Creating and authenticating user on post ("sign up"). Warden + Sinatra - authentication

TL;DR: How can I create a sign up feature with sinatra and warden?
I am trying to make a simple authentication system for a Sinatra app, and I found that warden is probably the best bet. I have found numerous examples on how to use it. I started working from the examples by sklise.
I quickly run into the problem of signing up. See that it is possible to create a new user with something like
post '/auth/signup' do
u = User.new(:username => params[:username], :password => params[:password])
u.save
But then what? How can I authenticate / sign this brand new user in? I cannot seem to find any single reference to how a sign up feature should be built with sinatra + warden. As a matter of fact, I can't seem to find anything for warden at all. None of the examples on the Warden wiki has a sign up feature. Do anyone have a solution for this?
Thanks

Not exactly a warden aficionado, but this looks like where you want to look:
https://github.com/hassox/warden/blob/906edf86c6c31be917a921097031b89361d022e8/lib/warden/strategies/base.rb#L116
From your example I think you'd want to do something like this:
post '/auth/signup' do
u = User.new(:username => params[:username], :password => params[:password])
u.save
env['warden'].success!(u)
...

Related

How to pull a Rails 3 Twitter feed without a gem

So I am ruby/rails novice and have been looking at: https://dev.twitter.com/docs/api/1.1/get/statuses/user_timeline This is the link to the twitter docs for using the 1.1 api. I am clear that I need a twitter app which I have setup, and that I need to set global vars for the key and secret, but then what.
Should I create a controller method in my Pages_controller (the model for static pages)?
How should I code this method to grab my global vars and then create an instance var that includes my tweets?
thanks for the help
You say no gem but much easier if you just use the gem Twitter, put the config in a module if you want. It will look something like this
twitter_client = Twitter::Client.new(
:consumer_key => ENV["CONSUMER_KEY"],
:consumer_secret => ENV["CONSUMER_SECRET"],
:oauth_token => ENV["OAUTH_TOKEN"],
:oauth_token_secret => ENV["OAUTH_SECRET"],
)
In your controller you can then retrieve the tweets with something like
twitter_client.user_timeline('twitter_handle').map(&:attrs)
Any further help just ask

Hide id from url in rails

I am new to rails. I have developed an application on rails recently. The application is pretty big and it's running fine. Currently i have url like this.
http://192.168.99.220/user/13/domainUsers
I want it to be like the below one (without any id)
http://192.168.99.220/user/domainUsers
My routes are like this.
match 'user/:id/domainUsers', :to => 'domains#manageDomain_2', :as => :manageDomain2
I have tried to rewrite the url using "to_param". As my application is too big and it has lots of functionalities, i am using parameters other than the "id" to find users informations frequently, so i am not being able to use the "to_param" method. Is there any other way to hide "id" from url.
Please help
Thanks in advance.
The easiest way to do this is with a gem called friendly_id.
Here is a tutorial that explains it quite well:
http://railscasts.com/episodes/314-pretty-urls-with-friendlyid

How to set the user to current_user when creating a new model using rails_admin

I have a rails 3.0.10 project I'm building using the rails_admin gem to some basic administrative functions. For one of the models being managed in rails_admin, I'd like to be able to set the user association based on the current_user. I would think this should be a fairly common requirement, so I'm sure that I'm missing something obvious.
I did find one post that seemed to solve this, but it's not working for me. So I was hoping someone else out there might have another suggestion.
This is the conversation I was able to find: http://groups.google.com/group/rails_admin/browse_thread/thread/ce0e22aeec1f72b7
In case anyone is still interested, there is an workaround for this on Rails Admin's wike page:
https://github.com/sferik/rails_admin/wiki/How-to-set-default-values
config.model Post do
edit do
field :user_id, :hidden do
default_value do
bindings[:view]._current_user.id
end
end
end
end

rails3, params[:id] encryption

I trying to prevent url hacking, I passing an id to the url that the forms need, it works fine but if the user changes that value on the url it will send values to the wrong table.
<%= link_to '+ New Event',
{:controller =>'events', :action =>
'new', :company_id => company.id} %>
On the php world I used to encrypt that id ...how can I do this on rails3 or is there a better way ??
needless to say I sort of new to rails and I know a little bit of php
any help or suggestions will be greatly appreciated.
Even though this is an older question, it's a very worthwhile question. It is absolutely worthwhile to conceal the ID in the URL for, among other things, prevention of information disclosure.
For example, an application has a robust security model allowing users to only view resources to which they have rights. However, why should a user be able to look at the value of the ID in the URL and use it to deduce how many resources there are or, as the original questioner suggests, start trying to poke around with forced browsing.
The solution to this in rails turns out to be pretty simple. What I find works best is overriding to_param in the models, usually via a module in the lib directory and a before_filter in the application controller that decrypts the IDs.
For a walkthrough, have a look at this: http://www.youtube.com/watch?v=UW_s9ejrCsI
Rather than trying to encrypt or hide your company.id value, ask yourself what exactly it is that you want to prevent users from doing.
If you just want to prevent users from creating events associated with non-existant companies (by setting the id to a really high value for instance), then a simple
validates_presence_of :company
On the Event model would be fine.
If you only want users to be able to create events associated with companies that they work for, or have access for in some way, then you should create custom validations to verify that.
F

Cannot get devise_oauth2_canvas_facebook to work

I'm getting a "TypeError in Devise::FacebookConsumersController#callback: can't convert Hash into Integer" when I try to authenticate using Devise and devise_oauth2_canvas_facebook gem with the new Facebook API. Any ideas what can be the problem?
It look like mooktakim the creator of the devise_oauth2_canvas_facebook gem is not updating it anymore.
Here is his message on a pull request to that effect:
https://github.com/mooktakim/devise_oauth2_facebook/pull/9
He says that he is moving to Omnisocial
https://github.com/icelab/omnisocial#readme
This uses Omniauth which allows you to use logins from many different sources.
It might be better for you to move to Omniauth.