I integrated authlogic...

[matthewling]

Hey,

Actually I'm not so up on this pull request stuf, so I'm definitely not sure if you should go and do it automatically (i.e. due diligence required!!!), @tritico asked me to get involved if I can so I've integrated authlogic. Devise is shinier I know, but authlogic was more flexible seeing as you had a user model and users already created in production.

In order to use this patch, you need to run the supplied rake task after migration to make sure all existing production users have a random password, and theyre gonna have to do a password reset by mail to setup their new one

rake noladex:assign_random_password RAILS_ENV=production

I haven't setup any production mailer configs, as I'm not up on your heroku setup, so some effort will have to go into that before the existing users can signin and edit their profiles.

If this is just a junky commit, sorry, ;) I did my best in the short time I had during my normal work day ... ;)

Matthew

PS This is my first try at a social contribution, so really sorry if things don't go smoothly ... and one more time, this looks like a scary merge, and needs careful attention... maybe try it on another branch first to see if it could possibly work ... :)

[matthewling]

I inadvertently committed my database.yml this should not be merged as I think you guys are using some heroku data store ... sorry about that ...

[fholgado]

FYI, Heroku is finicky about mail configs since they provide some add-ons to send mail. I've used the Pony gem without any problems there, it just has to be set up to a mail server.

Here is an example of how I've used it:

require 'pony'
Pony.mail :to => i.ticket_email,
    :from => "federico@mailchimp.com",
    :subject => "#{i.domain} has successfuly made the DNS changes!",
    :body => mail_body,
    :via => :smtp,
     :via_options => {
        :address              => 'smtp.emailsrvr.com',
        :port                 => '587',
        :user_name            => ENV['MC_EMAIL_USER'],
        :password             => ENV['MC_EMAIL_PASS'],
        :authentication       => :cram_md5,
        :domain               => 'mailchimp.com',
        :openssl_verify_mode => OpenSSL::SSL::VERIFY_NONE
    }

The :openssl_verify_mode flag is just used if your mail server uses weird SSL auth. Let me know if you have any questions!

[matthewling]

Hey @fholgado, thanks for that. I guess I might not touch any configs that really might end up sending mails or general configs. I guess that's best left up to the core team .. ;)

[fholgado]

I understand :) I figured they would find that useful once they set up email stuff.

[matthewling]

Ahh ... good point ;) .. I just did a cursory search and I guess if the team want to go with a free google apps account for mail, theny they could totally hook it up like this ... http://devcenter.heroku.com/articles/smtp

[matthewling]

I need to add some bug fixes ...

[joeellis]

Matthew, No problem, I'll take a look at it tonight at Hack Night, play around with it in another branch and see if I can't merge it into master somehow. Not wild about having to have everyone reset their passwords, but authlogic is a massively better solution than the current one (none I think?), plus Devise has been driving me nuts lately.

Anyways, if you're in New Orleans, we'll be down here at Launchpad at 7 working on it tonight. Come join us if you can

[joeellis]

@fholgado, I was planning on just setting up a free google apps mailing account and running the mail through that, or just using the free sendgrid add on from heroku. I think they both limit it to 200 outgoing mails per day, but I don't think we have that many users yet

[matthewling]

Hey... actually I'm over in Berlin ;) ... and old mate of @tritico s and thought I might lend a hand if possible ...

Well, there was no auth. solution yesterday ;) so thought I'd have a go, I started with devise, but the amount of customisation required was way to deep and decided to go for authlogic. I agree on the password reset thing, the next best option might be to set some temp passwords and email them out, but then you have cleartext passwords in the wild, thats why I thought maybe the more secure option is just to let existing members know, they should reset their passwords themselves to get access to their accounts ...

Let me know if anything terrible is up ;)

[fholgado]

Google Apps sounds like a great solution! Otherwise, you can use MailChimp's STS service to send transactional email. We even have a Ruby gem to make sending mail easier, which is called Ukari. Let me know if I can help with anything else!

[matthewling]

Hey @joeellis @fholgado, theres a few more smller commits there on master, one to create seeds for devs. one to shorten the code for the index action, and probably most importantly, not allowing anonymous browsers to potentially delete profiles ... but that depends on the authlogic commits being applied ...

[matthewling]

@tritico, there's also a new seeds which you can use in this commit ... https://github.com/matthewling/peopleofneworleans/commit/350cc670f852e666535ef575370e4869022d3128

[joeellis]

Merged this in another pull request because I'm an idiot and didn't just do it from master from the start

[joeellis]

Thanks Matt!

[matthewling]

Ah shame ... I'll try to contribute again I guess ... ;) Also see some minor stuff which could be impvored in auth. code, will try to clean up asap ...

[matthewling]

PS ... No Probem ;)

[joeellis]

@matthewling, Contribute away, your patch was great! The only thing big thing I needed to change in it was in the rake task, the order of setting the new random password first and saving it, and then sending the password reset mail. Apparently with authlogic, if you issue a save! on a user, it automatically refreshes the perishable token, requiring that the mail be sent afterwards. But it was all merged, I just did it in a separate pull request: https://github.com/gnocode/noladex.org/pull/26

But definitely feel free to add in any other fixes you see, I'll definitely merge them in. @matthewling patches = A+++++++++ Would Merge Again!

[matthewling]

Heh, ah nice catch, yeah, the perishable token thing needs some scrutiny sometimes, but it works well ... kewl, will fetch the newest version as soon as I get some time ... ;)