Everyone, I''ve released version 1.0.5 of the salted login generator. There are a lot of changes in this including: * Localization via a new gem (localization on RubyForge), which also supports localization of ActiveRecord::Errors and ActionMailer emails (requires iconv) * Inclusion of auth-by-token (currently used for signup and forgotten passwords) * Support for editable fields, and selection of which fields are editable via the YAML config file * Forgotten passwords done properly now (i.e., password not reset until URL sent in email followed) * More testing, including a couple of mocks to verify things such as token expiry for auth-by-token There are still some things to be improved, noticeably a few flash message problems and some redirects that are a little confusing. Hopefully I can get to that next week.. Again, thanks to Tobias Luetke and Andreas Schwarz. I used a lot of code and ideas from RForum and the LoginGenerator to implement this, and I hope people find this as useful as both of those were to me. Joe
I should mention that the new generator includes a dependency on the localization generator, so you can generate a login system as follows: ruby script/generate salted_login User Localization The README files should have thorough information on how to setup up other configuration information. On Apr 29, 2005, at 1:53 PM, Joseph Hosteny wrote:> Everyone, > > I''ve released version 1.0.5 of the salted login generator. There are a > lot of changes in this including: > > * Localization via a new gem (localization on RubyForge), which also > supports localization of ActiveRecord::Errors and ActionMailer emails > (requires iconv) > * Inclusion of auth-by-token (currently used for signup and forgotten > passwords) > * Support for editable fields, and selection of which fields are > editable via the YAML config file > * Forgotten passwords done properly now (i.e., password not reset > until URL sent in email followed) > * More testing, including a couple of mocks to verify things such as > token expiry for auth-by-token > > There are still some things to be improved, noticeably a few flash > message problems and some redirects that are a little confusing. > Hopefully I can get to that next week.. > > Again, thanks to Tobias Luetke and Andreas Schwarz. I used a lot of > code and ideas from RForum and the LoginGenerator to implement this, > and I hope people find this as useful as both of those were to me. > > Joe > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Nice! you the man. =] On 4/29/05, Joseph Hosteny <jhosteny-ee4meeAH724@public.gmane.org> wrote:> > I should mention that the new generator includes a dependency on the > localization generator, so you can generate a login system as follows: > > ruby script/generate salted_login User Localization > > The README files should have thorough information on how to setup up > other configuration information. > > On Apr 29, 2005, at 1:53 PM, Joseph Hosteny wrote: > > > Everyone, > > > > I''ve released version 1.0.5 of the salted login generator. There are a > > lot of changes in this including: > > > > * Localization via a new gem (localization on RubyForge), which also > > supports localization of ActiveRecord::Errors and ActionMailer emails > > (requires iconv) > > * Inclusion of auth-by-token (currently used for signup and forgotten > > passwords) > > * Support for editable fields, and selection of which fields are > > editable via the YAML config file > > * Forgotten passwords done properly now (i.e., password not reset > > until URL sent in email followed) > > * More testing, including a couple of mocks to verify things such as > > token expiry for auth-by-token > > > > There are still some things to be improved, noticeably a few flash > > message problems and some redirects that are a little confusing. > > Hopefully I can get to that next week.. > > > > Again, thanks to Tobias Luetke and Andreas Schwarz. I used a lot of > > code and ideas from RForum and the LoginGenerator to implement this, > > and I hope people find this as useful as both of those were to me. > > > > Joe > > > > _______________________________________________ > > Rails mailing list > > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- - Ramin http://www.getintothis.com/blog _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Hi, Having a problem when I''m trying to install the gem on a windows box C:\rails\cookbook>ruby script/generate salted_login User script/generate:27: undefined method `instance'' for Rails::Generator:Module (NoM ethodError) Also I have a couple questions... Is the change password functionality working in the 1.0.5 Version? Is there any type of User Level/Admin Access Control built in. In other words, can I restrict views based upon a certain privilege. I see role, security_token in the db, and I wonder if any of these relate to a poor mans ACL. What is the function of the salt db field? Or the password db field? I guess I''m confused from using the login_generator, where I store the sha1 password that has been created using a hardcoded salt field. If I wanted the email address to be the login, how would you recommend I implement this? Thanks, Joe -----Original Message----- From: rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org [mailto:rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On Behalf Of Joseph Hosteny Sent: Friday, April 29, 2005 10:54 AM To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org Subject: [Rails] Salted login generator 1.0.5 available Everyone, I''ve released version 1.0.5 of the salted login generator. There are a lot of changes in this including: * Localization via a new gem (localization on RubyForge), which also supports localization of ActiveRecord::Errors and ActionMailer emails (requires iconv) * Inclusion of auth-by-token (currently used for signup and forgotten passwords) * Support for editable fields, and selection of which fields are editable via the YAML config file * Forgotten passwords done properly now (i.e., password not reset until URL sent in email followed) * More testing, including a couple of mocks to verify things such as token expiry for auth-by-token There are still some things to be improved, noticeably a few flash message problems and some redirects that are a little confusing. Hopefully I can get to that next week.. Again, thanks to Tobias Luetke and Andreas Schwarz. I used a lot of code and ideas from RForum and the LoginGenerator to implement this, and I hope people find this as useful as both of those were to me. Joe _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Joe, The new version supports localization, and has a dependency on another generator. You need an extra argument in your generate command. Try: ruby script/generate salted_login User Localization In the next version, I will fix this so it defaults to that name for the localization module. Version 1.0.5 does support change_password functionality, from either the ''edit'' action or the ''change_password'' action. I made the database change with the role field since I intend on looking at some sort of ACL support in the near future, but as of now (1.0.5), there is nothing like that. The salt is generated from a string that includes the current time. It should probably be a little more random than that, but since it is hashed afterwards I think that is fine for now. The password is then prepended with this hashed salt, and the result is hashed. That result is stored in the DB as the ''salted_password'' field, while the hashed salt is stored as ''salt.'' The point of all of this is to make an attack more difficult where an individual guesses your password hashing function and runs guessed (e.g., dictionary words) passwords through it and compares that result against the stored hashed password to attempt a break in. As for using the email as the login, I don''t think this will be a problem. You''d have to remove the login field from the views, modify the authenticate function to check against the email instead of the login id, and modify some of the controller code to not expect the login parameter be passed. But that should be fairly straightforward. I''m on my way out of town shortly until Monday, but I will hopefully check my email periodically. If you have any more trouble, feel free to email me directly. I can help you with the email-as-login-id change if you''d like. Joe On Apr 30, 2005, at 12:01 PM, Joseph Lyons wrote:> Hi, > Having a problem when I''m trying to install the gem on a windows box > > > C:\rails\cookbook>ruby script/generate salted_login User > > script/generate:27: undefined method `instance'' for > Rails::Generator:Module > (NoM > ethodError) > > Also I have a couple questions... > Is the change password functionality working in the 1.0.5 Version? > > Is there any type of User Level/Admin Access Control built in. In > other > words, can I restrict views based upon a certain privilege. I see > role, > security_token in the db, and I wonder if any of these relate to a > poor mans > ACL. > > What is the function of the salt db field? Or the password db field? I > guess I''m confused from using the login_generator, where I store the > sha1 > password that has been created using a hardcoded salt field. > > If I wanted the email address to be the login, how would you recommend > I > implement this? > > Thanks, > > Joe > > > > > > -----Original Message----- > From: rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > [mailto:rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On Behalf Of Joseph > Hosteny > Sent: Friday, April 29, 2005 10:54 AM > To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > Subject: [Rails] Salted login generator 1.0.5 available > > Everyone, > > I''ve released version 1.0.5 of the salted login generator. There are a > lot of changes in this including: > > * Localization via a new gem (localization on RubyForge), which also > supports localization of ActiveRecord::Errors and ActionMailer emails > (requires iconv) > * Inclusion of auth-by-token (currently used for signup and forgotten > passwords) > * Support for editable fields, and selection of which fields are > editable via the YAML config file > * Forgotten passwords done properly now (i.e., password not reset until > URL sent in email followed) > * More testing, including a couple of mocks to verify things such as > token expiry for auth-by-token > > There are still some things to be improved, noticeably a few flash > message problems and some redirects that are a little confusing. > Hopefully I can get to that next week.. > > Again, thanks to Tobias Luetke and Andreas Schwarz. I used a lot of > code and ideas from RForum and the LoginGenerator to implement this, > and I hope people find this as useful as both of those were to me. > > Joe > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
I have tried installing the salted_login generator, it looks really cool. Unfortunately I cannot seem to get it to work. I keep seeing this error in my logs. #<ActionController::SessionRestoreError: Session contained objects where the class definition wasn''t available. Remember to require classes for all objects kept in the session. The session has been deleted. (Original exception: undefined class/module User [ArgumentError])> I did the install first like this: ruby script\generate salted_login User Localization then on a fresh rails app like this: ruby script\generate salted_login Account Localization Each time when I went to a URL like http://localhost:3000/account/login I would see the above error. I generated a User scaffold just to see if this would help but unfortunately it didn''t. Any idea what is going on? Thanks, Frank
Okay, my first problem seemed to be an environment issue. But now
that I am past that I am seeing this:
Showing /user/login.rhtml where line #2 raised:
undefined method `l'' for #<ActionView::Base:0x4286908>
Apparently it has a problem with the syntax in the first line of head_helper:
def head_helper(options = {})
label =
l(:"#{@controller.controller_name}_#{@controller.action_name}_head")
What is this ''l'' method?
-Frank
Frank, That method is the main method used in the localization module. It looks for the localized string for the indicated symbol. You need to include the module "Localization" in your ApplicationController module. I''ll double check to make sure that is in the documentation. If this doesn''t work, let me know. Joe On May 1, 2005, at 10:08 PM, Frank Kim wrote:> Okay, my first problem seemed to be an environment issue. But now > that I am past that I am seeing this: > > Showing /user/login.rhtml where line #2 raised: > > undefined method `l'' for #<ActionView::Base:0x4286908> > > Apparently it has a problem with the syntax in the first line of > head_helper: > > def head_helper(options = {}) > label = > l(:"#{@controller.controller_name}_#{@controller.action_name}_head") > > What is this ''l'' method? > > -Frank > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Thanks very much for this generator, Joe. I look forward to getting it going.
I''m having a similar installation problem. I get the following error
when I go to a login required page:
app/controllers/application.rb:7: syntax error
helper: User
The User Login readme file was a little confusing because the second
paragraph says "After you have done the modifications the the
ApplicationController and its helper.", yet it doesn''t reference
the
helper file previously. So I wasn''t exactly sure what changes to
include in application helper. I''ve tried this:
module ApplicationHelper
include UserSystem
include Localization
end
I''m sure I''m missing something somewhere.
Steve
On 5/1/05, Joseph Hosteny <jhosteny-ee4meeAH724@public.gmane.org>
wrote:> Frank,
>
> That method is the main method used in the localization module. It
> looks for the localized string for the indicated symbol. You need to
> include the module "Localization" in your ApplicationController
module.
> I''ll double check to make sure that is in the documentation. If
this
> doesn''t work, let me know.
>
> Joe
>
> On May 1, 2005, at 10:08 PM, Frank Kim wrote:
>
> > Okay, my first problem seemed to be an environment issue. But now
> > that I am past that I am seeing this:
> >
> > Showing /user/login.rhtml where line #2 raised:
> >
> > undefined method `l'' for
#<ActionView::Base:0x4286908>
> >
> > Apparently it has a problem with the syntax in the first line of
> > head_helper:
> >
> > def head_helper(options = {})
> > label > >
l(:"#{@controller.controller_name}_#{@controller.action_name}_head")
> >
> > What is this ''l'' method?
> >
> > -Frank
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
Steve, Here''s an excerpt from my ApplicationController. I''ll fix the README - you shouldn''t have to modify the helper at all. I think your problem there is that you should have the colon in front of ''User'' and it should be ''user,'' not ''User.'' Here''s mine verbatim: require ''user_system'' require ''localization'' # The filters added to this controller will be run for all controllers in the application. # Likewise will all the methods added be available for all controllers. class ApplicationController < ActionController::Base include UserSystem include Localization helper :user before_filter :login_required end Let me know if that doesn''twork. I''ll be checking email later this afternoon. Joe On May 2, 2005, at 8:03 AM, Steve Odom wrote:> Thanks very much for this generator, Joe. I look forward to getting it > going. > > I''m having a similar installation problem. I get the following error > when I go to a login required page: > > app/controllers/application.rb:7: syntax error > helper: User > > The User Login readme file was a little confusing because the second > paragraph says "After you have done the modifications the the > ApplicationController and its helper.", yet it doesn''t reference the > helper file previously. So I wasn''t exactly sure what changes to > include in application helper. I''ve tried this: > > module ApplicationHelper > include UserSystem > include Localization > end > > I''m sure I''m missing something somewhere. > > Steve > > On 5/1/05, Joseph Hosteny <jhosteny-ee4meeAH724@public.gmane.org> wrote: >> Frank, >> >> That method is the main method used in the localization >> module. It >> looks for the localized string for the indicated symbol. You need to >> include the module "Localization" in your ApplicationController >> module. >> I''ll double check to make sure that is in the documentation. If this >> doesn''t work, let me know. >> >> Joe >> >> On May 1, 2005, at 10:08 PM, Frank Kim wrote: >> >>> Okay, my first problem seemed to be an environment issue. But now >>> that I am past that I am seeing this: >>> >>> Showing /user/login.rhtml where line #2 raised: >>> >>> undefined method `l'' for #<ActionView::Base:0x4286908> >>> >>> Apparently it has a problem with the syntax in the first line of >>> head_helper: >>> >>> def head_helper(options = {}) >>> label >>> l(:"#{@controller.controller_name}_#{@controller.action_name}_head") >>> >>> What is this ''l'' method? >>> >>> -Frank >>> _______________________________________________ >>> Rails mailing list >>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >>> http://lists.rubyonrails.org/mailman/listinfo/rails >>> >> >> _______________________________________________ >> Rails mailing list >> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >> http://lists.rubyonrails.org/mailman/listinfo/rails >> > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Hi Joe,
I woke up this morning realizing I forgot to read README_LOCALIZATION
which helped solve my problems. Thanks for sending that email.
I have run into several other issues and am unfortunately considering
going back to the regular login generator.
1. uninitialized constant UserSystem::CONFIG
To solve this I changed:
if UserSystem::CONFIG[:two_column_input]
to:
if defined?(UserSystem::CONFIG) &&
UserSystem::CONFIG[:two_column_input]
2. I see the following warning repeatedly:
./script/../config/..//app/helpers/user_helper.rb:7: warning:
already initialized constant DEFAULT_HEAD_OPTIONS
3. the example users table does not work:
$ mysql < users.sql
ERROR 1064 at line 5: You have an error in your SQL syntax near
''DEFAULT CHARSET
I changed:
) TYPE=InnoDB DEFAULT CHARSET=utf8;
to:
) TYPE=InnoDB;
4. after getting past these problems I could not successfully sign up.
the signup page says this:
Error creating account: confirmation email not sent
yet there are no errors in the log and the account was actually
written to the DB.
5. unable to login, probably because sign up failed eventhough account
was created
I love the idea of the salted login generator, just wish I could get
it to work. :-)