I recently had to build an authentication system into a project and seeing as the restful authentication plugin was getting such buzz, I decided to try it out.

The problem was, most of the information I found on the internet was dated and I had to make a couple of changes to get it to work on Rails 2.0. This site and this forum post were really helpful. This post documents the steps I took (or rather, the steps I’ll take next time I use it) to get the plugin working. It assumes you already have a rails application running and want to add authentication to it.

• Install the plug-in
  Open up a console window and navigate to the root of your application.
  Use script/plugin to install the plugin.
  ruby script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication/
• Run the generator
  The generator sets up your controllers, model, views and observer as well as modify the routes.rb file (sets up session and users as resources). The session controller is used for signing in and out of the system while the user controller takes care of the rest.

  If you do not need a user activation system built into the system, type the line below:

  ruby script/generate authenticated user sessions

  If you need a user account activation system, use the line below. The rest of this post will assume the system includes user activation (the system is a lot simpler without user activation enabled).

  ruby script/generate authenticated user sessions --include-activation
• Run the migration
  The system also generated a migration file. Run the migration with:
  rake db:migrate
• Modify the routes file
  Open up config/routes.rb and add to the named route section:
  map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate'

  While the routes file is still open, add more named routes (giving the user actions nice, friendly urls)

  map.signup '/signup', :controller => 'users', :action => 'new'
  map.login '/login', :controller => 'sessions', :action => 'new'
  map.logout '/logout', :controller => 'sessions', :action => 'destroy'
• Add an observer (required for user activation emails)
  Add an observer to config/enviroment.rb (within the Rails::Initializer.run block) :
  config.active_record.observers = :user_observer

  At this point, the basic system should be working. Start up your development server and go to http://localhost:3000/signup. You should see the sign up form.
  Also try http://localhost:3000/login to confirm it’s fine.

• Set up ActionMailer (required for user activation emails)
  The rails config/environment.rb file includes a Rails::Initializer.run block and prior to Rails 2, configuration code went in there.
  With Rails 2, there’s now a directory (config/initializers) where seperate, discreet bits of configuration are placed in files of their own.
  These are automatically loaded after plugins are loaded when Rails starts up.

  Create a new file called mail.rb in the config/initializers directory (you can actually call the file anything you like). SMTP setting will go into this file.
  Rails 2 also changed the variable for ActionMailer settings from server_settings to smtp_settings
  Place the following into the mail.rb file:

  ActionMailer::Base.delivery_method = :smtp
  ActionMailer::Base.smtp_settings = {
      :address => "mail.example-domain.com",
      :port => 25,
      :domain => "www.example-domain.com",
      :authentication => :login,
      :user_name => "user@example-domain.com",
      :password => "secret"
  }

  :address and :port - Determines the address and port of the SMTP server you’ll be using. These default to localhost and 25 , respectively.
  :domain - The domain the mailer should use when identifying itself to the server (usually the top-level domain name of the machine sending the email).
  :authentication - One of :plain, :login or :cram_md5. Should be omitted if the server does not require authentication. Also omit :username and :password options if you omit this parameter.
  :username and :password - Mail account login credentials. Required if :authentication is set.

• Modify the activation email parameters
  Open the production and development configuration files, config/environments/production.rb and config/environments/development.rb respectively.

  In the development config file:

  SITE_URL = "localhost:3000"

  and in the production:

  SITE_URL = "example-domain.com"

  You need to restart the server for these settings to take effect.Open app/models/user_mailer.rb. Change:

  @body[:url]  = "http://YOURSITE/activate/#{user.activation_code}"

  to:

  @body[:url]  = "http://#{SITE_URL}/activate/#{user.activation_code}"

  Change:

  @body[:url]  = "http://YOURSITE/"

  to:

  @body[:url]  = "http://#{SITE_URL}/"

  Change the setup_email block settings (ADMINEMAIL and YOURSITE) to your desired settings.

  Open the email template files (app/views/user_mailer/activation.html.erb and app/views/user_mailer/signup_notification.html.erb) and modify as desired.

  And that’s it. The system should now be working.

  Note: You need to include flash[:notice] and flash[:error] in your templates or layout to view the status messages e.g. just before the <%= yield %> line in app/views/application.html.erb, type:

  <p style="color: green"><%= flash[:notice] %></p>
  <p style="color: #990000"><%= flash[:alert] %></p>

This entry was posted on Saturday, January 19th, 2008 at 1:11 pm and is filed under Rails. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.