Override authlogic's email validation - ruby-on-rails

I am making a login using AuthLogic, but I would like 'email' to be optional. It seems however that authlogic out of the box makes this validated for. Anyone know a workaround?

from the authlogic example rails application:
Set up your model
Make sure you have a model that you
will be authenticating with. Since we
are using the User model it should
look something like:
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.my_config_option = my_value # for available options see documentation in: Authlogic::ActsAsAuthentic
end # block optional
end
One thing to note here is that this tries
to take care of all the authentication
grunt work, including validating your
login, email, password, and token
fields. You can easily disable this
with configuration. Ex:
c.validate_email_field = false. See
the Authlogic::ActsAsAuthentic sub
modules in the documentation for more
details.
Key part to note:
You can easily disable this with configuration. Ex:
c.validate_email_field = false.
Hope that helps.
Source: https://github.com/binarylogic/authlogic_example

While searching my contents ..i found out
http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/ActsAsAuthentic/Email/Config#merge_validates_format_of_email_field_options-instance_method
this will surely help..

Related

Set Authlogic validate_login_field to false on user update

We have a current database of users who can have any symbol in their username. We have started using authlogic for authentication. So, any current users updating any of their information fail validations because their login has unaccepted characters.
We want to prevent new users signing up from using symbols not accepted by authlogic, but those who have them already in their login to continue using them.
I know that I need to use something like this:
acts_as_authentic do |c|
c.validate_login_field = false
end
My questions is how do I set validate_login_field to false for already existing users but leave it to default value of true for new users signing up? Thanks.
I would suggest forgetting about that particular validation feature in Authlogic for your particular case (i.e. keep it as c.validate_login_field = false) and use validates_format_of setting a :with clause to a regex to ensure Authlogic valid user names and an :if clause to some proc or method private method which returns true if the validation should be done at all (using some application specific logic of your own design)
Or you can not to turn of validate_login_field and add :if option to validates_format_of_login_field_options
UPDATE:
Actually forget, it's a bad idea, because in that case you have to provide :if option for every possible validation.
Not only for validates_format_of_login_field_options, but for validates_length_of_login_field_options and validates_uniqueness_of_login_field_options

Validate password on change of certain fields in RoR

I am building a RoR 3 app, a community. It has a User model and some fields.
So when a user is updating a certain field, like his/her birthday, I want to validate that the User typed in the password that is the same in the database. This way I know that it is the right user trying to change the birthday.
So I ask you how i can create such a validator.
Also I would like to be able to specify an array of which fields the user has to validate the password to change.
This is actually pretty easy to do once you are familiar with the Rails framework.
models/User.rb
class User < ActiveRecord::Base
validate :correct_password?, :if => :check_password?
def check_password?
[birthday_changed?, other_field_changed?].any?
end
def correct_password?
# without knowing more about how you store the password
# this probably won't work with your code directly
errors.add_to_base("Must provide password") unless password?
errors.add_to_base("Incorrect password") unless password == User.find_by_id(id).password
end
end
Even though building user authentication and authorization is not hard - I would advise to use something like "AuthLogic" or "Devise" gems/plugins which will most likely cover 90% of the functionality that you need. You alsways can customize/add new functionality if needed.
Such plugins will do most of the grunt work for you: generate MVC, create database, do proper security checks, even email password recovery and such.

Authenticate users by Customer, Login and Password with Authlogic

I've got a typical Authlogic setup that I need to enhance to require Customer ID in addition to Login and Password.
I've read a bit about using a custom find method and another about using a global variable for accessing the additional parameter and a third referring to documentation about using scopes that doesn't seem to exist.
Seems like this should be easy, but I can't seem to find the right approach.
Anyone got a solution?
In your UserSession class, add:
find_by_login_method :find_by_customer_id_or_login
In your User class, create this customer finder:
def self.find_by_customer_id_or_login(login)
User.find_by_customer_id(login) || User.find_by_login(login)
end
This is assuming a User has both a customer_id field and a login field.
Add a customer_id column through a migration and validate_presence_of :customer_id on your model. It doesn't have anything to do with authlogic. Unless there is more that you are trying to do.

Authlogic-oid with ONLY OpenID

I am implementing an internal site, for which I want our company's OpenID server to be the only means of registering and logging in. To be more specific, I don't even want a normal email and password/salt to be stored for the users in this site.
I am using authlogic with the authlogic-oid plugin, but I am getting these errors whenever I try to make a new user:
undefined local variable or method `crypted_password_field' for #<User:0xb68b7c00>
I take this to mean that authlogic is trying to generate a password for this user even though there are no password fields in my database. Is there a workaround for this, or config options I can pass to acts_as_authentic to make this work?
Figured it out. In your User model, you must specify this config in the acts_as_authentic block:
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.crypted_password_field = false
end
end
Looks like maybe you're trying access the crypted_password_field property somehow. If you look at the Authlogic example the documentation lists the optional fields (#3). I was able to get Authlogic and RPX up and running without password fields so I know it's possible.

authlogic auto_register feature using my options

I have auto registration working with authlogic using gaizka's version of authlogic_openid which I found on Github since pelle's original addition of the feature seemed to cause issues.
http://github.com/gaizka/authlogic_openid
using authlogic to auto create users bypassing explicit user registeration
This one works fine however when using the auto_register feature it ignores my options for authlogic such as retrieving the email from the openid provider... any ideas what I'm doing wrong?
Hhere's the example:
http://big-glow-mama.heroku.com/
http://github.com/holden/authlogic_openid_selector_example/tree/with-facebook/
You can see the difference if you register vs. login...
#user.rb
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.validate_login_field = false
# optional, but if a user registers by openid, he should at least share his email-address with the app
c.validate_email_field = false
# fetch email by ax
c.openid_required_fields = [:email,"http://axschema.org/contact/email"]
#c.required_fields = ["http://axschema.org/contact/email"]
# fetch email by sreg
#c.optional_fields = ["email"]
end
#private method to deal with emails goes here
end
#UserSession.rb
class UserSession < Authlogic::Session::Base
auto_register
logout_on_timeout true
end
This one works fine however when using the auto_register feature it ignores my options for authlogic such as retrieving the email from the openid provider... any ideas what I'm doing wrong?
The code that handles auto-registration lives in the authlogic_openid's Session module. The code that handles registration (retrieving email form provider, etc), lives in ActsAsAuthentic module.
The first is handling a UserSession object, the latter is handling a User object.
I'll take a look in a couple of days, to see what can be done to merge both behaviours.
Solved! Thanks to this commit:
http://github.com/mreinsch/authlogic_openid/commit/4a1f644be36aec75ae2d35121904b5a846354233
by mreinsch.
Check out the example app here: http://github.com/shripadk/authlogic_openid_selector_example
Live example: http://testingauth.heroku.com/

Resources