When you generate an application with the default merb stack, merb-auth is already setup for normal usage.
If you don't want to use this, simply comment out the dependency on merb-auth in config/dependencies.rb
First step is to generate your application.
$ merb-gen app hello_world $ cd hello_world
This generates an application stub, with authentication already configured. The basic elements are
app/models/user.rb merb/merb-auth/setup.rb merb/merb-auth/strategies.rb
The setup for user authentication is taken care of by default using a password and login. Of course we need to setup the database and add a user first.
$ rake db:automigrate $ merb -i >> u = User.new(:login => "login_name") >> u.password = u.password_confirmation = "sekrit" >> u.save
Now we have an application, and a user, we need something to protect.
$ merb-gen controller hello_world
Let's put something into the controller.
class HelloWorld < Application def index "Hello World" end end
If you fire up merb now and head on over to http://localhost:4000/hello_world you'll see the “Hello World” results. It's not protected yet, so let's fix that. We can either protect it in the routes in config/router.rb or in the controller action. Let's do the router option first.
Open up config/router.rb
Merb::Router.prepare do authenticate do match("/hello_world").to(:controller => "hello_world") end end
This will cause the user to login. This is discovered in the router and when it fails, it stops in the router. Try to hit http://localhost:4000/hello_world now. You'll see that you need to login to access it!
Ok. Logout, http://localhost:4000/logout
Now let's remove the code from the router, and put the protection at the controller level. This will allow you finer control over resources for example.
Merb::Router.prepare do match("/hello_world").to(:controller => "hello_world") end
Let's now put it into the controller:
class HelloWorld < Application before :ensure_authenticated def index "Hello World" end end
To get access to the currently logged in user inside your controller use:
session.user
Really… For a basic Hello World authentication, that's it.
If you want more customization, you can do:
rake slices:merb-auth-slice-password:freeze:views
What that will do is copy the views from the slice to the slices folder in your application.
Then you need to move/copy them to your views. Editing the copied views in app/views should now be taken into account.