 and Ruby 1.8.6. I had to use:
"generate authenticated user sessions" to get the SessionsController.
Then it works fine and no changes of authenticated_system.rb needed. With
"generate authenticated user session" I got stuck with a Name Error:
uninitialized constant SessionsController
Thanks for the great screencast! One (possibly stupid) question though: Where in the rails app does the third quoted file (index.rhtml) go to make it work?
Okay, sorry, I just answered the question myself. I had to generate the "home" controller and put the index.rhtml in the corresponding views directory.
Is you get sessioncontroller uninitialized controller. then
put those lines to your routes.rb
#-------------------
map.resources :users
map.resource :session#, :controller => 'sessions'
map.signup '/signup', :controller => 'users', :action => 'new'
map.login '/login', :controller => 'sessions', :action => 'new'
map.logout '/logout', :controller => 'sessions', :action => 'destroy'
#----------------------
@ Premek
See http://beast.caboo.se/forums/2/topics/1077
So instead of
map.resource :session
use rather
map.resource :session, :controller => 'session'
Excelente, gracias :)
Hey Ryan,
First of all thanks for casts.
All of them really helpful.
Maybe you can answer my question.
Made several projects with restful_authentication but still didn't figure out bonuses of salt in model. I though salt is required for for decrypting but using sha we don't have such option.
Thanks,
Vince
@vince, from my understanding the salt doesn't have anything to do with decrypting. A salt is just a random string of characters appended to the password before hashing. This helps prevent dictionary attacks if someone is trying to break the hash. I'm no expert on ecryption, so take this with a grain of salt (pun intended).
Ryan,
Thanks for the railscasts! They're great.
I just tested out the restful authentication and noticed the Rails log had the password param unencrypted: "password"=>"abcd1234." I think I've seen documentation about hiding that param in the log file. But, is it also sent in clear text across the wire from browser to server?
Steve,
add something like this to your application.rb file:
filter_parameter_logging :password, :password_confirmation
gr8 stuff to have a such thing...keep the good work on ... 3pZkFrpjtf
question about plugins:
I spent alot of time trying to install the restful_authentication plugin, but when I'm at work behind to corporate firewall it doesn't find the install repository. But when I did it on my home DSL connection, it installed first time.
At work I can go to the techno-weenie site in my browser, so is the problem caused by script/plugin install using a protocol other than http?
gr8 stuff to have a such thing...keep the good work on ... 3pZkFrpjtf
Thanks for the great screencast!
I found it useful for me, so I've made a summary of your screencast and put it in my blog. The permalink is: http://xucros.com/2008/4/18/restful-authenticationin-rails-quickly
Please, let me know if I should remove or change it.
Thank you for the great webcasts, Ryan. FINALLY some tutorials that work!
If I wanted to break the login controls out onto the home page (say with as the home controller in your example, rather than having the use click on a login link), how would I tell the home controller to get the User controller to make a new session?
Right now if I put the controls on the home page, the submit of course gets me an "uninitialized constant SessionsController" stack trace...
Thanks a lot, Ryan!
This was short and to the point, exactly what I was looking for.
Keep up the great work!
The transcendental aesthetic (and what we have alone been able to show is that this is true) depends on our problematic judgements; as I have elsewhere shown, our concepts abstract from all content of knowledge.
I know I'm asking a question long after the cast was posted, but I'm been having trouble with this for a while.
When I include the AuthenticatedSystem module in the Application controller, the function "logged_in?" works correctly, but whenever I try any other methods such as "authorized?", Rails throws an error saying it's not defined?
Any ideas?
Nick
Very Nice!
