tag:blogger.com,1999:blog-91663579756814341442011-10-08T02:56:30.182-07:00validates_confirmation_of :emailphilrosensteinhttp://www.blogger.com/profile/08854010533937593604noreply@blogger.comBlogger31100tag:blogger.com,1999:blog-9166357975681434144.post-75045249475878007522010-08-18T12:52:00.000-07:002010-08-18T13:15:51.470-07:00devise gem provides powerful rails authentication out of the boxI decided that it was time to switch over to authlogic now that I'm a bit more comfortable with ruby and rails, but I couldn't get past an annoying bug where my User.password virtual attribute couldn't be found, despite ensuring that I had the spelling correct for the authlogic "magic" column names, and confirming over and over that I defined attr_accessible :password<br /><br />Then I stumbled upon a relatively new gem called <a href="http://github.com/plataformatec/devise">devise</a>, which comes with modules to satisfy all common project requirements such as automatic account locking, session timeouts, forgotten passwords and more.<br /><br />After struggling with authlogic for an entire day, it was nice to have devise up and running in a matter of minutes, and see all the aforementioned functionality working out of the box.<br /><br />One thing that I haven't been able to find online is a convenient reference of the attributes and methods that devise adds to your user model, so I compiled a crude one. It is not categorized by module, but it should be pretty evident by the names:<br /><br />devise attributes:<br /><br />confirmation_sent_at<br />confirmed_at <br />current_sign_in_ip <br />failed_attempts <br />last_sign_in_at <br />last_sign_in_ip <br />locked_at <br />locked_out_at <br />sign_in_count <br />unlock_token<br /><br />devise methods:<br /><br />access_locked? <br />active? <br />confirmation_required? <br />confirmed? <br />if_access_locked <br />lock! <br />lock_access! <br />locking_enabled? <br />lock_expired? <br />resend_unlock_token <br />reset_password! <br />send_reset_password_instructions <br />timedout? <br />unless_confirmed <br />unlock_access!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/9166357975681434144-7504524947587800752?l=validatesconfirmationof.blogspot.com' alt='' /></div>philrosensteinhttp://www.blogger.com/profile/08854010533937593604noreply@blogger.com0tag:blogger.com,1999:blog-9166357975681434144.post-73262320292252803102010-04-07T18:19:00.000-07:002010-04-07T18:54:47.815-07:00github project howto: fork, clone, modify, request mergeI use the searchlogic gem by binarylogic for report search filters and it works great, but unfortunately it doesn't support the rails datetime_select helpers. The issue has existed on github for many months, and one user even offered a nice gist to fix the problem. Many months later and it still has not found its way into searchlogic master. So I figured its time to give back to the open source community by making it as easy as possible for Ben to incorporate the fix.<br /><br />1. Fork the project on github http://help.github.com/forking/<br /><br />2. Clone your fork. <br />2.1 If you have never done this before, you'll have to upload a private ssh key to github first. See http://help.github.com/mac-key-setup/<br />2.2 Then you can clone your newly-forked version of the project:<br /><br />git clone git@github.com:philrosenstein/searchlogic.git<br /><br />3. Run the tests. In my case I provided a relative path to spec in my rails project.<br /><br />../path/to/script/spec ./spec/search_spec.rb -c<br /><br />4. Make the changes locally. Using your favorite editor of course.<br /><br />5. Run the tests again to make sure you haven't broken anything. You should also add new test cases if you have added functionality.<br /><br />6. Commit the changes.<br /><br />7. Request a merge from the project owner. If you are confident in your changes and they will make the project better for others, this is where you give back to the community that your projects have benefited so much from!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/9166357975681434144-7326232029225280310?l=validatesconfirmationof.blogspot.com' alt='' /></div>philrosensteinhttp://www.blogger.com/profile/08854010533937593604noreply@blogger.com0tag:blogger.com,1999:blog-9166357975681434144.post-31902894919106425992009-11-11T12:45:00.000-08:002009-11-11T14:28:19.365-08:00Add a Lost Password feature to restful_authenticationThis post describes how to add a lost password feature to restful_authentication. It is based off the instructions found <a href="http://railsforum.com/viewtopic.php?id=11962">here</a>, adding some extra robustness and fixes for updates in the authentication plugin.<br /><br />app/controllers/users_controller.rb<br /><br /><pre class="textmate-source sunburst"><span class="text text_plain"> <span class="meta meta_paragraph meta_paragraph_text"><br /> before_filter :login_required, :except => [:new, :create, :activate, :lost_password, :reset_password]<br /> before_filter :get_partial_user_from_session, :only => [:new, :lost_password]<br /> after_filter :save_partial_user_in_session, :only => [:new, :lost_password]<br /> require_role "admin", :for_all_except => [:new, :create, :activate, :edit, :update, :lost_password, :reset_password]<br /></span> <br /> <span class="meta meta_paragraph meta_paragraph_text">def lost_password<br /></span> <span class="meta meta_paragraph meta_paragraph_text">case request.method<br /> when :post<br /></span> <span class="meta meta_paragraph meta_paragraph_text">@user.attributes = params['user']<br /> if valid_for_attributes(@user, ["email","email_confirmation"])<br /></span> <span class="meta meta_paragraph meta_paragraph_text">user = User.find_by_email(params[:user][:email])<br /> user.create_password_reset_code if user<br /> flash[:notice] = "Reset code sent to #{params[:user][:email]}"<br /> redirect_back_or_default('/')<br /></span> <span class="meta meta_paragraph meta_paragraph_text">else<br /></span> <span class="meta meta_paragraph meta_paragraph_text">flash[:error] = "Please enter a valid email address"<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <span class="meta meta_paragraph meta_paragraph_text">when :get<br /></span> <span class="meta meta_paragraph meta_paragraph_text">@user = User.new<br /> @user.confirming_email = true<br /> @user.updating_email = false<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span><br /> <span class="meta meta_paragraph meta_paragraph_text">def reset_password<br /></span> <span class="meta meta_paragraph meta_paragraph_text">@user = User.find_by_password_reset_code(params[:reset_code]) unless params[:reset_code].nil?<br /></span> <span class="meta meta_paragraph meta_paragraph_text">if !@user<br /></span> <span class="meta meta_paragraph meta_paragraph_text">flash[:error] = "Reset password token invalid, please contact support."<br /> redirect_to('/')<br /> return<br /></span> <span class="meta meta_paragraph meta_paragraph_text">else<br /></span> <span class="meta meta_paragraph meta_paragraph_text">@user.crypted_password = nil<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /> if request.post?<br /></span> <span class="meta meta_paragraph meta_paragraph_text">if @user.update_attributes(:password => params[:user][:password], :password_confirmation => params[:user][:password_confirmation])<br /></span> <span class="meta meta_paragraph meta_paragraph_text">#self.current_user = @user<br /></span> <span class="meta meta_paragraph meta_paragraph_text">@user.delete_password_reset_code<br /></span> <span class="meta meta_paragraph meta_paragraph_text">flash[:notice] = "Password updated successfully for #{@user.email} - You may now log in using your new password."<br /> redirect_back_or_default('/')<br /></span> <span class="meta meta_paragraph meta_paragraph_text">else<br /></span> <span class="meta meta_paragraph meta_paragraph_text">render :action => :reset_password<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <br /> <span class="meta meta_paragraph meta_paragraph_text"># Might be a good addition to AR::Base<br /> def valid_for_attributes( model, attributes )<br /></span> <span class="meta meta_paragraph meta_paragraph_text">unless model.valid?<br /></span> <span class="meta meta_paragraph meta_paragraph_text">errors = model.errors<br /> our_errors = Array.new<br /> errors.each { |attr,error|<br /></span> <span class="meta meta_paragraph meta_paragraph_text">if attributes.include? attr<br /></span> <span class="meta meta_paragraph meta_paragraph_text">our_errors << [attr,error]<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <span class="meta meta_paragraph meta_paragraph_text">}<br /> errors.clear<br /> our_errors.each { |attr,error| errors.add(attr,error) }<br /> return false unless errors.empty?<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /> return true<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span></span></pre><br /><br />app/models/user.rb<br /><br /><pre class="textmate-source sunburst"> <span class="text text_plain"><br /> <span class="meta meta_paragraph meta_paragraph_text">validates_uniqueness_of :email, :if => :updating_email?<br /></span> <br /> <span class="meta meta_paragraph meta_paragraph_text">validates_presence_of :email_confirmation, :if => :confirming_email<br /> validates_confirmation_of :email, :if => :confirming_email<br /></span> <br /> <span class="meta meta_paragraph meta_paragraph_text">attr_accessible :login, :email, :email_confirmation<br /></span> <br /> <span class="meta meta_paragraph meta_paragraph_text">attr_accessor :updating_email, :confirming_email # allows us to control when email uniqueness and confirmation are validated (respectively)<br /></span><br /> <span class="meta meta_paragraph meta_paragraph_text">def create_password_reset_code<br /></span> <span class="meta meta_paragraph meta_paragraph_text">@password_reset = true<br /> self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )<br /> self.save(false)<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /> def password_recently_reset?<br /></span> <span class="meta meta_paragraph meta_paragraph_text">@password_reset<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end <br /> def delete_password_reset_code<br /></span> <span class="meta meta_paragraph meta_paragraph_text">self.password_reset_code = nil<br /> self.save(false)<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span><br /> <span class="meta meta_paragraph meta_paragraph_text">protected<br /></span> <span class="meta meta_paragraph meta_paragraph_text">def updating_email?<br /></span> <span class="meta meta_paragraph meta_paragraph_text"># validate_uniqueness_of email unless specifically set to false<br /> if updating_email == false<br /></span> <span class="meta meta_paragraph meta_paragraph_text">return false<br /></span> <span class="meta meta_paragraph meta_paragraph_text">else<br /></span> <span class="meta meta_paragraph meta_paragraph_text">return true<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> </span></pre><br /><br />app/models/user_mailer.rb<br /><br /><pre class="textmate-source sunburst"> <span class="text text_plain"><br /> <span class="meta meta_paragraph meta_paragraph_text">def password_reset_notification(user)<br /></span> <span class="meta meta_paragraph meta_paragraph_text">setup_email(user)<br /> @subject = 'Link to reset your password'<br /> @body[:url] = "<span class="markup markup_underline markup_underline_link markup_underline_link_text">http://www.yourapp.com/reset_password/#</span>{user.password_reset_code}"<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> <br /></span> </pre><br /><br />app/models/user_observer.rb<br /><br /><pre class="textmate-source sunburst"> <span class="text text_plain"><br /> <span class="meta meta_paragraph meta_paragraph_text">def after_save(user)<br /></span> <span class="meta meta_paragraph meta_paragraph_text">UserMailer.deliver_password_reset_notification(user) if user.password_recently_reset?<br /></span> <span class="meta meta_paragraph meta_paragraph_text">end<br /></span> </span></pre><br /><br />app/views/sessions/new.html.haml<br /><br /><pre class="textmate-source sunburst"> <span class="text text_plain"><span class="meta meta_paragraph meta_paragraph_text">= link_to " > Lost Password?", lost_password_path</span></span></pre><br /><br />config/routes.rb<br /><br /><pre class="textmate-source sunburst"> <span class="text text_plain"> <span class="meta meta_paragraph meta_paragraph_text"><br /> map.lost_password '/lost_password', :controller => 'users', :action => 'lost_password'<br /> map.reset_password 'reset_password/:reset_code', :controller => 'users', :action => 'reset_password'<br /></span> </span></pre><br /><br />users migration file:<br /><br /><pre class="textmate-source sunburst"> <span class="text text_plain"> <span class="meta meta_paragraph meta_paragraph_text">t.string :password_reset_code, :limit => 40</span></span></pre><br /><br />app/views/user_mailer/password_reset_notification.erb<br /><br /><pre class="textmate-source sunburst"><span class="text text_plain"><span class="meta meta_paragraph meta_paragraph_text">Request to reset password received for <%= @user.login %><br /></span><br /><span class="meta meta_paragraph meta_paragraph_text">Visit this url to choose a new password:<br /></span><br /> <span class="meta meta_paragraph meta_paragraph_text"><%= @url %><br /></span> <br /><span class="meta meta_paragraph meta_paragraph_text">(Your password will remain the same if no action is taken)</span></span></pre><br /><br />app/views/users/lost_password.html.haml<br /><br /><pre class="textmate-source sunburst"><span class="text text_plain"><span class="meta meta_paragraph meta_paragraph_text">%h2 Lost Password<br /></span><br /><span class="meta meta_paragraph meta_paragraph_text">%p<br /></span> <span class="meta meta_paragraph meta_paragraph_text">Please enter the email address that you registered with. Once you click on the Send button we will send you an email that allows you to change your password.<br /></span><br /><span class="meta meta_paragraph meta_paragraph_text">= error_messages_for :user, :header_message => "Please review the following errors:", :message => ""<br /></span><br /><span class="meta meta_paragraph meta_paragraph_text">- form_for :user do |f|<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%table<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%tr<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%td{:align => "right"}<br /></span> <span class="meta meta_paragraph meta_paragraph_text">Email Address<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%td<br /></span> <span class="meta meta_paragraph meta_paragraph_text">= f.text_field :email<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%tr<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%td{:align => "right"}<br /></span> <span class="meta meta_paragraph meta_paragraph_text">Retype Email Address<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%td<br /></span> <span class="meta meta_paragraph meta_paragraph_text">= f.text_field :email_confirmation<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%tr<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%td<br /></span> <span class="meta meta_paragraph meta_paragraph_text">&nbsp;<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%td<br /></span> <span class="meta meta_paragraph meta_paragraph_text">= submit_tag 'Submit'</span></span></pre><br /><br />app/views/users/reset_password.html.haml<br /><br /><pre class="textmate-source sunburst"><span class="text text_plain"><span class="meta meta_paragraph meta_paragraph_text">= error_messages_for :user<br /></span><br /><span class="meta meta_paragraph meta_paragraph_text">%h2 Choose a new password<br /></span><br /><span class="meta meta_paragraph meta_paragraph_text">- form_for :user do |f|<br /></span><br /> <span class="meta meta_paragraph meta_paragraph_text">%div<br /></span> <span class="meta meta_paragraph meta_paragraph_text">New Password:<br /> = f.password_field :password<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%div<br /></span> <span class="meta meta_paragraph meta_paragraph_text">Confirm Password:<br /> = f.password_field :password_confirmation<br /></span> <span class="meta meta_paragraph meta_paragraph_text">%div<br /></span> <span class="meta meta_paragraph meta_paragraph_text">= submit_tag 'Change Password'</span></span></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/9166357975681434144-3190289491910642599?l=validatesconfirmationof.blogspot.com' alt='' /></div>philrosensteinhttp://www.blogger.com/profile/08854010533937593604noreply@blogger.com4