Some part of the development of my project has been done.Our
company asks me to write cucumber test cases for the developed code
and for the henceforth development as well.
The routes file have two subdomains for admin and hosts.Devise is also
being used.
Now i installed cucumber and have written the first scenario for the
first story when the non registerd user lands on the home page,enters
a valid email and gets redirected to the next page..the page has no
password field.
Scenario: Non registered user lands on beta home page.
Given: I am on the homepage
When: I enter valid email with "bahubalian...#gmail.com".
Then: I should be redirected to request invitation page.
The problem is in my routes file, I have,
constraints :subdomain => ADMIN_SUBDOMAIN do
....
root :to => admin#index
end
constraints :subdomain => HOST do
...
root :to => home#index.
end
Now how do i specify the path.rb file to look for the root_path in
that specific subdomain.
Theres no root_path written outside the subdomain constraints.
This is my first time with testing.
I am really stuck onto this.Any help is deeply appreciated.
I just got to know from somebody that this can be implemented using capybara.If so ,could you please give a little idea about it.
Turned out it was pretty simple.Capybara provides a default_host method.
So I just needed to mention,
When I visit subomain sub
And then the webstep
Given /^I visit subdomain (.*)$/ do |site_domain|
site_domain = "http://sub.example.com" if site_domain == "admin"
Capybara.default_host = site_domain
visit "/"
end
Update:
default_host is not supposed to be used as it is not mentioned in the docs.
Instead try using absolute path in visit.
Given /^I visit subdomain (.*)$/ do |site_domain|
site_domain = "http://sub.example.com" if site_domain == "admin"
visit site_domain
end
Related
We are using Doorkeeper gem to authenticate our users through an API. Everything is working fine since we've implemented it few years ago, we are using the password grant flow as in the example:
resource_owner_from_credentials do |_routes|
user = User.active.find_for_database_authentication(email: params[:username])
if user&.valid_password?(params[:password])
sign_in(user, force: true)
user
end
end
Doorkeeper is coupled with Devise, which enable reconfirmable strategy. As you can see in the code above, we are only allowing active users (a.k.a users with a confirmed email) to connect:
User.active.find_.....
Problem
Our specifications changed and now we want to return a different error on login (against /oauth/token) depending if the user has confirmed its email or not.
Right now, if login fails, Doorkeeper is returning the following JSON:
{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
Ideally, we want to be able to return a custom description if and only if the current email trying to login is unconfirmed
We've checked the documentation on Doorkeeper but it does not seems to have an easy way (if any at all) to do this. The fact that resource_owner_from_credentials method is located in the config adds too much magic and not enough flexibility.
Any ideas ?
Ok so after digging a little bit, we found an easy way to work around this issue by overriding Doorkeeper::TokensController.
# frozen_string_literal: true
class TokensController < Doorkeeper::TokensController
before_action :check_if_account_is_pending, only: :create
private
def check_if_account_is_pending
user = User.find_by(email: params['username'])
render json: unconfirmed_account_error if user && !user.confirmed?
end
def unconfirmed_account_error
{ error: 'invalid', error_description: 'You must validate your email address before login' }
end
end
We also needed to make sure the routes were pointing to the custom controller:
use_doorkeeper do
controllers tokens: 'tokens'
end
Hope it can helps someone in the future
Is there any way to get work space name and URL if the API request is authenticated as app.
Podio::authenticate_with_app($app_id, $app_token);
PodioSpace::get($space_id);
the above code return PodioForbiddenError
Sorry, but the I don't think this is allowed within the scope hierarchy.
Please refer to https://developers.podio.com/authentication/scopes
But, if you only need space name, id, url and couple of other minor details you could still get it by using fields parameter. This is described here: https://developers.podio.com/index/api (scroll down to the end of page).
Here is how I debug it with Ruby:
Podio.client.authenticate_with_app(<app_id>, <app_token>)
app = Podio::Application.find(app_id, {'fields' => 'space.view(full)'})
puts app['space']['name']
puts app['space']['space_id']
puts app['space']['url']
I have a Sinatra app that I want to password protect on a very basic level. The basic idea is that there would be a page with a single input box where you would type in a password. If the correct password in submitted, then you have access to the rest of the site. If you tried to access the site without the password, it should redirect you to the password page.
I can do this with a basic HTTP Auth:
use Rack::Auth::Basic do |username, password|
password == 'password'
end
but I want to have a decent looking page for only the password, rather than using the HTTP authentication.
Is there a gem/method to do this easily?
It's fairly simple to implement something like this. But since I had the same problem in the beginning I help you out here.
use Rack::Session::Pool
helpers do
def loged? ; session["isLogdIn"] == true; end
def protected! ; halt 401 unless admin? ; end
end
get "/login/?" do
erb :login
end
post '/login/?' do
if params['password'] == "mypassword"
session["isLogdIn"] = true
redirect '/'
else
halt 401
end
end
get('/logout/?'){ session["isLogdIn"] = false ; redirect '/' }
get 'myprotectedpage' do
protected!
erb :view
end
Of course you can extend this an hash the password and so on.
A gem which does such things is https://github.com/hassox/warden but I never used it.
Currently, when you login as a user, regardless of where from, you are taken to your homepage. I would like to check for params in the url and redirect based on that param.
Here's the code:
def after_sign_in_path_for(resource)
if params['redirect'] == 'SomeParameter'
return special_url
else
return home_url
end
end
If I use the regular login form with no params, I get taken to home_url. When I try to go to /user/login?redirect=SomeParameter, I still get taken to home_url. By the way, both routes are valid (if I just test special_url, it works just fine).
What am I missing?
Does the home page redirect you to the login form if you aren't signed in?
Devise will store the page that you were on when you attempted to log in, and redirect to it when you log in.
This will take precedence over the after_sign_in_path_for, so if you are going Home page => Auto-redirect to Login => log in, then the return value of the after_sign_in_path_for doesn't matter.
If that is the case, you can play with stored_location_for (Devise and stored_location_for: how do you store the return location?) to alter where you go.
I'm having a problem using an authlogic single access token to access a page when logout on timeout is set to true and a timeout is set.
user.rb:
acts_as_authentic do |c|
c.logged_in_timeout = 15.minutes
end
user_session.rb:
logout_on_timeout true
controller:
def single_access_allowed?
["download_xml"].include?(action_name)
end
If I try to access a page/method using the token it redirects straight away to my login page. The logout on timeout works when its turned on.
If i remove the timeout code and just have acts_as_authentic in the user.rb, the single access token works.
I want to be able to use the single access token so another application can open an xml file from my ruby on rails website.
Any ideas on what I might have done wrong and where to look to fix it and make it work?
Using authlogic 3.0.3 and rails 3.0.7.
This reply from jgdreyes last Sept 27 at https://github.com/binarylogic/authlogic/issues/64 worked for me:
I went ahead and extended Authlogic's stale? method so that it does
not see requests as stale? if accessing via single_access?. This keeps
logic for logout_on_timeout intact.
class UserSession < Authlogic::Session::Base logout_on_timeout true
def stale?
return false if single_access?
super
end
end