ruby-on-rails – 使用Rails自动登录?
发布时间:2020-12-17 03:08:40 所属栏目:百科 来源:网络整理
导读:我正在尝试使用Rails的Restful-Authentication插件创建一个简单的身份验证系统,我只是想知道它是如何工作的,b / c我似乎无法弄清楚Cookie的要求是什么,以及如何使它成为现实浏览器总是记得你(6个月). 几个问题: 1)你如何为ruby的restful_authentication做记
|
我正在尝试使用Rails的Restful-Authentication插件创建一个简单的身份验证系统,我只是想知道它是如何工作的,b / c我似乎无法弄清楚Cookie的要求是什么,以及如何使它成为现实浏览器总是记得你(6个月).
几个问题: 1)你如何为ruby的restful_authentication做记住_me?我似乎无法找到一个好的单线来解决这个问题…… 如果用户注册并检查“记住我”,那么rails应用程序如何在用户不做任何事情的情况下获取会话/ cookie,而是在下次访问该页面时进入该页面,比如3个月后? 2)我是否需要向服务器发送某种信息,比如他们的IP地址或其他什么?什么是cookies [:auth_token],在哪里定义? 目标是:我不希望他们再次输入他们的电子邮件/密码,就像StackOverflow如何工作:) 解决方法
这是我们正在做的事情(主要来自经过身份验证的系统)…这是处理我们正在运行的登录的控制器方法…
def login
if logged_in?
flash[:notice] = "You are already logged in."
redirect_to "/" and return
end
unless request.post?
render :layout => 'task' and return
end
self.current_user = User.authenticate(params[:login],params[:password])
if logged_in?
if params[:remember_me].to_i == 1
self.current_user.remember_me
cookies[:auth_token] = {:domain => "#{DOMAIN}",:value => self.current_user.remember_token,:expires => self.current_user.remember_token_expires_at }
else
self.current_user.forget_me
cookies.delete(:auth_token,:domain => "#{DOMAIN}")
cookies[:auth_token] = nil
end
current_user.last_seen_at = Time.now
current_user.save
session[:notice] = "You logged in successfully"
flash[:notice] = "You logged in successfully"
redirect_back_or_default(:controller => 'dashboard') and return
#redirect_back_or_default(:controller => 'index',:action => 'index') and return
else
if $failed_login_counter.add_attempt(params[:login]) > MAXIMUM_LOGIN_ATTEMPTS
logger.info("login rate limiter kicking in,#{MAXIMUM_LOGIN_ATTEMPTS} login attempts failed")
redirect_to "/denied.html" and return
end
flash[:error] = "Unable to authenticate username and password"
render(:layout => 'task') and return
end
end
并使用它来注销 def logout
current_user.last_seen_at = Time.now
current_user.save
self.current_user.forget_me if logged_in?
cookies.delete(:auth_token,:domain => "#{DOMAIN}")
reset_session
flash[:notice] = "You have been logged out."
#redirect_to :back
redirect_back_or_default(:controller => 'index',:action => 'index') and return
end
然后 – 在你的application.rb中你需要这样的东西: before_filter :login_from_cookie
def login_from_cookie
return unless cookies[:auth_token] && !logged_in?
user = User.find_by_remember_token(cookies[:auth_token])
if user && user.remember_token?
user.remember_me
self.current_user = user
cookies[:auth_token] = { :domain => "#{DOMAIN}",:expires => self.current_user.remember_token_expires_at }
flash[:notice] = "#{self.current_user.login},you have logged in successfully"
end
end
并且 – 在您的用户模型中有一些这样的方法: # Encrypts some data with the salt.
def self.encrypt(password,salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
# Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password,salt)
end
def remember_token?
remember_token_expires_at && Time.now.utc < remember_token_expires_at
end
# These create and unset the fields required for remembering users between browser closes
def remember_me
self.remember_token_expires_at = 2.weeks.from_now.utc
self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
save(false)
end
def forget_me
self.remember_token_expires_at = nil
self.remember_token = nil
save(false)
end
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |