I am trying to split my current Ruby on Rails 3 web-application and it's web-services (API). My web-application is running on Heroku and implements API as a namespaced route within my application. For example /events returns a HTML page and /api/v1/events returns a JSON data.
According to some best practices, I want to split those into two different applications. I have chosen Sinatra to implement the API application. It works now for simple requests where authentication is not required.
My Ruby on Rails 3 application is using Devise to authenticate users. There's also ability to login with Facebook account. Now what I want to achieve, is HTTP Basic Authentication of users (including registration) through my Sinatra-based API by using Warden.
What is the best way to do that? Or maybe I can use something different then Warden?
Keep in mind that I am not very familiar with Rack :)
I was able to get it working. There were a few main aspects:
Get Devise working with Rails (Devise is a Rails app, won't work
without it)
Setup the mapping (route) on Rack level to support both Rails and Sinatra
Share the sessions between Rails and Sinatra
Setup Warden and make it available to Sinatra
Here is most relevant part of code from /config.ru:
#
# ...
# Rest with Rails
map "/" do
run MyApp::Application
end
# Anything urls starting with /slim will go to Sinatra
map "/slim" do
# make sure :key and :secret be in-sync with initializers/secret_store.rb initializers/secret_token.rb
use Rack::Session::Cookie, :key => '<< see, initializers/secret_store.rb >>', :secret => '<< copy from initializers/secret_token.rb >>'
# Point Warden to the Sinatra App
use Warden::Manager do |manager|
manager.failure_app = AppMain
manager.default_scope = Devise.default_scope
end
# Borrowed from https://gist.github.com/217362
Warden::Manager.before_failure do |env, opts|
env['REQUEST_METHOD'] = "POST"
end
run AppMain
end
See, http://labnote.beedesk.com/sinatra-warden-rails-devise for a complete solution.
Related
This gem ("devise_token_auth") is used for token authentication for applications using JSON APIs for front-end development.
Can we use this gem for server side rendering? If yes, then how to add the token from a previous response to the current request?
I don't know if this is still a pressing matter for you, but I'd like to throw in some advice.
For your API you can throw in devise_token_auth and it will do what everything you need for authentication there.
And if you need authentication with server-side rendering of pages (such as login forms, reset password forms, etc.) just throw in regular devise too. It will work with your exact same User model and table, and there will be little friction to get things up and running with the same resources you use with devise_token_auth.
Gemfile
#autentication and authorization
gem 'devise', '~> 3.5', '>= 3.5.6'
gem 'devise_token_auth', '0.1.37'
Then run
bundle
Run the installer for devise:
rails generate devise:install
Then generate your user model:
rails generate devise User
Install devise_token_auth now:
rails g devise_token_auth:install User "auth"
And make sure your database is migrated:
rake db:migrate
I think devise_token_auth may overwrite your user model, I'm not certain, but if it does, keep the migrations for devise_token_auth only and ignore the migrations for Devise.
Then make sure your routes.rb matches this:
Rails.application.routes.draw do
devise_for :users
root "home#index"
namespace :api, defaults: { format: :json } do
namespace :v1 do #I namespace my routes
mount_devise_token_auth_for "User", at: "auth"
end
end
end
devise_for must come before mount_devise_token_auth.
Then just refer to the official devise and devise token auth documentation to get both solutions working for you.
Hope this helps anyone who reaches this point and has a need to authenticate users on mobile app and on browser web app.
I'm trying to build a SSO system where a bunch of Rails 4 apps under different subdomains share a common cookie. I've got 4 apps doing authentication via the sorcery gem and 2 apps using ActiveAdmin and Devise.
The 4 apps using Sorcery are working as expected, I can get a successfully signed on user to access all 4 different apps using the same session cookie.
I'm having trouble with the 2 Devise/ActiveAdmin apps. I added a custom Warden authentication strategy and configured Devise to use it. But I don't think the strategy is being used because I continue to get 401 unauthorized errors and any puts statements/logging in the authenticate! method below is never seen. Anyone with previous experience doing this? Or maybe some help tracing through where the authentication steps are happening so I can try to add some logging?
Warden::Strategies.add(:gc_auth) do
def valid?
true
end
def authenticate!
user = AdminUser.find_by_uuid(session[:user_uuid])
user ? success!(user) : fail!("Not signed in")
end
end
config.warden do |manager|
manager.default_strategies.unshift :gc_auth
end
Was able to get this to work by examining how this gem is structured:
https://github.com/AMekss/devise_custom_authenticatable
I'm building an API with Rails 4 and I really want to create a Batch request method to not overload my app when doing a bunch of ajax requests.
The Railscasts shows how to do it in a simple way but there's a lot of stuff missing.
I also tried the batch_api gem but I wasn't successful integrating it with my application.
Any ideas?
I know it's being late to answer this question but I recently used batch_api gem with my Rails API (rails 5.0.0 and Ruby 2.0) and it works find with me.
What you need to do is follow the instruction of this document:
https://github.com/arsduo/batch_api
Shortly:
1- You need to add the batch_api gem to your application GemFile.
2- You need to add the required middleware configuration in you application.rb file:
config.middleware.use BatchApi::RackMiddleware do |batch_config|
# you can set various configuration options:
batch_config.verb = :put # default :post
batch_config.endpoint = "/batchapi" # default /batch
batch_config.limit = 100 # how many operations max per request, default 50
# default middleware stack run for each batch request
batch_config.batch_middleware = Proc.new { }
# default middleware stack run for each individual operation
batch_config.operation_middleware = Proc.new { }
end
3- Then restart your rails server.
Make sure to insert the new middleware in the appropriate location, in my case I needed to include it before "ActionDispatch::RequestId" middleware.
config.middleware.insert_before "ActionDispatch::RequestId", BatchApi::RackMiddleware
because I wanted to include X-Request-ID header in each request in the Batch request and this ID will be returned in each response so that I could know the response for each request in the Batch (note that the responses will be executed sequentially depending on the sequence each request in the Batch).
Apparently the batch_api gem doesn't work with rails 4 yet, but there is a fork that was started to update it to rails 4 and ruby 2.0.
https://github.com/easyPEP/batch_api/tree/feature_ruby_2
I am using devise in my application for authentication. When I try to register, I get the following error:
Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true
I am using :comfirmable and had uncommented t.confirmable in the migration
In order to use confirmable module you need to configure ActionMailer that is used by devise for sending confirmation emails. First step for solving your problem is setting up mailer host in you environment.rb or in the corresponding file for a particular environment like that:
config.action_mailer.default_url_options = { :host => “example.com” }
For further steps have a look at this rails guide and answers to this question.
I got an API that I have developed using Rails 3 and Devise. I am using tokens (token_authenticatable) for authentication for requests made to the API from a client. I want to be able to switch between users in the requests just be replacing the token.
I heard about a setting called :stateless_token (boolean) but I cannot figure out where to put this setting. Is there another way?
If found the token_authenticatable here:
https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/token_authenticatable.rb
If found info about the stateless_token here:
http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable
stateless_token is deprecated as of now. This is the new form (it allows more auth strategies to be stateless):
# config/initializers/devise.rb
config.skip_session_storage = [:token_auth]
You can also edit the file /config/initializers/devise.rb and put (or uncomment, if already there) the following line:
config.stateless_token = true
It should be an option in your devise_for line in the routes file.
devise_for :users, :stateless_token => true
Let me know if that works,
In this page of documentation for devise it says that "TokenAuthenticatable adds the following options to devise_for:" with stateless token being one of them.
Also here is a link to the devise_for documentation