I am using activeadmin gem which is going fine, now i want to add its authentication to some external pages or as MVC you say to some action. don't mix it with the actions which can be added from admin/users.rd files. these are those action that reside out side of activeadmin.
To use a Devise (which Active Admin uses for authentication) for a page in the same app but not an actual Active Admin page I did the following:
in my routes.rb I added a new route:
devise_scope :admin_user do
resources :products
end
then in my products_controller.rb i added a before_filter to restrict access:
class ProductsController < ApplicationController
before_filter :authenticate_admin_user!
Hope that helps!
Related
I've integrated dotPay to my Spree site for payments. The user after choosing this option is redirected from my site to dotPay's. He pays what is needed there and then he can click a button which will return him to my site. And here lays the problem. When he returns he is no longer logged in and I need him to be.
A bit strange thing (to me maybe) he is being redirected via POST request - can't change that. With that I also get a warning Can't verify CSRF token authenticity not sure if that might have anything to do with it.
Any suggestion are very much welcome.
P.S. I'm using Spree 1-3-stable, Rails 3.2.13, Devise 2.2.3, Ruby 1.9.3
For specific actions, you can disable CSRF checking by adding a line like this to the controller:
protect_from_forgery :except => [:callback_from_dotpay]
conversely, you can specify which actions to protect, like this:
protect_from_forgery :only => [:create, :update, :delete]
Alternatively, to turn it off completely for an entire controller, you can do this (Rails 2, 3):
skip_before_filter :verify_authenticity_token
If you decide to jump on the bleeding edge, Rails 4 wants you to do it this way:
skip_before_action :verify_authenticity_token
Well, in the end I've ended up with removing the CSRF verification. I'm not 100% sure, but I can't send my authenticity_token to dotPay (well, I can, but they won't return it). However, they are generating a md5, which I can check and also I'm checking the IP address where it's coming from.
I have an application with Devise (2.2.3) and Active Admin (0.5.1) I installed Devise first, and then Active Admin afterwards. The entire app needs to sit behind a login, so in my application controller I have the following:
before_filter :authenticate_user!
However, since installing Active Admin to the root namespace (config.default_namespace = false, in initializers/active_admin.rb), my application now won't let anyone login. It creates a redirect loop to the path /users/login.
I've tried alleviating this by adding a skip_before_filter in my config/application.rb file, but this hasn't worked
config.to_prepare do
Devise::SessionsController.skip_before_filter :authenticate_user!
UsersController.skip_before_filter :authenticate_user!
end
and I also added the following to app/admin/user.rb
controller do
skip_before_filter :authenticate_user!
end
which also did nothing. Finally, I tried explicitly excluding the two controllers in my application_controller.rb, but this also did nothing.
before_filter :authenticate_user!, except: {controller: [:users, 'devise/sessions']}
How do I get around this rather annoying problem?
Solved the issue by changing my routes around. The ActiveAdmin routes need to come after the Devise routes, like so:
devise_for :users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
Believe this occurred because I installed ActiveAdmin after I'd installed and configured Devise.
I have got two methods in application_controller.rb
def force_ssl
if !request.ssl?
redirect_to :protocol => 'https'
end
end
def no_ssl
if request.ssl?
redirect_to :protocol => "http"
end
end
also I have done before_filter :no_ssl in application.rb
Now I am trying to call force_ssl method in sessions controller of devise to secure login through SSL
In sessions_controller.rb file I have done skip_before_filter :no_ssl and before_filter :force_ssl
I am not able to login when I use this, however if I do not do before_filter :no_ssl in application_controller.rb it works fine.
Since I have got lot of controller I was trying to put before_filter :no_ssl in application.rb so that I do not have to call before_filter :no_ssl in all the controllers as it will not be DRY.
I have tried almost all the available resources and dont know why this is not working.
P.S :- This is working for my other controllers except for the devise controller
Any suggestions??
Thanks,
You can use Bartt-SSL_Requirement, it works well in Rails 3.1, that way you don't need the before_filter and skip_before_filter. In BarttSSLRequirement you can use the "ssl_exceptions" for your before_filter needs.
SSL sometimes gives problems in Development, push it to staging and it should work.
I had an existing User model before I installed Devise so I followed the instructions here.
I even generated the devise views. But when I am at my localhost and type in localhost:3000/users/sign_in or any of the other routes available to me via devise, it doesn't work.
Also, my existing RESTful routes for users that I got from using
resources :users
are no longer available unless I have both:
devise_for :users
resources :users
but I thought I was supposed to delete the resources :users when I had the devise_for :users line in my routes file.
What is going on? Does anyone have any idea?
EDIT
The issue is when I go to users/password, it tells me that there is no user with ID=password, but this route is available to me.
I also have issues with the users/sign_in and users/sign_out. It redirects back to my root path for some reason. Sometimes it works, other times it doesn't and I am not sure why. The log looks like this:
Started GET "/users/sign_in" for 127.0.0.1 at 2011-09-16 19:05:43 -0400
Processing by Devise::SessionsController#new as HTML
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT 1
Redirected to http://localhost:3000/
What exactly doesn't work here? Are you getting anything useful in the logs or elsewhere? Also, have you setup your :users model to include the devise :recoverable, :authenticateable, ..., etc.?
You need both devise_for and resources defined in your config/routes.rb. devise_for sets up routes that will go to the devise controllers, but does not handle anything else. So you will still need normal resourceful routes for the user model to do add, update, delete, etc.
I am planning to create an app in rails but first I want to make a launch page. Having never made a launch page I am curious as to how others are doing it?
Do you creae a small rails application with controller and model that just collects email addresses? and then deploy the rails app? I'd prefer this way but it seems like an overkill to deploy a rails app just for a launch page...?
Also, how do you modify the routes file so that if users type anything after the url then only page that shows up is the laungh page.
Meaning, if my launch page is at http://mycoollaunchpage.com then if users mess around and type http://mycoollaunchpage.com/lkjlkjljk then it should redirect back to http://mycoollaunchpage.com
Your idea sounds good. Just a page with an email signup form would work well.
To redirect back to your home page, make a route glob in your routes.rb file, and have an action in your controller that just redirects back to your root.
# in routes.rb
match "*whatever", :controller => 'pages', :action => 'redirect_to_root'
# in your pages_controller.rb file
def redirect_to_root
redirect_to "/"
end
There is an awesome rails plugin available for this very requirement of yours ;)
https://github.com/vinsol/Launching-Soon/