Login sugar

After being frustrated (yet again) last week when attempting to use
the salted_login_generator in a new rails project, I have modified it
so that it works better for my needs. Since the
SaltedHashLoginGenerator wiki page seems to indicate many people are
frustrated by this package which is very nice but has been broken
since rails 1.1.4 I think, I have gem-ified my version of the
generator and released it. In my version:

  • All of the tests pass on Rails 1.1.[456].
  • Example DB schema uses migrations.
  • The first_name, last_name attributes have underscores.
  • Includes a quick start zip of preconfigured default rails app
    files.
  • The README_USER_LOGIN tells you everything you need to know.

It is available at
http://akuaku.org/code/login_sugar_generator-0.9.0.gem

This was my first time looking at the internals of generators and
gems, but I think I got it mostly right. It seems to work in fresh
rails projects in my tests. It’s probably brittle in terms of naming
the controllers though, so you may have to make some adjustments if
you use something other than User and Localization as your controller
names.

I realize Deirdre Saoirse M. has taken over the salted login project
and a fixed version 1.1.2 will probably be out soon, so just consider
this a measure of temporary sanity.

Dav and Deirdre,
thanks for working on this.

I started with this:
http://akuaku.org/code/login_sugar_generator-0.9.0.gem

I walked through the install.

All the tests pass on my Mac.

I have this:

bash mac maco /pt/webprops/sysadmin/tst 104 $ script/about

About your application’s environment
Ruby version 1.8.4 (powerpc-darwin8.7.0)
RubyGems version 0.8.11
Active Record version 1.14.2
Action Pack version 1.12.1
Action Web Service version 1.1.2
Action Mailer version 1.2.1
Active Support version 1.3.1
Edge Rails revision 4814 < *****************
Application root /pt/webprops/sysadmin/tst
Environment development
Database adapter postgresql
Database schema version 2
bash mac maco /pt/webprops/sysadmin/tst 105 $

Anyway the first problem is Clock.

I found Clock in two places.

lib/clock.rb
and
test/mocks/test/clock.rb

The mock clock has been debugged so that the tests will pass.

The real clock has 4 bugs in it and it’s only 14 lines long.

Here is what mine looks like now after I fixed what I could:

class Clock
def self.at( t )
Time.at t
end

def self.now
Time.now
end

def self.time=
raise “Cannot set time on real Clock class”
end
end

At this point, I can get past the signup page once I post some data
there.

I then get sent to the login page.

There, I cannot get authenticated.

I see a bunch of errors in my webserver window related to things that
are deprecated:

Here is information related to the POST :

Processing UserController#login (for 127.0.0.1 at 2006-08-23 23:50:28)
[POST]
Session ID: 1d00e5031629fcf5268a5abe39172d06
Parameters: {“user”=>{“login”=>“bbbbbb”, “password”=>“bbbbbb”},
“commit”=>“Login”, “action”=>“login”,
“controller”=>“user”}
@params is deprecated! Call params.[] instead of @params.[]. Args:
[“user”] (login at
/pt/webprops/sysadmin/tst/public/…/config/…/app/controllers/user_controller.rb:7)
e[4;36;1mSQL (0.002785)e[0m e[0;1m SELECT a.attname,
format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
FROM pg_attribute a LEFT JOIN pg_attrdef d
ON a.attrelid = d.adrelid AND a.attnum = d.adnum
WHERE a.attrelid = ‘users’::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
e[0m
@params is deprecated! Call params.[] instead of @params.[]. Args:
[“user”] (login at
/pt/webprops/sysadmin/tst/public/…/config/…/app/controllers/user_controller.rb:8)
@params is deprecated! Call params.[] instead of @params.[]. Args:
[“user”] (login at
/pt/webprops/sysadmin/tst/public/…/config/…/app/controllers/user_controller.rb:8)
WARNING: find_first is deprecated and will be removed from the next
Rails release (find_first at
/pt/webprops/sysadmin/tst/public/…/config/…/vendor/rails/activerecord/lib/…/…/activesupport/lib/active_support/depre
cation.rb:54)
e[4;35;1mUser Load (0.001495)e[0m e[0mSELECT * FROM users WHERE
(login = ‘bbbbbb’ AND verified = 1 AND deleted =
0) LIMIT 1e[0m
@session is deprecated! Call session.[]= instead of @session.[]=.
Args: [“user”, nil] (login at
/pt/webprops/sysadmin/tst/public/…/config/…/app/controllers/user_controller.rb:8)
@params is deprecated! Call params.[] instead of @params.[]. Args:
[“user”] (login at
/pt/webprops/sysadmin/tst/public/…/config/…/app/controllers/user_controller.rb:12)
Rendering within layouts/scaffold
Rendering user/login
@flash is deprecated! Call flash.[] instead of @flash.[]. Args:
[“notice”] (head_helper at
/pt/webprops/sysadmin/tst/public/…/config/…/app/helpers/user_helper.rb:72)
@flash is deprecated! Call flash.[] instead of @flash.[]. Args:
[“message”] (head_helper at
/pt/webprops/sysadmin/tst/public/…/config/…/app/helpers/user_helper.rb:76)
@flash is deprecated! Call flash.[] instead of @flash.[]. Args:
[“message”] (head_helper at
/pt/webprops/sysadmin/tst/public/…/config/…/app/helpers/user_helper.rb:77)
Completed in 0.02749 (36 reqs/sec) | Rendering: 0.01372 (49%) | DB:
0.00428 (15%) | 200 OK
[http://hostel411/user/login]

If anyone can figure out how to get this stuff working,
I might be tempted to use it.

Thanks,

-Dan
[email protected]

Well,

it turns out that this piece of software requires that a new user
call the welcome action. The welcome action changes the user’s state
to verified. Once the user is verified, he will be allowed to
attempt authentication. The login page actually states this
which is useful to me once I read it.

I get the URL to the welcome action from the e-mail sent out
or the development.log if that is more convenient.

It looks like this:
http://localhost:3000/user/welcome?user[id]=5&key=1150518daf9bea2e7b5db68b43b0c7d2cc77182e

Also this is obvious if I inspect the SQL in the webrick window:
SELECT * FROM users WHERE (login = ‘bbbbbb’ AND verified = 1 AND deleted
=0)

Console had told me that for my user,
verified was set to 0.

-Dan

On 8/25/06, Steve B. [email protected] wrote:

Is there are lighter weight package that handles the basics for small,
internal web apps? Salt and Sugar seem like overkill for my projects.
I need for a designated administrator to be able to add local users (who
are employees). I then need for them to be able to log in and get to
pages based upon their identity. I don’t need for them to be able to
log in in Chinese, get emails if they forgot their password, register
via the web, or be verified before they can log in.

dunno how much lighter it is but the acts_as_authenticated plugin is
simple and popular these days.

  • kate = masukomi

Thanks again, Kate. This is exactly what I was looking for. Already
installed, configured, and working. And it is lighter weight and less
intrusive.

I’ve written and rewritten this same application in php, mod_python,
TurboGears 0.8, TurboGears 0.9, and now Rails. And I must say, none of
the others can hold a candle to Rails. It’s been a joy. The
documentation is great. And when I need extended functionality, I’ve
been able to simply ask for a recommendation and whatever I need just
magically appears. :slight_smile:

-Steve

kate rhodes wrote:

dunno how much lighter it is but the acts_as_authenticated plugin is
simple and popular these days.

Thanks. I’ll check it out.

-Steve

Is there are lighter weight package that handles the basics for small,
internal web apps? Salt and Sugar seem like overkill for my projects.
I need for a designated administrator to be able to add local users (who
are employees). I then need for them to be able to log in and get to
pages based upon their identity. I don’t need for them to be able to
log in in Chinese, get emails if they forgot their password, register
via the web, or be verified before they can log in.

AWDWR shows how to roll my own, but I would prefer to go with a commonly
used rails package if there is one. Salt and Sugar, capable as I’m sure
they are, clutter up my app more than I like.

Thanks,
Steve B.