Rails devise two separate registration forms - ruby-on-rails

I am building a Doctor booking platform where there's a patient and a doctor.
I currently have standard devise setup with one user model and one signup form, I want to have to separate forms one for patient where I will pass params role of patient and a doctor form with params of doctor role so I can assign roles from the controller or the model.
The forms will be quite the same only for doctor I will require some extra fields.
Also my doctor as it belongs to a user will have the ability to book an appointment with other doctors, is it a good practice to use boolean to define whether it's a doctor or not or use roles with enum.
I need help please

What about hidden_field_tag, did you have tried anything or want to clear concept? You can do this using hidden_field_tag like if you create those form using bootstrap tab like this
$('#myTabs a').click(function (e) {
e.preventDefault()
$(this).tab('show')
})
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<div>
<!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="active">Doctor</li>
<li role="presentation">Patient</li>
</ul>
<h2>Just example form</h2>
<!-- Tab panes -->
<div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="home">
<h2>Doctor?</h2>
<form>
<div class="form-group">
<label for="exampleInputEmail1">Email address</label>
<input type="email" class="form-control" id="exampleInputEmail1" placeholder="Email">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
</div>
<div class="checkbox">
<label>
<input type="checkbox"> Check me out
</label>
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
</div>
<div role="tabpanel" class="tab-pane" id="profile">
<h2>Patient?</h2>
<form>
<div class="form-group">
<label for="exampleInputEmail1">Email address</label>
<input type="email" class="form-control" id="exampleInputEmail1" placeholder="Email">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
</div>
<div class="checkbox">
<label>
<input type="checkbox"> Check me out
</label>
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
</div>
</div>
</div>
in the form, you can just use a hidden field like when form for doctor
<%= f.hidden_field :role, value: "doctor" %>
and when form for Patient
<%= f.hidden_field :role, value: "patient" %>
and permit their role in the application_controller
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :role])
end
I thing it will help.

Related

parameter not being submitted

The following is an excerpt of a rails form
<%= form_with(model: #usercontent) do |form| %>
where the following html renders a collection
<div class='alert'>
<select class='image-picker show-html' name="ki_id" id="ki_id">
<div class='row'>
<div class='buttonselector'>
<label for="usercontent_ki_id_1">
<input class="invisi-selector" type="radio" value="1" name="usercontent[ki_id]" id="usercontent_ki_id_1" />
<img src='/assets/ki/circle-15-1c2a221aa37a24e5b23acd7124cd47ae2a17434af589353a063633a6ef5abca6.svg'>
<div></div>
</label>
</div>
</div>
<div class='row'>
<div class='buttonselector'>
<label for="usercontent_ki_id_2">
<input class="invisi-selector" type="radio" value="0" name="usercontent[ki_id]" id="usercontent_ki_id_2" />
<img src='/assets/ki/aerialway-15-621960ddf5e9930f1b1102faa4ee23542e11163f48a67470f1fe245abbc27955.svg'>
<div></div>
</label>
</div>
</div>
[...]
</select>
</div>
However, when the user selects an item, the parameter being submitted is "ki_id"=>"0". Where is the above structure wrong?
It is submitted due to name="ki_id" in
<select class='image-picker show-html' name="ki_id" id="ki_id">
Can you show the full code for the view.

How to customize Spring Security Shiro Grails plugin Login Logout functionality?

This seems like something that should be pretty easy, but I am unable to customize the Login (login/authenticate) and Logout functionality of spring-security-shrio that is pre-built.
I would like to do things like add a login counter, or login log so when a user logs in I log who they are and additional information like an ip address.
Also, I went to the source and found the LoginController, copied that but noticed that there is no authenticate method within that controller.
I am upgrading an application from Grails version 2.4.4 to Grails 3+. Where is the code that is generated? Any guidance would be most appreciated.
Not Shiro specific but you can add a login directory to views then add your own auth.gsp to handle logging in.
Note that a number of the parameter names changed from Grails 2 to 3 e.g. j_username to username see here.
Here's a bootstrap styled one I converted from a Grails 2 to 3 app recently:
<html>
<head>
<meta name='layout' content='main'/>
<title><g:message code="springSecurity.login.title"/></title>
</head>
<body>
<div id='login' class="maincontentdiv">
<g:render template="/templates/alerts"/>
<form action='${postUrl}' method='POST' id='loginForm' class='form-horizontal' autocomplete='off'>
<fieldset>
<legend><g:message code="springSecurity.login.header"/></legend>
<div class="form-group">
<label class="col-md-4 control-label" for="username">
<g:message code="springSecurity.login.username.label" default="Username" />
<span class="required-indicator">*</span>
</label>
<div class="col-md-4">
<input type='text' class='form-control' name='username' id='username'/>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="password">
<g:message code="springSecurity.login.password.label" default="Password" />
<span class="required-indicator">*</span>
</label>
<div class="col-md-4">
<input type='password' class='form-control' name='password' id='password'/>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="submit"></label>
<div class="col-md-4">
<input type='submit' id="submit" class='btn btn-primary' value='${message(code: "springSecurity.login.button")}'/>
</div>
</div>
</fieldset>
</form>
</div>
<script type='text/javascript'>
<!--
(function() {
document.forms['loginForm'].elements['username'].focus();
})();
// -->
</script>
</body>
</html>

HTML form without CSRF protection alert (Acunetix)

I use in my form #Html.AntiForgeryToken() and in action I use [ValidateAntiForgeryToken] attribute but when test my site by Acunetix get this error :
HTML form without CSRF protection
html :
<form action="/Car/SearchCar?uniq=-107215139" method="POST" name="form" id="FormCarSearch">
<input name="__RequestVerificationToken" type="hidden" value="NpoBFo4bSCwbm0yZ6dIrpOazM00uX-rKNbru9sfVPGV9cJ8qaDsYaAqsRDDKuy0W0R7gCZSVQu_QN2qD8uTeThan7Ad78GNteLdQN2TKPYJUVD3MrxeeT1YG_i4IYaa6zzENb9CKR1p3zcW9HmDNxA2">
<div class="">
<h4 class="title">
جستجوی خودرو :
</h4>
<div class="row">
<div class="form-group col-sm-6 col-md-2 col-md-push-10 col-sm-push-6 ">
<div class="datepicker-wrap">
<label>از تاریخ </label>
<input name="CarFormDate" autocomplete="off" id="CarFromDate" type="text" class="input-text full-width hasDatepicker" placeholder="از تاریخ ">
</div>
</div>
<div class="form-group col-sm-6 col-md-2 col-md-push-6 DestinationT">
<div class="datepicker-wrap">
<label>تا تاریخ </label>
<input name="CarToDate" autocomplete="off" id="CarToDate" type="text" class="input-text full-width hasDatepicker" placeholder="تا تاریخ ">
</div>
</div>
<div class="form-group col-sm-6 col-md-2 col-md-push-2 col-sm-push-6">
<label> شهر</label>
<div class="selector">
<select class="full-width" name="CarCity" id="CarCity">
<option value="1">کیش</option>
</select><span class="custom-select full-width">کیش</span>
</div>
</div>
<div class="form-group col-sm-6 col-md-2 col-md-pull-2 col-sm-pull-6">
<label>نوع خودرو</label>
<div class="selector">
<select class="full-width" name="CarStyle" id="CarType">
<option value="1">سواری</option>
<option value="2">شاسی بلند</option>
<option value="21">کروک اسپورت</option>
</select><span class="custom-select full-width">سواری</span>
</div>
</div>
<div class="form-group col-sm-6 col-md-2 col-md-pull-6 col-sm-push-6">
<label class="transparent">جستجوی خودرو</label>
<button class="full-width soap-icon-search" type="button" id="SearchCar">جستجوی خودرو</button>
</div>
</div>
</div>
</form>
How to fix this vulnerability:
Check if this form requires CSRF
protection and implement CSRF countermeasures if necessary.
Is there problem in this case?
How can i fix this?
CSRF detection, by very nature, is hard to detect automatically and often requires some form of human verification to check whether the alert is a false positive or not.
There is a really detailed article by Acunetix below regarding CSRF tokens which I would recommend going over - https://www.acunetix.com/websitesecurity/csrf-attacks/
If you need any further details, let me know.

jquery mobile flipswitch active by default

I'm using query mobile 1.4.0 and I'm trying to make my flip switch active by default but I'm not really sure how to approach it. I've tried adding selected="selected" to the <input> but it doesn't seem to make a difference. Anyone have any ideas?
<form>
<div class="prof-wrap">
<div class="prof-left">
<div class="prof-txt-wrap">
<div class="text-off">OFF TITLE</div>
<div class="text-off2">OFF TYPE</div>
</div>
</div>
<!-- END prof-left -->
<div class="prof-mid">
<div class="prof-switch">
<input type="checkbox" data-role="flipswitch" name="flip-checkbox-4" id="flip-checkbox-4" data-wrapper-class="custom-size-flipswitch" selected="selected">
</div>
<!--END prof-mid -->
</div>
<!-- END prof-switch -->
<div class="prof-right">
<div class="prof-txt-wrap2">
<div class="text-active">ON TITLE</div>
<div class="text-active2">ON TYPE</div>
</div>
</div>
<!-- END prof-right -->
</div>
<!-- END prof-wrap -->
</form>
According to the Documentation use the checked=""attribute:
<form>
<label for="flip-checkbox-4">Flip toggle switch checkbox:</label>
<input type="checkbox" data-role="flipswitch" name="flip-checkbox-4" id="flip-checkbox-4" checked="">
</form>

When using Angular.js, how to retain form data after submit?

I have used the basic angular script which update what ever you type in the input field on any element we specify, real time...
<!doctype html>
<html ng-app>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.7/angular.min.js"></script>
</head>
<body>
<div>
<label>Name:</label>
<input type="text" ng-model="yourName" placeholder="Enter a name here">
<hr>
<h1>Hello {{yourName}}!</h1>
</div>
</body>
</html>
Im new to Angular. I used this on may rails app. But the problem is, the field I used ng-model will reset its valu after submit. Even setting the 'value' attribute won't work. How can I fix this?
Exact code generated from my rails application :
<form accept-charset="UTF-8" action="/members" class="custom" id="new_member" method="post">
<div class="row collapse text-field">
<div class="small-4 columns">
<h3>Add Member : </h3>
</div>
<div class="small-6 columns left inline">
<h3 class="subheader inline"> {{newEntry.name}}</h3>
</div>
</div>
<div class="row collapse text-field">
<div class="small-3 columns">
<label class="prefix" for="member_name">Full Name</label>
</div>
<div class="small-7 columns left">
<input class="input" id="member_name" name="member[name]" ng-model="newEntry.name" type="text" value="gj" />
</div>
</div>
<div class="row collapse text-field">
<div class="small-3 columns">
<label class="prefix" for="member_address">Address</label>
</div>
<div class="small-9 columns">
<textarea class="input" height="115" id="member_address" name="member[address]">
</textarea>
</div>
</div>
<div class="row">
<div class="small-9 columns" ><input class="button radius" name="commit" type="submit" value="Add Member" /></div>
</div>
</form>
Note : I haven't used an ng-controller. Im new to Angular. If its required, please tell me how to convert the above to the controller. I can get the value of the field and send it back to the form in rails. Its there in a variable. But Angular keeps wiping it!
Note2 : This problem persist only for the input field I used angular-model.. All the other fields retained the data!
Ok this is not the best solution but you could do this:
<input type="text" ng-init="yourName = 'Your Value Goes Here'" ng-model="yourName" placeholder="Enter a name here">
ng-init directives are run when the app intialises, so your value will be assigned to angular's internal "yourName" model and be updated in the view accordingly.
That would solve your problem but its not the best way. Hopefully that will get you going for now - I'll try and post a more "ideal" solution shortly.

Resources