There is no 'authorize' action, but the filter will cause the user?
method to be called, which should then authenticate you on *any*
action so long as a valid id and key parameter is given. Therefore,
calling the 'change_password' method will:
1. cause the 'login_required' filter to be called (you *are* using
before_filter :login_required in your application.rb, right?),
2. which in turn checks to see if the current action requires any authentication
3. if the action does require authentication, it then checks for a
logged in user (method: user?) and if that user is authorized for this
particular action (method: authorize?(user))
If the user? method manages to return true (either by you already
being logged in, or by authenticating you against a key and id
parameter) then you will be allowed to perform the given action, which
in this case is change_password.
- james
On 3/3/06, David Corbin <[EMAIL PROTECTED]> wrote:
> But the link I'm getting in my email is not to authorize, but to
> "change_password".
>
>
> On Friday 03 March 2006 06:25 am, James Adam wrote:
> > The authorize method has special handling for logging in via a token
> > (login_engine/lib/login_engine/authenticated_system.rb):
> >
> > def user?
> > # First, is the user already authenticated?
> > return true if not session[:user].nil?
> >
> > # If not, is the user being authenticated by a token?
> > id = params[:user_id]
> > key = params[:key]
> > if id and key
> > session[:user] = User.authenticate_by_token(id, key)
> > return true if not session[:user].nil?
> > end
> >
> > # Everything failed
> > return false
> > end
> >
> > i.e. when it checks for a logged in user, if an ID and Key parameter
> > are both present it will attempt to authenticate you based on that.
> > That would be the place to start debugging.....
> >
> > - james
> >
> > On 3/3/06, David Corbin <[EMAIL PROTECTED]> wrote:
> > > No, I'm not logged in. I'm trying to test the situation after I migrate
> > > users over, and users have to gain access to the site without knowing a
> > > password.
> > >
> > > Looking at the code, I don't see how the link emailed to me could
> > > possibly work, as the action seems to assume you are logged in, which
> > > defeats the purpose.
> > >
> > > David
> > >
> > > On Friday 03 March 2006 04:31 am, James Adam wrote:
> > > > Are you logged in when you try to do this?
> > > >
> > > > On 3/2/06, David Corbin <[EMAIL PROTECTED]> wrote:
> > > > > I've installed LoginEngine, and the basics appear to work. However,
> > > > > when I attempt to recover my password, I end up with the failure you
> > > > > see at the end of this message. Now, looking at the code, this seems
> > > > > like it should always happen (unless Rails is doing magic I don't
> > > > > know about -- always a possibility).
> > > > >
> > > > >
> > > > > Also, be aware, that this user was created as part of a migration
> > > > > from other data. Looking at the user in the database, thing seem
> > > > > reasonable to me.
> > > > >
> > > > > ------failure---------
> > > > > You have a nil object when you didn't expect it!
> > > > > You might have expected an instance of ActiveRecord::Base.
> > > > > The error occured while evaluating nil.errors
> > > > >
> > > > > Extracted source (around line #4):
> > > > >
> > > > > 1: <div title="<%= title_helper %>" class="form">
> > > > > 2: <h3>Change Password</h3>
> > > > > 3:
> > > > > 4: <%= error_messages_for 'user' %>
> > > > > 5:
> > > > > 6: <div class="form-padding">
> > > > > 7: <p>Enter your new password in the fields below and click
> > > > > 'Change Password' to have a new password sent to your email
> > > > > inbox.</p>
> > > > >
> > > > > RAILS_ROOT: script/../config/..
> > > > > Application Trace | Framework Trace | Full Trace
> > > > >
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_view/helpers
> > > > >/act ive_record_helper.rb:106:in `error_messages_for'
> > > > > #{RAILS_ROOT}/vendor/plugins/login_engine/app/views/user/change_passw
> > > > >ord. rhtml:4
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb
> > > > >:268
> > > > >
> > > > >:in `compile_and_render_template'
> > > > >
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb
> > > > >:244
> > > > >
> > > > >:in `render_template'
> > > > >
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb
> > > > >:205
> > > > >
> > > > >:in `render_file'
> > > > >
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ase. rb:655:in `render_file'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ase. rb:595:in `render_with_no_layout'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/l
> > > > >ayou t.rb:220:in `render_without_benchmark'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ench marking.rb:53:in `render'
> > > > > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ench marking.rb:53:in `render'
> > > > > ./script/../config/../vendor/plugins/login_engine/app/controllers/use
> > > > >r_co ntroller.rb:247:in `generate_filled_in'
> > > > > ./script/../config/../vendor/plugins/login_engine/app/controllers/use
> > > > >r_co ntroller.rb:69:in `change_password'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ase. rb:853:in `perform_action_without_filters'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/f
> > > > >ilte rs.rb:332:in `perform_action_without_benchmark'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ench marking.rb:69:in `perform_action_without_rescue'
> > > > > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ench marking.rb:69:in `perform_action_without_rescue'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/r
> > > > >escu e.rb:82:in `perform_action'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/b
> > > > >ase. rb:369:in `process_without_session_management_support'
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/s
> > > > >essi on_management.rb:116:in `process'
> > > > > ./script/../config/../vendor/rails/railties/lib/dispatcher.rb:38:in
> > > > > `dispatch'
> > > > > ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:117
> > > > >:in `handle_dispatch'
> > > > > ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:83:
> > > > >in `service'
> > > > > /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
> > > > > /usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
> > > > > /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
> > > > > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
> > > > > /usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
> > > > > /usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
> > > > > /usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
> > > > > /usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
> > > > > ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:69:
> > > > >in `dispatch'
> > > > > ./script/../config/../vendor/rails/railties/lib/commands/servers/webr
> > > > >ick. rb:59
> > > > > /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> > > > > `require'
> > > > > ./script/../config/../vendor/rails/activesupport/lib/active_support/d
> > > > >epen dencies.rb:214:in `require'
> > > > > ./script/../config/../vendor/rails/railties/lib/commands/server.rb:28
> > > > > ./script/server:3
> > > > >
> > > > > _______________________________________________
> > > > > engine-users mailing list
> > > > > [email protected]
> > > > > http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engine
> > > > >s.or g
> > > >
> > > > --
> > > > * J *
> > > > ~
> > > > _______________________________________________
> > > > engine-users mailing list
> > > > [email protected]
> > > > http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.
> > > >org
> > >
> > > _______________________________________________
> > > engine-users mailing list
> > > [email protected]
> > > http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.or
> > >g
> >
> > --
> > * J *
> > ~
> > _______________________________________________
> > engine-users mailing list
> > [email protected]
> > http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
> _______________________________________________
> engine-users mailing list
> [email protected]
> http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
>
--
* J *
~
_______________________________________________
engine-users mailing list
[email protected]
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
