I'm having a problem using a sub url, when I try to access through authentication page, it generates an authentication cookie, but i keep on login screen and if i try access some page it says that i must got logged.
If you mean sub-domain, you have to change, your config/initializer/session_store.rb
And add your subdomain, with a dot before like that :
Rails.application.config.session_store :cookie_store, :key => '_key', :domain => ".yourdomain.com"
Related
I have a cookie which can exist on either of these domains - www.xyz.com or .xyz.com. I am having trouble deleting the cookie through code. Since it can exist on either of domains I was assuming doing the following should be sufficient:
...
cookies.delete cookie #delete cookie if it exists on current domain(www.xyz.com)
cookies.delete cookie, :domain => :all #delete cookie if it exists on root (.xyz.com)
...
But cookies.delete cookie, :domain => :all seems to be rendering the first call useless as if the cookie is set on www.xyz.com then it doesn't get deleted.
Any ideas on how to delete a cookie that might exist on two different domains?
Well, Rails doesn't allow to delete cookie with the same name twice during one request, although they have been set for different domains.
Assuming you are trying to logout, double redirect is the best what I came up with:
def logout
cookie.delete(:user_id)
redirect_to logout_all_path
end
def logout_all
cookie.delete(:user_id, domain: :all)
end
Don't know whether Rails 6 solved this problem, so PR wouldn't hurt.
When deleting cookie cookie.delete(:user_id) is the same as an explicit form cookie.delete(:user_id, domain: nil).
It is not obligatory to specify domain in your code.
I believe you need to be explicit on which domain you're deleting cookies
cookies.delete cookie, :domain => "xyz.com"
From Rails docs, looks like you can set with domain: :all but not delete
I have a weird problem when I try to use door_keeper gem with rails app. The problem occurs when I use Oauth2 gem to get the token. But at the part I have url :
http://0.0.0.0:3000/oauth/authorize?response_type=code&client_id=199f27a02764f1ef1d31c2860b83ef93c0cc3dc26886d2b3d76b8ef1e935f3ae&redirect_uri=http%3A%2F%2F0.0.0.0%3A3000%2Fcallback
it doesn't redirect to the page we authorize and get token but it redirects directly to http://0.0.0.0:3000
what's the problem I have here, it should redirect to application authorize page first, shouldn't it ?
The authorization page requires some user to be logged in. You set up that in the resource_owner_authenticator block and it should look something like this:
resource_owner_authenticator do |routes|
# Put your resource owner authentication logic here.
# If you want to use named routes from your app you need
# to call them on routes object eg.
# routes.new_user_session_path
User.find(session[:user_id]) || routes.new_user_session_path
end
In this case, if the user is not in the session when it tries to access /oauth/authorize, it gets redirected back to new_user_session_path.
Only when the user was found from the session, you'll be able to see the authorization page.
I want to login using twiter app for that i used gem 'omniauth-twitter' now please tell me whats app url in twitter when i want to use localhost:3000 i gave http://0.0.0.0:3000 as url
and in call back url my index page
like
localhost:3000/index
my app not able to redirect to twiiter page on click on this link
http://localhost:3000/auth/twitter
please some body help me .....
For the callback URL use http://127.0.0.1:3000 as base and specify the route to the controller that deals with omniauth information.
Example: http://127.0.0.1:3000/auth/twitter/callback
I'm also using twitter-omniauth for signing people up with twitter... these are the routes I'm using in routes.rb, relating to twitter-omniaouth:
match '/auth/twitter/callback' => 'sessions#create'
match '/signin' => 'sessions#new', :as => :signin
match '/signout' => 'sessions#destroy', :as => :signout
match '/auth/failure' => 'sessions#failure'
Hope it helps?
This is the tutorial I followed. Scroll down to the Google open-id integration:
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
On the server I get the following rejection message after clicking the login with google link:
WARNING: making https request to https://www.google.com/accounts/o8/id without verifying server certificate; no CA path was specified.
processing by users omniauthcallbackscontroller failure as html
EDIT the following two lines fixed the CA path Warning but did nothing to fix the failure as html problem or move me forward
require "openid/fetchers"
OpenID.fetcher.ca_file = "/etc/ssl/certs/ca-certificates.crt"
It then re-routes me to users/sign_in.
My devise config line looks like this:
config.omniauth :open_id, :store => OpenID::Store::Filesystem.new('/tmp'), :name => 'google', :identifier => 'https://www.google.com/acounts/o8/id', :require => 'omniauth-openid'
My research tells me that I'm probably hitting the openID servers but that I'm getting rejected. Is there anyway to get more info from some sort of rejection notice? What could be wrong with my request?
One thing I thought of was credentials for open ID but I didn't see anywhere in the tutorial where I was supposed to get or enter any credentials.
Try to specify the ca_path:
config.omniauth :open_id, :store => OpenID::Store::Filesystem.new('/tmp'),
:name => 'google',
:identifier => 'https://www.google.com/acounts/o8/id',
:require => 'omniauth-openid',
:client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}
And see if it works.
I've followed the ascii cast up at http://asciicasts.com/episodes/221-subdomains-in-rails-3
I've set the :domain option to :all in session store:
Rails.application.config.session_store :cookie_store, :key => '_bloggit_session', :domain => :all
Now my users cannot logout.
Any ideas why? I've tried deleting all cookies and then trying again, etc.
I can login, and my session is carried across subdomains, but I can't logout.
I am using rails 3, and authlogic for authentication.
Thanks for any help!
Specify the Domain.
I had the exact same issue and the culprit was using :domain => :all.
You'd think that would be all you need but it seems to cause some problems so I had to manually specify the domain with a preceding dot (.), like so:
:domain => '.lvh.me'
This fixed the issue in development. You can use different ways to set this in your various environments but I landed on something like this:
Rails.application.config.session_store :cookie_store,
:key => '_bloggit_session',
:domain => { production: '.bloggit.com',
staging: '.bloggitstaging.com',
development: '.lvh.me' }.fetch(Rails.env.to_sym)