Is it possible to get session value in Leaf?
As this post suggested, I should be able to access session using #(request.session).
But when I set a value in session:
try request.assertSession().data.set("foo", "bar")
I got nothing using:
#(request.session.foo)
I also tried:
#(foo)
#(session.foo)
#(session.data.foo)
#(request.session.data.foo)
None of them works.
What am I missing? I'm on Vapor 2.4.4 with Leaf Provider 1.1.0.
It is possible to access it - if you pass it in to your context. However, why do you need to access it? I’m not going to say it’s a bad idea...it’s just a really bad idea
Related
I have a couple of questions about the WebAuthn gem and the use of U2fMigrator.
I hope someone can point me in the right direction about it.
I am in the step just after converting my old U2F credentials using U2fMigrator.
migrated_credential = WebAuthn::U2fMigrator.new(
app_id: my_domain,
certificate: u2f_registration.certificate,
key_handle: u2f_registration.key_handle,
public_key: u2f_registration.binary_public_key,
counter: u2f_registration.counter
)
The documentation says: “U2fMigrator class quacks like WebAuthn::AuthenticatorAttestationResponse” but without verify implementation.
Does that mean I need to create an instance of this AuthenticatorAttestationResponse for authentication?
If so. Where I should get this data from?
assertion_response = WebAuthn::AuthenticatorAssertionResponse.new(
credential_id: '',
authenticator_data: '',
client_data_json: '',
signature: '',
)
I am guessing that will allow me to authenticate the new migrated credentials like this:
assertion_response.verify(
WebAuthn::Credential.options_for_get(:extensions => { appid: my_domain }).challenge,
allowed_creadentials: migrated_credential.credential,
rp_id: my_domain
)
And also, I am guessing I don't need to re-register these credentials yet.
I am following this documentation:
https://github.com/cedarcode/webauthn-ruby/blob/master/docs/u2f_migration.md
https://github.com/castle/ruby-u2f
https://github.com/cedarcode/webauthn-ruby/blob/master/README.md#authentication
UPDATE 1
I've found this cool explanation in this guide
I will dig into it and I'll post the solution if I can find it.
UPDATE 2
I've spent the whole week trying to get the authenticatorAssertionResponse
from
Unfortunately, I only get a message saying I don't have a key registered:
I'm passing through the extension and appid where the U2F credential was registered originally. I wonder if it stoped working now the deprecation is complete.
U2fMigrator is instantiated with data that's already stored in your database. Instances of it respond to the same methods as AuthenticatorAttestationResponse, except it misses a verify method since the data was already verified in the past. In other words: the migrator behaves nearly the same as a freshly WebAuthn registered authenticator and it is meant to be used as such.
Does that mean I need to create an instance of this
AuthenticatorAttestationResponse for authentication?
Yes. The AuthenticatorAttestationResponse is instantiated with browser data from the WebAuthn navigator.credentials.get call. This in itself is unrelated to the U2F migration question, except for the part where the data comes from for its verify method. This comes either from a migrator instance (in the "real time conversion" approach) or is retrieved from the database.
Hope that makes sense, PRs welcome to improve the docs!
I can't figure out how to get the session timeout in Rails (either default or configured); here it is written how to set it, but how to get it doesn't.
I tried:
Some::Application.config.session_store: returns a class
app.controller.session.timeout, ...expires_at: doesn't work
docs: no clues
I know this question is old, but I'll leave this here for future weary travelers:
To get options defined from
Rails.application.config.session_store ....
You can do
Rails.application.config.session_options
I am using this to access session in Model.
http://www.zorched.net/2007/05/29/making-session-data-available-to-models-in-ruby-on-rails/
Can anybody confirm that it will work with Apache + Passenger deployment too?
Or if there are any other alternatives to achieve the same?
Thanks,
Imran
I did not find any code on the internet that works, so I did some research and wrote my own. It works for Rails 3.2.x and probably on some other versions.
Insert this in your ApplicationController
# Set a filter that is invoked on every request
before_filter :_set_current_session
protected
def _set_current_session
# Define an accessor. The session is always in the current controller
# instance in #_request.session. So we need a way to access this in
# our model
accessor = instance_variable_get(:#_request)
# This defines a method session in ActiveRecord::Base. If your model
# inherits from another Base Class (when using MongoMapper or similar),
# insert the class here.
ActiveRecord::Base.send(:define_method, "session", proc {accessor.session})
end
I will not remind you that accessing your session from a model may lead to bad code. Other posts may tell you, that you are stupid. Though there are some valid reasons to access the session from your model, like implementing a Model.save method, that saves to the current users session.
Yes. It is the only efficient way I found to use session data in model. I also used it and never faced any deployment issue with Apache + passenger.
But you need to confirm when you will be playing with session values. On each new request to server, session value gets stored in thread and we can access it in model. If you are applying any logic by using thread value, then also make sure with situation when thread value might be nil also.
Because I got an issue where on development, my every code worked fine but on production, during starting server it caused an issue as initially it considered thread value as nil.
I am trying to make use of session data in my application and for some reason I don't have something setup right.
The code:
session[:key] = some_value
Generates the following error:
The error occurred while evaluating nil.[]
Other controllers don't have an issue with the session, so I am guessing I missed some basic configuration thing somewhere.
Ok, I think I got it figured out now. I had a slightly more complex situation that my example. I actually had the following:
session[:chat_history][chat.from.id] ||= []
So I had an error with double array. I added the following:
session[:chat_history] ||= []
Problem was the first time I did this, I put it in a before_filter method. Apparently the session object is nil in the before_filter method, at least the way I have my application setup.
So I moved the initializer to the methods that actually access the session and life is good again.
It looks like the session variable is nil which makes me think the framework couldn't set it for one of these reasons:
Browser passed in no cookie for the session
Browser passed in a cookie but it didn't match anything the server expected
It was stated that some controllers work. Did something have the opportunity to create a session for the user before those controllers ran?
I want to access the session of a user from a different domain than the one that I initiated the session. Can I use session.session_id of the user and then retrieve the session hash of that user ?
Thank you
If it's on a different domain (i.e., not a subdomain), there's no way to get the session info (cause it's stored in a cookie)—you'll need something else (see this question). If it's a subdomain, I think there's a neat way to do it automatically by setting the cookie's domain (look in environment.rb's config.action_controller.session, try setting :session_domain)
It looks like you could use something like:
CGI::Session::ActiveRecordStore::SqlBypass::find_by_session_id(session_id)
However, I'm not sure if that's a good idea or not -- and in this case it is only useful if you're using the ActiveRecordStore. Not sure what else is available on the other stores, but if you poke around under actionpack/lib/action_controller/session/* you'll probably get a more definitive answer.