AuthLogic Question - one time password (persistence_token) - what config is required to use this???
91 views
Skip to first unread message
Greg Hauptmann
Dec 2, 2009, 8:14:52 PM12/2/09
to rubyonrails-talk
Hi,
I'm stuck trying to work this one out - have been reviewing the
AuthLogic code base but having a hard time making sense of it (
http://github.com/binarylogic/authlogic ).
Question 1 - Can anyone confirm what config exactly is required to
make the one time password (persistence_token) work in AuthLogic? See
below for the bulk...
Question 2 - If not the full answer to the above, then just: In the
AuthLogic code base where is URL parameter key string of
"user_credentials" actually set? I can't see to find it. Refer to
line 28 of the params.rb file. There is an assumption the one time
URL key to use is this, but can't find where it is set.
DETAILS FOR FULL QUESTION (Q1)
===============================
From what I can work out so far it is the following, however this
isn't working for me so I must be wrong:
* pass an additional URL parameter of
"user_credentials=xxxxpersistence_tokenxxxx"
* are there any other URL parameters required beyond this? any user
id or username?
* have the persistence_token field in my database table (which it is
and I can see it populated)
* have "acts_as_authentic " in my user model per normal
* question: is "acts_as_authentic " required in each of my own models?
When I enter a URL in the browser directly to one of my own model
resources following the above I see in the logs:
(a) initial request - Redirected to http://localhost:3000/user_session/new
(b) and then for this redirect:
Processing UserSessionsController#new (for 127.0.0.1 at 2009-12-03
06:14:24) [GET]
Parameters: {"action"=>"new", "controller"=>"user_sessions"}
User Columns (3.4ms) SHOW FIELDS FROM `users`
User Indexes (0.9ms) SHOW KEYS FROM `users`
Rendering template within layouts/application
Rendering user_sessions/new
SQL (0.6ms) SELECT count(*) AS count_all FROM `users` WHERE
(last_request_at > '2009-12-02 20:04:24')
Completed in 182ms (View: 151, DB: 5) | 200 OK [http://localhost/
user_session/new]
(c) But then the web-page ends up on the login page, and not
automatically on the page I was after - i.e. I was expecting that the
one-time password would allow AuthLogic to automatically do the
session and then authentication???
Thanks
PS. Wonder if it related to this authlogic code I found in params.rb
def single_access_allowed_request_types(value = nil)
rw_config(:single_access_allowed_request_types, value,
["application/rss+xml", "application/atom+xml"])
end
I'm stuck trying to work this one out - have been reviewing the
AuthLogic code base but having a hard time making sense of it (
http://github.com/binarylogic/authlogic ).
Question 1 - Can anyone confirm what config exactly is required to
make the one time password (persistence_token) work in AuthLogic? See
below for the bulk...
Question 2 - If not the full answer to the above, then just: In the
AuthLogic code base where is URL parameter key string of
"user_credentials" actually set? I can't see to find it. Refer to
line 28 of the params.rb file. There is an assumption the one time
URL key to use is this, but can't find where it is set.
DETAILS FOR FULL QUESTION (Q1)
===============================
From what I can work out so far it is the following, however this
isn't working for me so I must be wrong:
* pass an additional URL parameter of
"user_credentials=xxxxpersistence_tokenxxxx"
* are there any other URL parameters required beyond this? any user
id or username?
* have the persistence_token field in my database table (which it is
and I can see it populated)
* have "acts_as_authentic " in my user model per normal
* question: is "acts_as_authentic " required in each of my own models?
When I enter a URL in the browser directly to one of my own model
resources following the above I see in the logs:
(a) initial request - Redirected to http://localhost:3000/user_session/new
(b) and then for this redirect:
Processing UserSessionsController#new (for 127.0.0.1 at 2009-12-03
06:14:24) [GET]
Parameters: {"action"=>"new", "controller"=>"user_sessions"}
User Columns (3.4ms) SHOW FIELDS FROM `users`
User Indexes (0.9ms) SHOW KEYS FROM `users`
Rendering template within layouts/application
Rendering user_sessions/new
SQL (0.6ms) SELECT count(*) AS count_all FROM `users` WHERE
(last_request_at > '2009-12-02 20:04:24')
Completed in 182ms (View: 151, DB: 5) | 200 OK [http://localhost/
user_session/new]
(c) But then the web-page ends up on the login page, and not
automatically on the page I was after - i.e. I was expecting that the
one-time password would allow AuthLogic to automatically do the
session and then authentication???
Thanks
PS. Wonder if it related to this authlogic code I found in params.rb
def single_access_allowed_request_types(value = nil)
rw_config(:single_access_allowed_request_types, value,
["application/rss+xml", "application/atom+xml"])
end
David
Dec 2, 2009, 11:19:54 PM12/2/09
to Ruby on Rails: Talk
The persistence token is stored in the session. It is what authlogic
uses to keep track of whether you are logged in. If you have authlogic
working, log your session data and you should see a "user_credentials"
entry there.
I think what you are looking for is the perishable_token. Here is a
good place to look: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/.
I ended up adapting the one from spree (spreecommerce.com) - look for
the password_reset_controller when I switched to authlogic from
acts_as_authenticated.
DF
On Dec 2, 8:14 pm, Greg Hauptmann <greg.hauptmann.r...@gmail.com>
wrote:
> (a) initial request - Redirected tohttp://localhost:3000/user_session/new
uses to keep track of whether you are logged in. If you have authlogic
working, log your session data and you should see a "user_credentials"
entry there.
I think what you are looking for is the perishable_token. Here is a
good place to look: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/.
I ended up adapting the one from spree (spreecommerce.com) - look for
the password_reset_controller when I switched to authlogic from
acts_as_authenticated.
DF
On Dec 2, 8:14 pm, Greg Hauptmann <greg.hauptmann.r...@gmail.com>
wrote:
Greg Hauptmann
Dec 3, 2009, 5:05:59 AM12/3/09
to rubyonra...@googlegroups.com
Actually I meant to say one-time password (not persistence) token.
I'll have a look at the links.
Can I ask something basic for authlogic...what is actually required in
ones's normal controllers and model to ensure auhentication/login has
taken place? Is "acts_as_authentic" just for the User model? I've
noted that based on the example app if I have my other controllers
they are still not protected. I'm guessing you need to add one of the
application_controller helper lines at the beginning of each
controller (ie that says this controller requires q logged on user)?
Thanks
> --
>
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>
--
Greg
http://blog.gregnet.org/
I'll have a look at the links.
Can I ask something basic for authlogic...what is actually required in
ones's normal controllers and model to ensure auhentication/login has
taken place? Is "acts_as_authentic" just for the User model? I've
noted that based on the example app if I have my other controllers
they are still not protected. I'm guessing you need to add one of the
application_controller helper lines at the beginning of each
controller (ie that says this controller requires q logged on user)?
Thanks
>
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>
--
Greg
http://blog.gregnet.org/
Reply all
Reply to author
Forward
0 new messages