Rails - Dec 2009 - AuthLogic Question - one time password (persistence_token) - what config is required to use this???

Hi,

I''m stuck trying to work this one out - have been reviewing the
AuthLogic code base but having a hard time making sense of it (
http://github.com/binarylogic/authlogic ).

Question 1 - Can anyone confirm what config exactly is required to
make the one time password (persistence_token) work in AuthLogic?  See
below for the bulk...

Question 2 - If not the full answer to the above, then just: In the
AuthLogic code base where is URL parameter key string of
"user_credentials" actually set?  I can''t see to find it. 
Refer to
line 28 of the params.rb file.  There is an assumption the one time
URL key to use is this, but can''t find where it is set.



DETAILS FOR FULL QUESTION (Q1)
==============================
From what I can work out so far it is the following, however this
isn''t working for me so I must be wrong:
* pass an additional URL parameter of
"user_credentials=xxxxpersistence_tokenxxxx"
* are there any other URL parameters required beyond this?  any user
id or username?
* have the persistence_token field in my database table (which it is
and I can see it populated)
* have "acts_as_authentic " in my user model per normal
* question: is "acts_as_authentic " required in each of my own models?

When I enter a URL in the browser directly to one of my own model
resources following the above I see in the logs:

(a) initial request - Redirected to http://localhost:3000/user_session/new

(b) and then for this redirect:
Processing UserSessionsController#new (for 127.0.0.1 at 2009-12-03
06:14:24) [GET]
  Parameters: {"action"=>"new",
"controller"=>"user_sessions"}
  User Columns (3.4ms)   SHOW FIELDS FROM `users`
  User Indexes (0.9ms)   SHOW KEYS FROM `users`
Rendering template within layouts/application
Rendering user_sessions/new
  SQL (0.6ms)   SELECT count(*) AS count_all FROM `users` WHERE
(last_request_at > ''2009-12-02 20:04:24'')
Completed in 182ms (View: 151, DB: 5) | 200 OK [http://localhost/
user_session/new]

(c) But then the web-page ends up on the login page, and not
automatically on the page I was after - i.e. I was expecting that the
one-time password would allow AuthLogic to automatically do the
session and then authentication???


Thanks

PS. Wonder if it related to this authlogic code I found in params.rb

     def single_access_allowed_request_types(value = nil)
          rw_config(:single_access_allowed_request_types, value,
["application/rss+xml", "application/atom+xml"])
    end

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

The persistence token is stored in the session. It is what authlogic
uses to keep track of whether you are logged in. If you have authlogic
working, log your session data and you should see a "user_credentials"
entry there.

I think what you are looking for is the perishable_token. Here is a
good place to look:
http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/.
I ended up adapting the one from spree (spreecommerce.com) - look for
the password_reset_controller when I switched to authlogic from
acts_as_authenticated.

DF

On Dec 2, 8:14 pm, Greg Hauptmann
<greg.hauptmann.r...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hi,
>
> I''m stuck trying to work this one out - have been reviewing the
> AuthLogic code base but having a hard time making sense of it
(http://github.com/binarylogic/authlogic).
>
> Question 1 - Can anyone confirm what config exactly is required to
> make the one time password (persistence_token) work in AuthLogic?  See
> below for the bulk...
>
> Question 2 - If not the full answer to the above, then just: In the
> AuthLogic code base where is URL parameter key string of
> "user_credentials" actually set?  I can''t see to find
it.  Refer to
> line 28 of the params.rb file.  There is an assumption the one time
> URL key to use is this, but can''t find where it is set.
>
> DETAILS FOR FULL QUESTION (Q1)
> ==============================>
> From what I can work out so far it is the following, however this
> isn''t working for me so I must be wrong:
> * pass an additional URL parameter of
> "user_credentials=xxxxpersistence_tokenxxxx"
> * are there any other URL parameters required beyond this?  any user
> id or username?
> * have the persistence_token field in my database table (which it is
> and I can see it populated)
> * have "acts_as_authentic " in my user model per normal
> * question: is "acts_as_authentic " required in each of my own
models?
>
> When I enter a URL in the browser directly to one of my own model
> resources following the above I see in the logs:
>
> (a) initial request - Redirected tohttp://localhost:3000/user_session/new
>
> (b) and then for this redirect:
> Processing UserSessionsController#new (for 127.0.0.1 at 2009-12-03
> 06:14:24) [GET]
>   Parameters: {"action"=>"new",
"controller"=>"user_sessions"}
>   User Columns (3.4ms)   SHOW FIELDS FROM `users`
>   User Indexes (0.9ms)   SHOW KEYS FROM `users`
> Rendering template within layouts/application
> Rendering user_sessions/new
>   SQL (0.6ms)   SELECT count(*) AS count_all FROM `users` WHERE
> (last_request_at > ''2009-12-02 20:04:24'')
> Completed in 182ms (View: 151, DB: 5) | 200 OK [http://localhost/
> user_session/new]
>
> (c) But then the web-page ends up on the login page, and not
> automatically on the page I was after - i.e. I was expecting that the
> one-time password would allow AuthLogic to automatically do the
> session and then authentication???
>
> Thanks
>
> PS. Wonder if it related to this authlogic code I found in params.rb
>
>      def single_access_allowed_request_types(value = nil)
>           rw_config(:single_access_allowed_request_types, value,
> ["application/rss+xml", "application/atom+xml"])
>     end
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Actually I meant to say one-time password (not persistence) token.
I''ll have a look at the links.

Can I ask something basic for authlogic...what is actually required in
ones''s normal controllers and model to ensure auhentication/login has
taken place?  Is "acts_as_authentic" just for the User model? 
I''ve
noted that based on the example app if I have my other controllers
they are still not protected. I''m guessing you need to add one of the
application_controller helper lines at the beginning of each
controller (ie that says this controller requires q logged on user)?

Thanks

On Thursday, December 3, 2009, David
<furberd-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> The persistence token is stored in the session. It is what authlogic
> uses to keep track of whether you are logged in. If you have authlogic
> working, log your session data and you should see a
"user_credentials"
> entry there.
>
> I think what you are looking for is the perishable_token. Here is a
> good place to look:
http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/.
> I ended up adapting the one from spree (spreecommerce.com) - look for
> the password_reset_controller when I switched to authlogic from
> acts_as_authenticated.
>
> DF
>
> On Dec 2, 8:14 pm, Greg Hauptmann
<greg.hauptmann.r...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
>> Hi,
>>
>> I''m stuck trying to work this one out - have been reviewing
the
>> AuthLogic code base but having a hard time making sense of it
(http://github.com/binarylogic/authlogic).
>>
>> Question 1 - Can anyone confirm what config exactly is required to
>> make the one time password (persistence_token) work in AuthLogic?  See
>> below for the bulk...
>>
>> Question 2 - If not the full answer to the above, then just: In the
>> AuthLogic code base where is URL parameter key string of
>> "user_credentials" actually set?  I can''t see to
find it.  Refer to
>> line 28 of the params.rb file.  There is an assumption the one time
>> URL key to use is this, but can''t find where it is set.
>>
>> DETAILS FOR FULL QUESTION (Q1)
>> ==============================>>
>> From what I can work out so far it is the following, however this
>> isn''t working for me so I must be wrong:
>> * pass an additional URL parameter of
>> "user_credentials=xxxxpersistence_tokenxxxx"
>> * are there any other URL parameters required beyond this?  any user
>> id or username?
>> * have the persistence_token field in my database table (which it is
>> and I can see it populated)
>> * have "acts_as_authentic " in my user model per normal
>> * question: is "acts_as_authentic " required in each of my
own models?
>>
>> When I enter a URL in the browser directly to one of my own model
>> resources following the above I see in the logs:
>>
>> (a) initial request - Redirected
tohttp://localhost:3000/user_session/new
>>
>> (b) and then for this redirect:
>> Processing UserSessionsController#new (for 127.0.0.1 at 2009-12-03
>> 06:14:24) [GET]
>>   Parameters: {"action"=>"new",
"controller"=>"user_sessions"}
>>   User Columns (3.4ms)   SHOW FIELDS FROM `users`
>>   User Indexes (0.9ms)   SHOW KEYS FROM `users`
>> Rendering template within layouts/application
>> Rendering user_sessions/new
>>   SQL (0.6ms)   SELECT count(*) AS count_all FROM `users` WHERE
>> (last_request_at > ''2009-12-02 20:04:24'')
>> Completed in 182ms (View: 151, DB: 5) | 200 OK [http://localhost/
>> user_session/new]
>>
>> (c) But then the web-page ends up on the login page, and not
>> automatically on the page I was after - i.e. I was expecting that the
>> one-time password would allow AuthLogic to automatically do the
>> session and then authentication???
>>
>> Thanks
>>
>> PS. Wonder if it related to this authlogic code I found in params.rb
>>
>>      def single_access_allowed_request_types(value = nil)
>>           rw_config(:single_access_allowed_request_types, value,
>> ["application/rss+xml", "application/atom+xml"])
>>     end
>
> --
>
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>
-- 
Greg
http://blog.gregnet.org/

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.