I'm stuck trying to work this one out - have been reviewing the
AuthLogic code base but having a hard time making sense of it (
http://github.com/binarylogic/authlogic ).
Question 1 - Can anyone confirm what config exactly is required to
make the one time password (persistence_token) work in AuthLogic? See
below for the bulk...
Question 2 - If not the full answer to the above, then just: In the
AuthLogic code base where is URL parameter key string of
"user_credentials" actually set? I can't see to find it. Refer to
line 28 of the params.rb file. There is an assumption the one time
URL key to use is this, but can't find where it is set.
The persistence token is stored in the session. It is what authlogic
uses to keep track of whether you are logged in. If you have authlogic
working, log your session data and you should see a "user_credentials"
entry there.
I think what you are looking for is the perishable_token. Here is a
good place to look: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/.
I ended up adapting the one from spree (spreecommerce.com) - look for
the password_reset_controller when I switched to authlogic from
acts_as_authenticated.
Actually I meant to say one-time password (not persistence) token.
I'll have a look at the links.
Can I ask something basic for authlogic...what is actually required in
ones's normal controllers and model to ensure auhentication/login has
taken place? Is "acts_as_authentic" just for the User model? I've
noted that based on the example app if I have my other controllers
they are still not protected. I'm guessing you need to add one of the
application_controller helper lines at the beginning of each
controller (ie that says this controller requires q logged on user)?