README.rdoc in devise-0.2.3 vs README.rdoc in devise-0.3.0

- old
+ new

@@ -7,11 +7,11 @@ * Allows you to have multiple roles (or models/scopes) signed in at the same time; * Is based on a modularity concept: use just what you really need. Right now it's composed of five mainly modules: -* Authenticable: responsible for encrypting password and validating authenticity of a user while signing in. +* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in. * Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions. * Recoverable: takes care of reseting the user password and send reset instructions. * Rememberable: manages generating and clearing token for remember the user from a saved cookie. * Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself. @@ -49,11 +49,11 @@ Devise must be setted up within the model (or models) you want to use, and devise routes must be created inside your routes.rb file. We're assuming here you want a User model. First of all you have to setup a migration with the following fields: create_table :users do - t.authenticable + t.authenticatable t.confirmable t.recoverable t.rememberable t.timestamps end @@ -68,62 +68,64 @@ class User < ActiveRecord::Base devise end -This line adds devise authenticable automatically for you inside your User class. Devise don't rely on _attr_accessible_ or _attr_protected_ inside its modules, so be sure to setup what attributes are accessible or protected in your model. +This line adds devise authenticatable automatically for you inside your User class. Devise don't rely on _attr_accessible_ or _attr_protected_ inside its modules, so be sure to setup what attributes are accessible or protected in your model. You could also include the other devise modules as below: - # Same as using only devise, authenticable is activated by default - devise :authenticable + # Same as using only devise, authenticatable is activated by default + devise :authenticatable - # Include authenticable + confirmable + # Include authenticatable + confirmable devise :confirmable - # Include authenticable + recoverable - devise :recoverable + # Include authenticatable + recoverable + rememberable + devise :recoverable, :rememberable - # Include authenticable + rememberable modules - devise :rememberable - - # Include authenticable + confirmable + recoverable + rememberable + validatable - devise :confirmable, :recoverable, :rememberable, :validatable - - # Same as above, include all of them + # Include all of them devise :all # Include all except recoverable devise :all, :except => :recoverable Note that validations aren't added by default, so you're able to customize it. In order to have automatic validations working just include :validatable. +== Configuration values + In addition to :except, you can provide some options to devise call: * pepper: setup a pepper to generate de encrypted password. By default no pepper is used: devise :all, :pepper => 'my_pepper' * stretches: configure how many times you want the password is reencrypted. devise :all, :stretches => 20 -* confirm_in: the time the user can access the site before being blocked because his account was not confirmed +* confirm_within: the time the user can access the site before being blocked because his account was not confirmed - devise :all, :confirm_in => 1.week + devise :all, :confirm_within => 1.week * remember_for: the time to store the remember me cookie in the user devise :all, :remember_for => 2.weeks +All those values can also be set in a global way by setting them in Devise: + + Devise.confirm_within = 1.week + +== Routes + The next step after setting up your model is to configure your routes for devise. You do this by opening up your config/routes.rb and adding: map.devise_for :users This is going to look inside you User model and create the needed routes: - # Session routes for Authenticable (default) + # Session routes for Authenticatable (default) new_user_session GET /users/sign_in {:controller=>"sessions", :action=>"new"} user_session POST /users/sign_in {:controller=>"sessions", :action=>"create"} destroy_user_session GET /users/sign_out {:controller=>"sessions", :action=>"destroy"} # Password routes for Recoverable, if User model has :recoverable configured @@ -154,12 +156,14 @@ * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :password and :confirmation. map.devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' } -And that is it! Devise is gonna create some helpers to use inside your controllers and views. To setup a controller that needs user authentication, just add this before_filter: +== Controller filters +Devise is gonna create some helpers to use inside your controllers and views. To setup a controller that needs user authentication, just add this before_filter: + before_filter :authenticate_user! To verify if a user is signed in, you have the following helper: user_signed_in? @@ -179,14 +183,16 @@ You also need to setup default url options for the mailer, if you are using confirmable or recoverable. Here's is the configuration for development: Notifier.sender = "no-reply@yourapp.com" ActionMailer::Base.default_url_options = { :host => 'localhost:3000' } +== Tidying up + Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with the same authentication stuff, but not confirmation or password recovery. Just follow the same steps: # Create a migration with the required fields create_table :admins do |t| - t.authenticable + t.authenticatable end # Inside your Admin model devise :validatable