I have configured basic authentication (in controller)
above everything in controller file:
before_filter :check_logged_in, :only => [:edit, :update, :destroy]
On the bottom of the file:
private
def check_logged_in
authenticate_or_request_with_http_basic("Ads") do |username, password|
username == "admin" && password == "apple"
end
end
It works like a charm, but there is one thing I don;t understand - when I provide username and password it stays logged in for a long period of time and when I click on 'delete' or 'update' for specific entries I'm not getting prompted again. I thought something went wrong, but when I opened another browser - it prompted me again, but only once, I didn;t have to authenticate for the rest.
Then I thought it was a cookie issue, but nothing changed even though I deleted all the cookies in Chrome. So I got a couple of questions:
Is there any way to say for how long I'm going to be authenticated?
Is there any way to be prompted for authentication everytime I click on the resource mentioned here - :check_logged_in, :only => [:edit, :update, :destroy] ?
HTTP basic authentication doesn´t use cookies. The login information is sent with every HTTP request to the specified web server. You are logged in until you close your web browser or delete all active logins.
Related
When a user logins into my page it redirects them to the sign-in page without error. It actually logs them in but for some reason it won't redirect to the user's show page.
I have this, which as worked in other cases, in my application controller:
def after_sign_in_path_for(user)
user_url(user)
end
here is the link to my repo https://github.com/samwat2/Ships-Project
I'm new to rails and I'm not quiet sure this isn't working! When it has before...
From looking at your repo, you added the two custom fields :first_name and :last_name to the registration form, and you validate the presence of those attributes. If you have added these validations after creating some users, and try to login with a user that misses some of these fields, devise will encounter a validation error when saving the user and redirect back to the login form, even though the authentication itself was successful.
Try making the users valid by filling the missing attributes, and the login should behave again as intended.
I had to secure the login view (with the simple email/password form).
I'm using devise. The thing is the sign in error messages get lost somewhere (probably redirections from http to https I guess).
I tried to do the following on my application controller:
after_filter :set_devise_flash_messages, :if => :devise_controller?
def set_devise_flash_messages
if resource.errors.any?
flash[:error] = flash[:error].to_a.concat resource.errors.full_messages
flash[:error].uniq!
end
end
private :set_devise_flash_messages
but it's not working either.
Any ideas?
Thanks!!!
So, I was missing something.
I had secured the 'new' action for the devise/sessions controllers, but I wasn't securing the 'create' action. So that was causing the loss of flash messages (in between the re directions of that action's protocol).
Cheers!
I have a Rails 3.2 app with Devise for authenticating users.
On local development mode, the Sign-out link is not working. It redirects me to home page instead of showing Sign-in page and the session is not destroyed. But on Heroku, clicking on Sign-out link properly logs me out and shows me the Sign-in page destroying the user session.
In application .haml layout page, the link to Sign-out page is:
= link_to "Sign Out", destroy_user_session_path, :method => :delete
Related routes:
devise_for :users, :controllers => { :sessions => 'sessions' }
new_user_session GET /users/sign_in(.:format) sessions#new
user_session POST /users/sign_in(.:format) sessions#create
destroy_user_session DELETE /users/sign_out(.:format) sessions#destroy
I have inherited the Devise::SessionsController to SessionsController in my app as below:
class SessionsController < Devise::SessionsController
layout 'devise_layout'
end
Now the weird case is that, after the session is expired which is default 30 minutes, I log in again and click on Sign-out link, it redirects me back to Sign-in page.
All works fine on Heroku, it fails on local. I am unable to figure it out what is happening on local.
I don't think I am doing anything wrong here because same is deployed to Heroku and is working fine there. What's wrong with development mode on local?
Oops...answering late.
Anyway, I was able to figure out the issue. Actually the app is subdomain based. So I used lvh.me:3000 for testing on local as localhost:3000 doesnt support subdomain.
The workaround is to set subdomain as "lvh.me" in session_store.rb.
domain: 'lvh.me'
I have a misterious problem with my first omniauth experiment. I can log in with my username and password, and I can log out properly. I can repeat it many times, but after I give wrong password once I can never log in again even if I try different user. I get "message"=>"invalid_credentials". Everything is fine again if I restart my application (until I mistype my password).
Before the first failure it connects with the given :bind_dn parameter (see below), as expected:
[14/Jun/2011:17:01:33 +0200] conn=7796 op=0 msgId=1 - BIND dn="cn=nss,o=People,o=IAN,o=AD,o=Secret" method=128 version=3
After the first failure it connects with a BIND dn fabricated from my username:
[14/Jun/2011:16:45:33 +0200] conn=7780 op=22 msgId=23 - BIND dn="edarabos" method=128 version=3, Invalid DN
I followed Railscast #241 http://railscasts.com/episodes/241-simple-omniauth with the following configuration (config/initializers/omniauth.rb):
Rails.application.config.middleware.use OmniAuth::Strategies::LDAP\
, :host => '127.0.0.1'\
, :method => :plain\
, :port => 389\
, :base => 'o=IAN,o=AD,o=Secret'\
, :uid => 'uid'\
, :bind_dn => 'cn=nss,o=People,o=IAN,o=AD,o=Secret'\
, :password => 'TOPSECRET'
Did I make a mistake? Is it a bug? Thanks in advance!
--
I'm using JRuby 1.5.1, Ruby 1.8.7, Rails 3.0.7, omniauth 0.2.6.
UPDATE
If I redo the configuration (....use OmniAuth::Strategies::LDAP ...) after each failure then I can use it to log in successfully. I believed for a second that I am done and then came the new problem. After successful login and logout I cannot log in with different user even if I redo the configuration after successful authentication.
The bind_dn given at the options is a service account. Omniauth binds to the LDAP server with that account and searches with the given credentials (let's say 'user1'), it finds the result and binds with the uid of the search result.
At the next login attempt (with user2) the LDAP search is executed without rebinding according to the configuration. This is a braindead thing to do. User1 is not a service account, so the search does not find any results. Then it tries to rebind using the username of the credentials as bind_dn and fails. This is another braindead thing to do because it is configured exactly otherwise!
I skipped omniauth, I use 'net/ldap' directly. Pros and cons accepted :-)
Devise 1.2 ruby on rails
I'm having difficulty testing sign up. When the user clicks sign up, they're logged in and i should see a flash message. This works but my test fails. Not sure why. How does sign up work? is there some sort of internal redirect that happens? This step fails:
Then I should see "You have registered successfully. If enabled, a confirmation was sent your e-mail."
Confirmation is not enabled in my user model.
Tehcnically, you shouldn't feel the need to unit test the devise mechanism--the gem itself is well-tested. I can understand wanting to make sure it is behaving the way you configured it though, so:
Devise definitely redirects after a successful authentication. It will set the flash message and then redirect either to what you set as the root in your routes file, or if you attempted to access a page within the site and got redirected to the login page, it will redirect you back to the page you were trying to access.
For your test, try testing that you get redirected to what you set as root in your routes.rb fil. I.e. in the devise instructions, it says to set it like
root :to => "home#index"
So, in your test try something like this:
require 'spec_helper'
describe YourController do
include Devise::TestHelpers
before (:each) do
#user = Factory.create(:user)
sign_in #user
end
describe "GET 'index'" do
it "should be successful" do
get 'index'
response.should be_success
end
it "should redirect to root" do
get 'index'
response.should redirect_to(root_url)
end
end
You can add your flash message test to this as well. Hope this helps!