Changed to authlogic + openId(plugin)

app/controllers/application_controller.rb

@@ -6,13 +6,23 @@ class ApplicationController < ActionController::Base
 
   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
-  protect_from_forgery # :secret => '94cfd79349d51c387abaa8e52ad96b1f'
-
-  # See ActionController::Base for details 
-  # Uncomment this to filter the contents of submitted sensitive data parameters
-  # from your application log (in this case, all fields with names like "password"). 
-  # filter_parameter_logging :password
+  protect_from_forgery # :secret => '94cfd79349d51c387abaa8e52ad96b1f' 
+
+  filter_parameter_logging :password
+
+  helper_method :current_user
 
-  include AuthenticatedSystem
+  private
 
+  def current_user_session
+    return @current_user_session if defined?(@current_user_session)
+    @current_user_session = UserSession.find
+  end
+
+  def current_user
+    return @current_user if defined?(@current_user)
+    @current_user = current_user_session && current_user_session.record
+  end
+
+
 end

app/controllers/comments_controller.rb

@@ -1,5 +1,5 @@
 class CommentsController < ApplicationController
-  before_filter :login_required, :only => [ :new, :create, :edit ]
+  #before_filter :login_required, :only => [ :new, :create, :edit ]
 
   # GET /comments
   # GET /comments.xml

app/controllers/talks_controller.rb

@@ -1,5 +1,5 @@
 class TalksController < ApplicationController
-  before_filter :login_required, :only => [ :new, :create ]
+  #before_filter :login_required, :only => [ :new, :create ]
 
   # GET /talks
   # GET /talks.xml

app/controllers/users_controller.rb

@@ -1,31 +1,29 @@
-
-class UsersController < ApplicationController  
-
-  def index
-    @users = User.find(:all)
-  end
-
-
-  # render new.rhtml
+class UsersController < ApplicationController
   def new
     @user = User.new
   end
- 
+
   def create
-    logout_keeping_session!
     @user = User.new(params[:user])
-    success = @user && @user.save
-    if success && @user.errors.empty?
-            # Protects against session fixation attacks, causes request forgery
-      # protection if visitor resubmits an earlier form using back
-      # button. Uncomment if you understand the tradeoffs.
-      # reset session
-      self.current_user = @user # !! now logged in
-      redirect_back_or_default('/')
-      flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+    if @user.save
+      flash[:notice] = "Successfully created user."
+      redirect_to root_url
+    else
+      render :action => 'new'
+    end
+  end
+
+  def edit
+    @user = current_user    
+  end
+
+  def update
+    @user = current_user
+    if @user.update_attributes(params[:user])
+      flash[:notice] = "Successfully updated profile."
+      redirect_to root_url
     else
-      flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
-      render :action => "new"
+      render :action => 'edit'
     end
   end
 end

app/controllers/votes_controller.rb

@@ -1,5 +1,4 @@
 class VotesController < ApplicationController
-  before_filter :login_required
 
   # GET /votes
   # GET /votes.xml

app/helpers/users_helper.rb

@@ -1,93 +1,2 @@
 module UsersHelper
-
-  #
-  # Use this to wrap view elements that the user can't access.
-  # !! Note: this is an *interface*, not *security* feature !!
-  # You need to do all access control at the controller level.
-  #
-  # Example:
-  # <%= if_authorized?(:index,   User)  do link_to('List all users', users_path) end %> |
-  # <%= if_authorized?(:edit,    @user) do link_to('Edit this user', edit_user_path) end %> |
-  # <%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %> 
-  #
-  #
-  def if_authorized?(action, resource, &block)
-    if authorized?(action, resource)
-      yield action, resource
-    end
-  end
-
-  #
-  # Link to user's page ('users/1')
-  #
-  # By default, their login is used as link text and link title (tooltip)
-  #
-  # Takes options
-  # * :content_text => 'Content text in place of user.login', escaped with
-  #   the standard h() function.
-  # * :content_method => :user_instance_method_to_call_for_content_text
-  # * :title_method => :user_instance_method_to_call_for_title_attribute
-  # * as well as link_to()'s standard options
-  #
-  # Examples:
-  #   link_to_user @user
-  #   # => <a href="/users/3" title="barmy">barmy</a>
-  #
-  #   # if you've added a .name attribute:
-  #  content_tag :span, :class => :vcard do
-  #    (link_to_user user, :class => 'fn n', :title_method => :login, :content_method => :name) +
-  #          ': ' + (content_tag :span, user.email, :class => 'email')
-  #   end
-  #   # => <span class="vcard"><a href="/users/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">[email protected]</span></span>
-  #
-  #   link_to_user @user, :content_text => 'Your user page'
-  #   # => <a href="/users/3" title="barmy" class="nickname">Your user page</a>
-  #
-  def link_to_user(user, options={})
-    raise "Invalid user" unless user
-    options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
-    content_text      = options.delete(:content_text)
-    content_text    ||= user.send(options.delete(:content_method))
-    options[:title] ||= user.send(options.delete(:title_method))
-    link_to h(content_text), user_path(user), options
-  end
-
-  #
-  # Link to login page using remote ip address as link content
-  #
-  # The :title (and thus, tooltip) is set to the IP address 
-  #
-  # Examples:
-  #   link_to_login_with_IP
-  #   # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
-  #
-  #   link_to_login_with_IP :content_text => 'not signed in'
-  #   # => <a href="/login" title="169.69.69.69">not signed in</a>
-  #
-  def link_to_login_with_IP content_text=nil, options={}
-    ip_addr           = request.remote_ip
-    content_text    ||= ip_addr
-    options.reverse_merge! :title => ip_addr
-    if tag = options.delete(:tag)
-      content_tag tag, h(content_text), options
-    else
-      link_to h(content_text), login_path, options
-    end
-  end
-
-  #
-  # Link to the current user's page (using link_to_user) or to the login page
-  # (using link_to_login_with_IP).
-  #
-  def link_to_current_user(options={})
-    if current_user
-      link_to_user current_user, options
-    else
-      content_text = options.delete(:content_text) || 'not signed in'
-      # kill ignored options from link_to_user
-      [:content_method, :title_method].each{|opt| options.delete(opt)} 
-      link_to_login_with_IP content_text, options
-    end
-  end
-
 end

app/models/user.rb

@@ -1,62 +1,4 @@
-require 'digest/sha1'
-
 class User < ActiveRecord::Base
-  include Authentication
-  include Authentication::ByPassword
-  include Authentication::ByCookieToken
-
-  validates_presence_of     :login
-  validates_length_of       :login,    :within => 3..40
-  validates_uniqueness_of   :login
-  validates_format_of       :login,    :with => Authentication.login_regex, :message => Authentication.bad_login_message
-
-  validates_format_of       :name,     :with => Authentication.name_regex,  :message => Authentication.bad_name_message, :allow_nil => true
-  validates_length_of       :name,     :maximum => 100
-
-  validates_presence_of     :email
-  validates_length_of       :email,    :within => 6..100 #[email protected]
-  validates_uniqueness_of   :email
-  validates_format_of       :email,    :with => Authentication.email_regex, :message => Authentication.bad_email_message
-
-  validates_presence_of     :billing_address, :name, :company
-
-
-  # HACK HACK HACK -- how to do attr_accessible from here?
-  # prevents a user from submitting a crafted form that bypasses activation
-  # anything else you want your user to change should be added here.
-  attr_accessible :login, :email, :name, :password, :password_confirmation, :company, :billing_address
-
-
-  def can_edit?(entity)
-    admin? or (!entity.blank? and entity.owner == self)
-  end
-
-  def admin?
-    true
-  end
-
-  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
-  #
-  # uff.  this is really an authorization, not authentication routine.  
-  # We really need a Dispatch Chain here or something.
-  # This will also let us return a human error message.
-  #
-  def self.authenticate(login, password)
-    return nil if login.blank? || password.blank?
-    u = find_by_login(login) # need to get the salt
-    u && u.authenticated?(password) ? u : nil
-  end
-
-  def login=(value)
-    write_attribute :login, (value ? value.downcase : nil)
-  end
-
-  def email=(value)
-    write_attribute :email, (value ? value.downcase : nil)
-  end
-
-  protected
-
-
+  acts_as_authentic
 
 end

app/views/layouts/application.html.erb

@@ -18,8 +18,6 @@
   <%= auto_discovery_link_tag :rss, { :controller => 'talks', :format => :rss }, { :title => "All talks" } %>
   <%= auto_discovery_link_tag :rss, { :controller => 'talks', :topic_id => @topic, :format => :rss }, { :title => "Talks for #{@topic.title}" } if @topic %>
   <%= auto_discovery_link_tag :rss, { :controller => 'comments', :talk_id => @talk, :format => :rss }, { :title => "Comments for #{@talk.title}" } if @talk %>
-
-
 </head>
 <body>
 
@@ -36,7 +34,15 @@
 </div>
 
 <div id="content">
-
+    <div id="user_nav">
+      <% if current_user %>
+        <%= link_to "Edit Profile", edit_user_path(:current) %> |
+        <%= link_to "Logout", logout_path %>
+      <% else %>
+        <%= link_to "Register", new_user_path %> |
+        <%= link_to "Login", login_path %>
+      <% end %>
+    </div>
 <p style="color: green"><%= flash[:notice] %></p>
 <p style="color: yellow"><%= flash[:warn] %></p>
 <p style="color: red"><%= flash[:error] %></p>

app/views/users/new.html.erb

@@ -1,35 +1,3 @@
-<h1>Sign up as a new user</h1>
-<% @user.password = @user.password_confirmation = nil %>
 
-<%= error_messages_for :user %>
-<% form_for :user, :url => users_path do |f| -%>
-<p><%= label_tag 'name' %><br/>
-<%= f.text_field :name %></p>
+<%= render :partial => 'form' %>
 
-<p><%= label_tag 'company' %><br/>
-<%= f.text_field :company %></p>
-
-<p><%= label_tag 'login' %><br/>
-<%= f.text_field :login %></p>
-
-<p><%= label_tag 'email' %><br/>
-<%= f.text_field :email %></p>
-
-<p><%= label_tag 'password' %><br/>
-<%= f.password_field :password %></p>
-
-<p><%= label_tag 'password_confirmation', 'Confirm Password' %><br/>
-<%= f.password_field :password_confirmation %></p>
-
-<p>
-  <%= f.label :description %><br />
-  <%= f.text_area :description, :rows => 8 %>
-</p>
-
-<p>
-  <%= f.label :billing_address %><br />
-  <%= f.text_area :billing_address, :rows => 5 %>
-</p>
-
-<p><%= submit_tag 'Sign up' %></p>
-<% end -%>

config/environment.rb

@@ -32,7 +32,13 @@
   #config.gem "RedCloth"
   config.gem "faker"
   config.gem "populator"
-  config.gem "sqlite3-ruby", :version => '1.2.3', :lib => "sqlite3"
+
+  config.gem "authlogic"
+  config.gem "authlogic-oid", :lib => "authlogic_openid"
+
+  #unless RUBY_PLATFORM =~ /java/
+  #config.gem "sqlite3-ruby", :lib => "sqlite3"
+  #end
 
   # Only load the plugins named here, in the order given. By default, all plugins 
   # in vendor/plugins are loaded in alphabetical order.

config/routes.rb

@@ -1,4 +1,8 @@
 ActionController::Routing::Routes.draw do |map|
+  map.resources :user_sessions
+
+  map.resources :users
+
 
   # Route for displaying static html pages
   # See http://railscasts.com/episodes/117-semi-static-pages for details
@@ -12,12 +16,10 @@
     contents.resources :content_revisions
   end
 
-  map.logout '/logout', :controller => 'sessions', :action => 'destroy'
-  map.login '/login', :controller => 'sessions', :action => 'new'
+  map.login "/login", :controller => "user_sessions", :action => "new"
+  map.logout "/logout", :controller => "user_sessions", :action => "destroy"
   map.register '/register', :controller => 'users', :action => 'create'
   map.signup '/signup', :controller => 'users', :action => 'new'
-  map.resources :users
-
   map.resource :session
 
   map.resources :periods