1Restful Authentication Generator
2====
3
4This is a basic restful authentication generator for rails, taken
5from acts as authenticated. Currently it requires Rails 1.2.6 or above.
6
7To use:
8
9 ./script/generate authenticated user sessions \
10 --include-activation \
11 --stateful
12
13The first parameter specifies the model that gets created in signup
14(typically a user or account model). A model with migration is
15created, as well as a basic controller with the create method.
16
17The second parameter specifies the sessions controller name. This is
18the controller that handles the actual login/logout function on the
19site.
20
21The third parameter (--include-activation) generates the code for a
22ActionMailer and its respective Activation Code through email.
23
24The fourth (--stateful) builds in support for acts_as_state_machine
25and generates activation code. This was taken from:
26
27http://www.vaporbase.com/postings/stateful_authentication
28
29You can pass --skip-migration to skip the user migration.
30
31If you're using acts_as_state_machine, define your users resource like this:
32
33 map.resources :users, :member => { :suspend => :put,
34 :unsuspend => :put,
35 :purge => :delete }
36
37Also, add an observer to config/environment.rb if you chose the
38--include-activation option
39
40 config.active_record.observers = :user_observer # or whatever you
41 # named your model
42
43Security Alert
44====
45
46I introduced a change to the model controller that's been tripping
47folks up on Rails 2.0. The change was added as a suggestion to help
48combat session fixation attacks. However, this resets the Form
49Authentication token used by Request Forgery Protection. I've left
50it out now, since Rails 1.2.6 and Rails 2.0 will both stop session
51fixation attacks anyway.