自动登录使用Rails? [英] Automatic Login with Rails?
问题描述
我想获得与Rails的宁静的验证插件简单的认证系统,和我只是想知道它是如何工作的,B / C我似乎无法找出什么要求是饼干,以及如何使它所以浏览器总是记得你(为6个月以上)。
几个问题:
1)你如何为Ruby的restful_authentication做remember_me的?我似乎无法找到一个很好的单行来解决这个问题...
如果一个用户注册,并检查记住我,如何在Rails应用程序获取会话/饼干无需用户做任何事情,但在下次访问页面时去的页面,说3个月以后<? / p>
2)我是否需要某种信息的发送到服务器,就像他们的IP地址什么的?什么是饼干[:AUTH_TOKEN] ,其中该定义
我们的目标是:我不希望他们再次输入他们的电子邮件/密码,像计算器是如何工作的:)
下面就是我们正在做的事情(从身份验证系统主要是采取了)......这是处理我们正在运行login控制器方法...
DEF登录
如果LOGGED_IN?
闪光[:通知] =您已经登录。
redirect_to的/和返回
结束
除非request.post?
渲染:布局=&GT; 任务和返回
结束
self.current_user = User.authenticate(PARAMS [:登录],则params [:密码])
如果LOGGED_IN?
如果PARAMS [:remember_me] .to_i == 1
self.current_user.remember_me
饼干[:AUTH_TOKEN] = {:域=&GT; #{} DOMAIN:价值=&GT; self.current_user.remember_token,:到期=&GT; self.current_user.remember_token_expires_at}
其他
self.current_user.forget_me
cookies.delete(:AUTH_TOKEN,:域=&gt;中#{DOMAIN})
饼干[:AUTH_TOKEN] =零
结束
current_user.last_seen_at = Time.now
current_user.save
会话[:通知] =您登录成功
闪光[:通知] =您登录成功
redirect_back_or_default(:控制器=&GT;仪表盘)和返回
#redirect_back_or_default(:控制器=&GT;'指数',:动作=&GT;'指数')和返回
其他
如果failed_login_counter.add_attempt $(PARAMS [:登录])GT; MAXIMUM_LOGIN_ATTEMPTS
logger.info(登录率限制器踢,#{} MAXIMUM_LOGIN_ATTEMPTS登录尝试失败)
redirect_to的/denied.html而归
结束
闪光[:错误] =无法验证用户名和密码
渲染(:布局=&GT;'任务')和返回
结束
结束
,并使用这个注销
高清注销
current_user.last_seen_at = Time.now
current_user.save
self.current_user.forget_me如果LOGGED_IN?
cookies.delete(:AUTH_TOKEN,:域=&gt;中#{DOMAIN})
reset_session
闪光[:通知] =您已被注销。
#redirect_to:回
redirect_back_or_default(:控制器=&GT;'指数',:动作=&GT;'指数')和返回
结束
然后 - 在你的application.rb中你需要这样的:
的before_filter:login_from_cookie高清login_from_cookie
返回除非饼干[:AUTH_TOKEN&放大器;&安培; !登录?
用户= User.find_by_remember_token(饼干[:AUTH_TOKEN])
如果用户放大器;&安培; user.remember_token?
user.remember_me
self.current_user =用户
饼干[:AUTH_TOKEN] = {:域=&GT; #{} DOMAIN:价值=&GT; self.current_user.remember_token,:到期=&GT; self.current_user.remember_token_expires_at}
闪光[:通知] =#{} self.current_user.login,您已成功登录
结束
结束
和 - 在您的用户模型中有这样一些方法:
#加密与盐的一些数据。
高清self.encrypt(口令,盐)
消化:: SHA1.hexdigest( - #{盐} - #{密码} - )
结束#加密与用户盐的密码
高清加密(密码)
self.class.encrypt(口令,盐)
结束高清remember_token?
remember_token_expires_at&功放;&安培; Time.now.utc&LT; remember_token_expires_at
结束#这些创造和取消的记忆浏览器关闭之间的用户所需的字段
高清remember_me
self.remember_token_expires_at = 2.weeks.from_now.utc
self.remember_token =加密(#{EMAIL} - #{remember_token_expires_at})
保存(假)
结束高清forget_me
self.remember_token_expires_at =零
self.remember_token =零
保存(假)
结束
I am trying to get up a simple authentication system with Rails' Restful-Authentication plugin, and am just wondering how it works, b/c I can't seem to figure out what the requirements are for cookies, and how to make it so the browser always remembers you (for 6+ months).
Few questions:
1) How do you do remember_me's for ruby's restful_authentication? I can't seem to find a good one-liner to solve this problem...
If a user signs up and checks "Remember Me", how does the rails application get the session/cookie without the user doing anything but going to the page the next time they go to the page, say 3 months later?
2) Do I need to send some sort of info to the server, like their IP address or something? What is cookies[:auth_token], where is that defined?
The goal is: I don't want them to have to enter their email/password again, like how StackOverflow works :)
Here's what we're doing (largely taken from authenticated system) ... this is the controller method that handles login that we're running...
def login
if logged_in?
flash[:notice] = "You are already logged in."
redirect_to "/" and return
end
unless request.post?
render :layout => 'task' and return
end
self.current_user = User.authenticate(params[:login], params[:password])
if logged_in?
if params[:remember_me].to_i == 1
self.current_user.remember_me
cookies[:auth_token] = {:domain => "#{DOMAIN}", :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
else
self.current_user.forget_me
cookies.delete(:auth_token, :domain => "#{DOMAIN}")
cookies[:auth_token] = nil
end
current_user.last_seen_at = Time.now
current_user.save
session[:notice] = "You logged in successfully"
flash[:notice] = "You logged in successfully"
redirect_back_or_default(:controller => 'dashboard') and return
#redirect_back_or_default(:controller => 'index', :action => 'index') and return
else
if $failed_login_counter.add_attempt(params[:login]) > MAXIMUM_LOGIN_ATTEMPTS
logger.info("login rate limiter kicking in, #{MAXIMUM_LOGIN_ATTEMPTS} login attempts failed")
redirect_to "/denied.html" and return
end
flash[:error] = "Unable to authenticate username and password"
render(:layout => 'task') and return
end
end
And use this for logout
def logout
current_user.last_seen_at = Time.now
current_user.save
self.current_user.forget_me if logged_in?
cookies.delete(:auth_token, :domain => "#{DOMAIN}")
reset_session
flash[:notice] = "You have been logged out."
#redirect_to :back
redirect_back_or_default(:controller => 'index', :action => 'index') and return
end
Then - in your application.rb you'll need something like:
before_filter :login_from_cookie
def login_from_cookie
return unless cookies[:auth_token] && !logged_in?
user = User.find_by_remember_token(cookies[:auth_token])
if user && user.remember_token?
user.remember_me
self.current_user = user
cookies[:auth_token] = { :domain => "#{DOMAIN}", :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
flash[:notice] = "#{self.current_user.login}, you have logged in successfully"
end
end
And - in your User model have some methods like this:
# Encrypts some data with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
# Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password, salt)
end
def remember_token?
remember_token_expires_at && Time.now.utc < remember_token_expires_at
end
# These create and unset the fields required for remembering users between browser closes
def remember_me
self.remember_token_expires_at = 2.weeks.from_now.utc
self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
save(false)
end
def forget_me
self.remember_token_expires_at = nil
self.remember_token = nil
save(false)
end
这篇关于自动登录使用Rails?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
