How do I set encryption settings per Devise Class? - devise

Hi StackOverflow community, I'm trying to solve an issue whereby I am wrapping Devise around a legacy model in a Ruby on Rails 3.2 application.
In this app, I actually have 2 pre-existing devise models: Representative and Admin. These two classes use all standard devise configuration and use default password encryption. I need to wrap Devise around a third model, Dealer, which already has a pre-existing, custom SHA1 password encryption implementation. I'd like to leave this encryption implementation in place while I work on adding Devise to this model and not force me to reset several hundred users passwords. Is it possible to set the password encryptor to SHA1 for just this one model, leaving the other two aforementioned classes alone?
I'm still combing the documentation looking for a way to pass options to the devise-encryptable plugin, but so far have yet to find what I'm looking for. Hopefully the community can help me with my search.

I ended up figuring it out.
1) Added gem 'devise-encryptable' to Gemfile
2) Added :encryptor => :legacy_sha1 options hash to model.
class DeviseModel < ActiveRecord::Base
devise :encryptable, :encryptor => :legacy_sha1
end
3) Added a custom Encryptor class to lib/devise/encryptable/encryptors/legacy_sha1.rb
module Devise
module Encryptable
module Encryptors
class LegacySha1 < Base
def self.digest(password, stretches, salt, pepper)
string = #secret routine!
Digest::SHA1.hexdigest(string)
end
end
end
end
end
Works perfectly.

Related

Accessing Custom Parameters when using Devise and Rails 4

I am learning rails using the teamtreehouse tutorial. The tutorial uses 3.1 but I am trying to learn 4.0, and as a result I have run into a difficulty presumably because rails 4 forces of the use of strong parameters. I have two models, a users model and a statuses model. I have used devise to create authentication for users, and have included new parameters. They are :first_name, :last_name, and :profile_name. I have created a relationship between users and statuses.
Currently the user sign-up with the new parameters is working; i can access them using for instance current_user.last_name. However, I want to show the profile_name of the user that created the post on the statuses index view(each user does not yet have a separate page). I want to do this using
status.user.profile_name
However it just shows up blank. If I do
status.user.email(which is a preconfigured devise parameter), it shows up no problem. I am guessing I have to whitelist these parameters in some controller but I don't know where or how.
Thanks
I think, here you will find your answer: https://github.com/plataformatec/devise/tree/rails4#strong-parameters
Based on above link, I think you should insert something like this in your ApplicationController:
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:user) { |u| u.permit(:profile_name) }
end
end
And I already suggested in a previous question...
Strong parameters with Rails and Devise
...that you can create your own controller which could extend devise own controller. There is a gist for that:
https://gist.github.com/bluemont/e304e65e7e15d77d3cb9
A little bit more details in Devise doc: https://github.com/plataformatec/devise/tree/rails4#configuring-controllers

Client-side authentication with emberjs and device in Rails4

Working with user resources is an essential part of every application an so there it's a task which should be automated as much as possible.
As for Ember I found a tutorial https://github.com/heartsentwined/ember-auth-rails-demo/wiki
which describes how it can communicate with devise-based authentication system. And, wow, it's a hell of a boilerplate:)
Have something changed with new devise for Rails4 or things are the same?
ember-auth dev here.
Edit / Update for googlers: I have now built a rails 4 app, with devise, ember, and ember-auth. Apart from the following two gotchas, everything is working fine.
devise >= 3.1 removed the tokenAuthenticatable module. So I'd declare in my Gemfile:
gem 'devise', '>= 3.0', '< 3.1'
ember-data is drifting away from ActiveModelSerializers, towards json-api. Problem is, json-api itself isn't even stable. The quick and easy fix is to replace DS.RESTAdapter with DS.ActiveModelAdapter, which follows the ActiveModelSerializers conventions. It should "just work".
So, yeah, ember-auth does support rails4, because there is nothing BC-breaking with it per se.
(Previous answer:)
I have no experience with rails 4, but ember-auth itself doesn't rely on rails 3, or in fact rails / devise in particular. The only expectation is a set of API that your server exposes.[1] The docs describe the expectation from the server API.
As for using rails as a backend, ember-data explicitly declares support (and adherence to) active_model_seriailzers, which provides convenience methods for churning out json responses from rails models. However, since authentication actions do not conform to the "standard" RESTful model responses, the ember-auth-rails-demo tutorial itself hand-crafts the expected responses. Example:
def create
# ...
data = {
user_id: resource.id,
auth_token: resource.authentication_token,
}
if params[:remember]
resource.remember_me!
data[:remember_token] = remember_token(resource)
end
render json: data, status: 201
end
So, for rails 4 compatibility, I would investigate more on devise compatibility, any ActiveRecord changes, and in general other gem compatibilities as needed. As for ember-auth, it will still be handcrafting the expected responses, as outlined in the docs.
[1]: Even this expectation would be customizable, by writing customized adapters. Advanced usage, but I can elaborate more on this if needed.

Rails 3 + Devise with different model name

I'm sharing one database for two web applications. The User model is already being used for one of these apps, so, in order to sign in to the other one, I had to create another model to avoid mixing users info.
I could make Devise work for this new model, called SystemUser. The problem is now I'll have to use every variable with another name. For example: current_system_user, system_user_signed_in?, etc. I'm using these variables, with their original name, across the whole application, and I would like to know if there's a way to avoid overwriting it. For example: by creating a method called current_user that returns current_system_user, and that way with the other variables mentioned before.
I think this should do the trick:
devise_for :users, class_name: 'SystemUser'
have you considered using CanCan for roles?
https://github.com/ryanb/cancan
I could finally solve the issue by generating the Devise views again. I don't know why, but the devise/sessions folder was missing, and it was doing it with another view, and when I started using it, it worked.
Thanks anyway.

Devise, Omniauth and multiple models with STI

I have an application setup with devise authentication using sti (base user model and two other models - company and individual - inheriting from it). From a devise perspective, everything is working. I can have different routes for signup forms and everything works as expected. Now I wanted to give both users (company and individual) the option to signup/sign in using facebook or linked in. If I set the :omniauthable on both models, and set the devise_for on my routes.rb for each model, I get an error saying that only one model can be omniauthable. If I don't use the devise_for for each model, no routes are generated. If I set the omniauthable on user model only, I get only one route and one callback.
I've read somewhere that the solution would be to use omniauth on its own (separated from devise). However, I can't seem to achieve the intended behavior using omniauth separate from devise (I can get one single authorize/callback route, but the two, as intended).
Anyone out there who can help ?
TIA
Devise's Omniauthable module does support multiple models. See
https://github.com/plataformatec/devise/wiki/OmniAuth-with-multiple-models

How to create user specific content, that is invisible to others?

I am absolutely new to Ruby on Rails, even to programming at all. I got started with Michael Hartl's Rails Tutorial using Rails 3.0.10. Now I alter its aim towards creating an application that allows users to manage their own "projects". These projects are to be exclusively available to the logged-in user, thus, invisible to others.
My problem is: I am unable to create a page with an URL like "~/users/1/projects", I don't know about the routing. All i get done is "~/projects", which is fairly not what i want at all. So, how do I get this problem fixed? Or am I totally off track with that idea?
I generated a Projects model by scaffolding. So, how can I implement it for the signed-in users?
this would be done by creating a nested resource. when you are new to rails and programming you should work yourself a way through a lot of tutorials and guides.
a good place to get an overview are the official rails guides. in this specific case the chapter about routing: http://guides.rubyonrails.org/routing.html#nested-resources
# config/routes.rb
resources :users do
resources :projects
end