I ran across this code in the Split gem's instructions.
To restrict access to the dashboard route, they recommended:
match "/split" => Split::Dashboard, :anchor => false, :constraints => lambda { |request|
request.env['warden'].authenticated? # are we authenticated?
request.env['warden'].authenticate! # authenticate if not already
request.env['warden'].user.admin?
}
I know that the :constraint key makes it such that if the lambda returns false, then the route is unavailable (at least, that's what I think).
But what is the point of the first line? And the second? I don't understand why calling an authenticated? method would do anything. And what does authenticate! do?
Related
According to the docs:
redirect_back(fallback_location:, allow_other_host: true, **args)
:fallback_location- The default fallback location that will be used on missing Referer header.
:allow_other_host - Allow or disallow redirection to the host that is different to the current host, defaults to true.
All other options that can be passed to redirect_to are accepted as options and the behavior is identical.
And redirect_to allows me to add params to the url just by passing them as a hash
So, why do none of these work for me:
redirect_back fallback_location: tasks_path, allow_other_host: false, syncing: true
redirect_back fallback_location: tasks_path, allow_other_host: false, { syncing: true }
redirect_back fallback_location: tasks_path, allow_other_host: false, options: { syncing: true }
redirect_back(fallback_location: tasks_path, allow_other_host: false, options: { syncing: true })
redirect_back(fallback_location: tasks_path, allow_other_host: false, syncing: true)
...and any other iteration on the above that I could think of.
All of them (that are valid code), just return me back without the added parameter
I'm trying to achieve this URL:
(back_url or fallback_location) + '?syncing=true'
If you look at the source code for redirect_back you will see, that it essentially uses redirect_to "whatever_url.com" version of redirect_to method.
If you check the explanation of redirect_to you can see that in this use case you unfortunately cannot pass any arguments. If this is super needed, I guess you could just override the redirect_back method to append params option to the url with string concatenation, but that seems like a nasty fix.
But to answer your question - what you want to achieve seems to be impossible out of the box.
While I get what #Kkulikovskis is saying, I would argue that the docs are confusing as they suggest I can pass additional *args and have them respond as they would to redirect_to.
So, I wrote a helper method:
def redirect_back_for_sync
if request.env['HTTP_REFERER'].present? &&
request.env['HTTP_REFERER'] != request.env['REQUEST_URI']
redirect_to request.env['HTTP_REFERER'] + '?syncing=true'
else
redirect_to properties_path(syncing: true)
end
end
Now I can call redirect_back_for_sync in my controller instead of using redirect_back at all.
I bumped into this same issue just now. While not being able to find a direct solution, what I did was create a session and store the parameters in the session. After being redirected, my controller can grab the parameters from the session then delete it.
Not really a "Rails way", but get what I needed.
Hope that helps.
You also just can add value to flash object e.g. flash[:my_value] = '123', and then access it in the next request
I hope someone could explain why I'm unauthenticated when already has performed a successfull Oauth 2 authentication process.
I've set up the Passport package like in Laravel's documentation and I successfully get authenticated, receives a token value and so on. But, when I try to do a get request on, let say, /api/user, I get a Unauthenticated error as a response. I use the token value as a header with key name Authorization, just as described in the docs.
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware("auth:api");
This function is suppose to give back my self as the authenticated user, but I'm only getting Unauthenticated. Likewise, if I just return the first user, I'm again getting Unauthenticated.
Route::get('/test', function(Request $request) {
return App\User::whereId(1)->first();
})->middleware("auth:api");
In a tutorial from Laracast, guiding through the setup of Passport, the guider doesn't have the ->middleware("auth:api") in his routes. But if its not there, well then there's no need for authentication at all!
Please, any suggestions or answers are more then welcome!
You have to set an expiration date for the tokens you are generating,
set the boot method in your AuthServiceProvider to something like the code below and try generating a new token. Passports default expiration returns a negative number
public function boot()
{
$this->registerPolicies();
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addDays(15));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}
Check your user model and the database table, if you have modified the primary id field name to say something other than "id" or even "user_id" you MIGHT run into issues. I debugged an issue regarding modifying the primary id field in my user model and database table to say "acct_id" instead of keeping it as just "id" and the result was "Unauthenticated" When I tried to get the user object via GET /user through the auth:api middleware. Keep in mind I had tried every other fix under the sun until I decided to debug it myself.
ALSO Be sure to UPDATE your passport. As it has had some changes made to it in recent weeks.
I'll link my reference below, it's VERY detailed and well defined as to what I did and how I got to the solution.
Enjoy!
https://github.com/laravel/passport/issues/151
I had this error because of that I deleted passport mysql tables(php artisan migrate:fresh), php artisan passport:install helps me. Remember that after removing tables, you need to re-install passport!
I had exactly the same error because I forgot to put http before the project name.
use Illuminate\Http\Request;
Route::get('/', function () {
$query = http_build_query([
'client_id' => 3,
'redirect_uri' => 'http://consumer.dev/callback',
'response_type' => 'code',
'scope' => '',
]);
// The redirect URL should start with http://
return redirect('passport.dev/oauth/authorize?'.$query);
});
Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://passport.dev/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 3,
'client_secret' => 'M8y4u77AFmHyYp4clJrYTWdkbua1ftPEUbciW8aq',
'redirect_uri' => 'http://consumer.dev/callback',
'code' => $request->code,
],
]);
return json_decode((string) $response->getBody(), true);
});
The "Using Oauth 2.0 for Login" doc lists the 'hosted domain' parameter as a valid authentication parameter, but using the Google API Client for Ruby linked at the bottom I don't see how to pass it along with my request. Anyone have an example?
OK, wasn't perfect, but I just passed it to the authorization_uri attribute on the authorization object like so
client = Google::APIClient.new
client.authorization.authorization_uri(:hd => 'my_domain')
I still had trouble updating the Addressable::URI object to save the change (kept getting a "comparison of Array with Array failed" error), but this was good enough for me to use.
I couldn't get it to work using the Google::APIClient but managed to get it working using the OAuth2::Client like this
SCOPES = [
'https://www.googleapis.com/auth/userinfo.email'
].join(' ')
client ||= OAuth2::Client.new(G_API_CLIENT, G_API_SECRET, {
:site => 'https://accounts.google.com',
:authorize_url => "/o/oauth2/auth",
:token_url => "/o/oauth2/token"
})
...
redirect client.auth_code.authorize_url(:redirect_uri => redirect_uri,:scope => SCOPES,:hd => 'yourdomain.com')
I am using action caching on my Rails 3 app on Heroku with the :expires_in option. I've tried calling expire_action, directly in the controller upon update, and within a sweeper. Nothing seems to expire the cache entry properly.
In my controller:
caches_action :embed, :if => Proc.new { |c| c.request.format.js? || c.request.format.rss? }, :expires_in => 5.minutes
In my action:
expire_action :action => :embed, :format => :js
And I've also attempted it in a sweeper, attempting to use the url generator to get the exact key:
expire_action obj_embed_url(#obj.unique_token)
I wonder if it is Heroku using the Varnish cache layer, which you can't expire. (The cache clearly expires after the 5 minutes, because I can see the content update.) It appears that I have the memcached add-on configured correctly (using the Dalli gem; config.cache_store = :dalli_store), and I can see the appropriate environment variables...
$ heroku config |grep MEM
MEMCACHE_PASSWORD => xxxxxxxxxxxxxxxxx
MEMCACHE_SERVERS => xxx.xxx.northscale.net
MEMCACHE_USERNAME => appxxxxxx%40heroku.com
What am I missing here?
finally figured this out.
Heroku's paths must not be matching up with the expire create/expire calls. so if you specify the path in the cache creation, and call that path specifically in the expire, it will work. also i had to use "expire_fragment" instead of "expire_action". here's my code:
in your controller:
caches_action :load, :up, :juice, :fresh, :cache_path => :custom_cache_path.to_proc
def custom_cache_path
path = "#{params[:controller]}/#{params[:action]}"
path += "/#{params[:id]}" if params[:id]
path += "/#{params[:sha]}" if params[:sha]
path
end
in the expiring method:
expire_fragment "serve/up/#{#site.id}"
expire_fragment "serve/fresh/#{#site.secret}"
This is something that has been driving me mad over the past few days. I have an action which allows authenticated users to upload assets to the site. I know that the controller action is correct as I can run through the process manually however I want to test it using rspec.
I have to use the request helper so I can reuse an authenticated session which is a :given for this set of tests.
it "should allow authenticated file uploads" do
file = File.open(a_valid_file)
mock_file = mock("file")
mock_file.stub!(:path).and_return(file.path)
request( resource(:assets), :method => "POST",
:params => { :file =>
{:tempfile => mock_file, :filename => File.basename(file.path)} }
)
end
If I breakpoint inside the spec it all works nicely, however when I run the spec and try to access the path in the controller action through the debugger I get this:
e file[:tempfile].path
NoMethodError Exception: undefined method `path' for "#[Spec::Mocks::Mock:0x3fda2a4736c0 #name=\"file\"]":String
My guess is that the stub!(:path) is not being set for whatever mock object is making it through the request.
The question is: Am I going about the right way for testing file uploads and if not what is another way?
I was doing it wrong. By using request it was calling to_s on all paramaters, so my mock object was being passed as "#[Spec::Mocks::Mock:0x3fda2a4736c0 #name=\"file\"]". That will teach me to pay more attention to exception output.
Instead I should use multipart_post and stub out the authentication calls in a block.
it "should allow authenticated file uploads" do
file = File.open(a_valid_file)
multipart_post( resource(:assets), :method => "POST",
:params => { :file => file } ) do |controller|
controller.stub!(:ensure_authenticated).and_return(true)
controller.session.stub!(:user).and_return(User.first)
)
end