I posted this of the issues page for the doorkeeper gem, but looking at it, I wonder if I should post here, any help would be amazing as I am completely stuck
I have been following the wiki on doorkeeper and doing the "Testing your provider with OAuth2 gem" (https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem)
I am running rails 5.1.4, ruby 2.4.1, doorkeeper gem 4.2.6 and oauth2 v1.4.0
I am having issues trying to do what is done in the testing wiki in code, which is get an auth token
My sessions controller:
def new
session[:state] = 'some state sent from amazon'
session[:client_id] = 'some client id'
session[:client_secret] = 'some client secret'
session[:redirect_uri] = "#{request.base_url}/oauth/callback"
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
if user.activated?
log_in user
redirect_to client.auth_code.authorize_url(:redirect_uri => session[:redirect_uri])
end
end
end
#route for /oauth/cllback comes here
def callback
token = client.auth_code.get_token(params[:code], :redirect_uri => session[:redirect_uri])
# testing print to screen
render json: token
end
private
def client
OAuth2::Client.new(session[:client_id], session[:client_secret], :site => request.base_url)
end
So as a user i log in, I authorise the app and then it times out and I get the following log for the whole flow:
Started GET "/login?client_id=<client_id>&response_type=code&state=<amazon state>&redirect_uri=https%3A%2F%2Fpitangui.amazon.com%2Fapi%2Fskill%2Flink%2FM2X1TLJOHDU07S" for 5.175.83.20 at 2017-10-23 13:36:35 +0100
Processing by SessionsController#new as HTML
Parameters: {"client_id"=>"<client_id>", "response_type"=>"code", "state"=>"<amazon state>", "redirect_uri"=>"https://pitangui.amazon.com/api/skill/link/M2X1TLJOHDU07S"}
Rendering sessions/new.html.erb within layouts/application
Rendered sessions/new.html.erb within layouts/application (1.5ms)
Rendered layouts/_shim.html.erb (0.5ms)
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Rendered layouts/_header.html.erb (36.3ms)
Completed 200 OK in 121ms (Views: 107.5ms | ActiveRecord: 4.0ms)
Started POST "/login" for 5.175.83.20 at 2017-10-23 13:40:35 +0100
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"aR03Eo+jxzN+oDPrnOevHn6moTCSePoLAi2Ncc7pKbtxVQa6lLu+IzdEsfzrexpJVm6MdOugIQICyN2ZNS7hgw==", "session"=>{"email"=>"me#daviesp.co.uk", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log In"}
User Load (0.6ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 LIMIT $2 [["email", "me#daviesp.co.uk"], ["LIMIT", 1]]
Redirected to https://3751d64e.ngrok.io/oauth/authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code
Completed 302 Found in 67ms (ActiveRecord: 0.6ms)
Started GET "/oauth/authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code" for 5.175.83.20 at 2017-10-23 13:40:36 +0100
Processing by Doorkeeper::AuthorizationsController#new as HTML
Parameters: {"client_id"=>"<client_id>", "redirect_uri"=>"https://3751d64e.ngrok.io/oauth/callback", "response_type"=>"code"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Doorkeeper::Application Load (0.4ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = $1 LIMIT $2 [["uid", "6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48"], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Doorkeeper::AccessToken Load (0.5ms) SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."application_id" = $1 AND "oauth_access_tokens"."resource_owner_id" = $2 AND "oauth_access_tokens"."revoked_at" IS NULL ORDER BY created_at desc LIMIT $3 [["application_id", 11], ["resource_owner_id", 1], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
(0.2ms) BEGIN
Doorkeeper::AccessGrant Exists (0.6ms) SELECT 1 AS one FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = $1 LIMIT $2 [["token", "a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4"], ["LIMIT", 1]]
SQL (0.5ms) INSERT INTO "oauth_access_grants" ("resource_owner_id", "application_id", "token", "expires_in", "redirect_uri", "created_at", "scopes") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["resource_owner_id", 1], ["application_id", 11], ["token", "a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4"], ["expires_in", 600], ["redirect_uri", "https://3751d64e.ngrok.io/oauth/callback"], ["created_at", "2017-10-23 12:40:36.235539"], ["scopes", ""]]
(1.5ms) COMMIT
Redirected to https://3751d64e.ngrok.io/oauth/callback?code=a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4
Completed 302 Found in 14ms (ActiveRecord: 4.2ms)
Started GET "/oauth/callback?code=[FILTERED]" for 5.175.83.20 at 2017-10-23 13:40:36 +0100
Processing by SessionsController#oauth_call as HTML
Parameters: {"code"=>"[FILTERED]"}
Started POST "/oauth/token" for 5.175.83.20 at 2017-10-23 13:40:37 +0100
Completed 500 Internal Server Error in 60406ms (ActiveRecord: 0.0ms)
Faraday::TimeoutError (Net::ReadTimeout)
Cant for the life of me figure out why it works in irb but not in code. Here is what i do in irb
irb(main):001:0> require 'oauth2'
=> true
irb(main):002:0>
irb(main):003:0* client_id = '6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48'
=> "6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48"
irb(main):004:0> client_secret = '937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086'
=> "937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086"
irb(main):005:0> redirect_uri = 'https://3751d64e.ngrok.io/oauth/callback'
=> "https://3751d64e.ngrok.io/oauth/callback"
irb(main):006:0> site = 'https://3751d64e.ngrok.io'
=> "https://3751d64e.ngrok.io"
irb(main):007:0> state = 'some state'
=> "some state"
irb(main):008:0> client = OAuth2::Client.new(client_id, client_secret, :site => site)
=> #<OAuth2::Client:0x007fa61414c4b0 #id="6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48", #secret="937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086", #site="https://3751d64e.ngrok.io", #options={:authorize_url=>"/oauth/authorize", :token_url=>"/oauth/token", :token_method=>:post, :auth_scheme=>:request_body, :connection_opts=>{}, :connection_build=>nil, :max_redirects=>5, :raise_errors=>true}>
irb(main):009:0> client.auth_code.authorize_url(:redirect_uri => redirect_uri)
=> "https://3751d64e.ngrok.io/oauth/authorize?client_id=6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code"
even If i put that uri into browser and it returns the access token:
{"token_type":"bearer","created_at":1508763209,"access_token":"38282cae5191923f1f358aece869e237d4d9742cdd7c918ae63104c57807a826","refresh_token":null,"expires_at":1508770409}
Again any help would be amazing!
So I found in my Dev Environment, if i stop using puma and rails server and started using POW, the issue went away. I checked if puma was running as single thread but it was running 5 threads, so not sure why this was happening.
Related
Whenever I try to update the user, I get redirected to /users with the edit form filled in but no errors.
Users::RegistrationsController
class Users::RegistrationsController < Devise::RegistrationsController
before_action :configure_account_update_params, only: [:update]
def update
super
end
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:name,:property,:admin,:phone_number,:organization,:gender,:profile_pic,:birthday])
end
...
end
Rails Server Logs
Started PUT "/users" for ::1 at 2020-07-22 17:55:57 +0500
Processing by Users::RegistrationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"iqpDtwA8U1jJ10dtaCV/eE0m96KHUa8G7tWrpOLA48AXYnUjT+6M2qwrwncjThvwQnQQycn/dNCWsbnsteJmhA==", "user"=>{"name"=>"Sohail ", "phone_number"=>"(11", "organization"=>"11", "email"=>"user#test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (1.6ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 8], ["LIMIT", 1]]
User Load (1.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 8], ["LIMIT", 1]]
User Exists (1.1ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = $1 AND "users"."id" != $2 LIMIT $3 [["email", "user#test.com"], ["id", 8], ["LIMIT", 1]]
Rendering users/registrations/edit.html.erb within layouts/application
Rendered users/registrations/edit.html.erb within layouts/application (3.9ms)
StripeCustomer Load (4.6ms) SELECT "stripe_customers".* FROM "stripe_customers" WHERE "stripe_customers"."user_id" = $1 LIMIT $2 [["user_id", 8], ["LIMIT", 1]]
Rendered layouts/_header.html.erb (97.4ms)
Rendered layouts/_footer.html.erb (15.5ms)
Completed 200 OK in 681ms (Views: 310.2ms | ActiveRecord: 9.0ms)
It seems you have messed a little with your parameters. You sent nested parameters on your form like this:
"user"=>{"name"=>"Sohail ", "phone_number"=>"(11", "organization"=>"11", "email"=>"user#test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Update"}
However your permited parameters assume you are nesting everything on a :account_update key.
So you could either change the key sent on your form, or use this sanitizer:
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:name,:property,:admin,:phone_number,:organization,:gender,:profile_pic,:birthday])
end
I am developing an API in Rails and interacting with it from another Rails application. Up to now everything has been working correctly, using POST and GET to authenticate users, create records and retrieve data. But now I'm having trouble getting the PUT operation to update a record. It appears it is calling the API correctly and the API is returning a 200 response, but looking at the logs it doesn't look like Rails is even executing an UPDATE statement. The strangest thing is that there are no errors or warning.
Here is the Log. (Data is faker data so I'm not bothering to redact it)
Started PUT "/affiliates/17" for ::1 at 2019-04-26 17:42:51 -0400
Processing by AffiliatesController#update as HTML
Parameters: {"id"=>"17", "username"=>"teracole", "email"=>"dan#purdy.io", "first_name"=>"Max", "last_name"=>"Max", "company"=>"Dach LLC", "manager_id"=>"3"}
[1m[36mUser Load (0.3ms)[0m [1m[34mSELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2[0m [["id", 2], ["LIMIT", 1]]
↳ app/controllers/application_controller.rb:12
[1m[36mAffiliate Load (0.2ms)[0m [1m[34mSELECT "affiliates".* FROM "affiliates" WHERE "affiliates"."id" = $1 LIMIT $2[0m [["id", 17], ["LIMIT", 1]]
↳ app/controllers/affiliates_controller.rb:50
[1m[35m (0.1ms)[0m [1m[35mBEGIN[0m
↳ app/controllers/affiliates_controller.rb:31
[1m[36mAffiliate Exists (0.3ms)[0m [1m[34mSELECT 1 AS one FROM "affiliates" WHERE "affiliates"."username" = $1 AND "affiliates"."id" != $2 LIMIT $3[0m [["username", "tera.cole"], ["id", 17], ["LIMIT", 1]]
↳ app/controllers/affiliates_controller.rb:31
[1m[35m (0.1ms)[0m [1m[35mCOMMIT[0m
↳ app/controllers/affiliates_controller.rb:31
Completed 200 OK in 8ms (Views: 0.9ms | ActiveRecord: 1.0ms)
You can see the parameter data in the log. The controller action is pretty simple:
# PATCH/PUT /affiliates/1
def update
if #affiliate.update(affiliate_params)
render json: #affiliate
else
render json: #affiliate.errors, status: :unprocessable_entity
end
end
Thanks in advance for any help.
As it turns out, for whatever reason, the put method required me to identify the content type in the header. Post wasn't doing this, but changing the line in my HttParty call fixed the issue:
response = HTTParty.put(put_uri, body: #this_data.to_json, headers: { 'Content-Type' => 'application/json', 'Authorization' => #token })
Created new ruby app
in my controller im trying to sign in a user like so
email = params[:email]
password = params[:password]
user = User.authenticate(email, password)
if user
sign_in(user)
redirect_to root_path
else
render json: {success: false}
end
The user is going into sign_in
console is printing:
Processing by AccountController#sign_in_user as */*
Parameters: {"password"=>"[FILTERED]", "email"=>"email#live.com", "subdomain"=>"app"}
User Load (1.9ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["email", "email#live.com"], ["LIMIT", 1]]
↳ app/models/user.rb:9
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 2], ["LIMIT", 1]]
↳ app/controllers/account_controller.rb:11
Redirected to http://app.lvh.me:3000/
Completed 200 OK in 131ms (ActiveRecord: 2.4ms)
It then redirects to my root path for authenticated users and gives me a 401
Started GET "/" for 127.0.0.1 at 2018-04-30 21:53:39 -0400
Processing by DashboardController#index as HTML
Parameters: {"subdomain"=>"app"}
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
In the DB the user's current_sign_in, last_sign_in, ect.. are being updated
I've done this numerous times, i'm not sure why its not working, any ideas?
Well after an hour of going crazy
i had a random line in my routes
devise_for :users
with no end doing nothing and it was causing this issue.
after removing that everything is fine.
I'm allowing a user to enter IP addresses in an input field which may be of different types delimited by a comma, such as (in no particular order):
192.168.1.1,192.168.2.1-25,10.10.10.0/24,192.168.1.2
This 'string' would get saved in my DB under device.ips_to_scan.
I want to validates_format_of on these, but am finding it a little difficult to write a regex that seems to work in rails, while it does work on regex101 (https://regex101.com/r/nf2bnM/1):
validates_format_of :ips_scan, with: /\A([0-9]{1,3}\.){3}[0-9]{1,3}(\/([1-2][0-9]|[0-9]|3[0-2]))?(-([0-9]{1,3}))?,?\Z/i, on: :update
This one is expected to fail:
Started PUT "/devices/2" for 127.0.0.1 at 2018-02-19 22:03:15 -0500
Processing by DevicesController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"EQCFG6/xoJHtP6Nd3oqaYRW6mypfEoCMrnio1yj6loP+KtvjgLZ9Gmhb0oTwCjD0RGH+qQuctZFVIvF5HBJcGw==", "device"=>{"ips_scan"=>"192.168.1.1,192.168.2.1-25,a.b.c.d", "ips_exclude"=>"10.10.10.1"}, "commit"=>"Save", "id"=>"2"}
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 2], ["LIMIT", 1]]
Device Load (1.6ms) SELECT "devices".* FROM "devices" WHERE "devices"."id" = $1 LIMIT $2 [["id", 2], ["LIMIT", 1]]
(0.5ms) BEGIN
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 2], ["LIMIT", 1]]
(0.5ms) ROLLBACK
Redirected to http://localhost:3000/devices/2/edit
Completed 302 Found in 47ms (ActiveRecord: 12.1ms)
...But this one should have worked:
Processing by DevicesController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"JJfmT/0l5MEDc+gUH/WHHp3bbgyzjGa0xTzaXM3E/WHLvbi30mI5SoYXmc0xdS2LzAALj+cCU6k+ZoPy+Sw3+Q==", "device"=>{"ips_scan"=>"192.168.1.1,192.168.2.1-25,192.168.1.2", "ips_exclude"=>"10.10.10.1"}, "commit"=>"Save", "id"=>"2"}
User Load (0.9ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 2], ["LIMIT", 1]]
Device Load (0.7ms) SELECT "devices".* FROM "devices" WHERE "devices"."id" = $1 LIMIT $2 [["id", 2], ["LIMIT", 1]]
(0.6ms) BEGIN
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 2], ["LIMIT", 1]]
(0.6ms) ROLLBACK
Redirected to http://localhost:3000/devices/2/edit
Completed 302 Found in 17ms (ActiveRecord: 3.5ms)
Last thing I can think of, is that I do have strong parameters, but I'm permitting ips_scan, so that this shouldn't be an issue:
def update
if #device.update(device_params)
flash[:notice] = 'Successful update'
respond_with :edit, :device
else
flash[:warning] = 'Unable to update'
respond_with :edit, :device
end
end
private def device_params
params.require(:device).permit(:token, :ips_scan, :ips_exclude)
end
I'm hoping you rubyist's out there have a eloquent solution. The first thought that comes to mind is that I have to split the string, and check each element sequentially to ensure it matches instead.
While I'm still open to a nice eloquent one-liner within the Model itself, I was able to get this working through creating a concern:
models/concerns/ip_validator.rb
class IpValidator < ActiveModel::Validator
def validate(record)
ips = record.ips_scan.split(',')
ips.each do |ip|
/([0-9]{1,3}\.){3}[0-9]{1,3}(\/([1-2][0-9]|[0-9]|3[0-2]))?(-([0-9]{1,3}))?/ =~ ip
record.errors.add(:ips_scan, ' is not valid') unless $LAST_MATCH_INFO
end
end
end
The call in my model now looks like:
validates :ips_scan, :ips_exclude, ip: true, on: :update
You can use this method in your custom validator to check an IP address
require 'ipaddr'
def valid_ip_addr?(ip_addr)
IPAddr.new(ip_addr)
true
rescue IPAddr::InvalidAddressError => _error
false
end
I want to approve the user to be vip,but when I press the button.The page refreshed but nothing changed.The log in terminal is
Started POST "/admin/users/26/approve_vip" for ::1 at 2016-12-12 16:33:22 +0800
Processing by Admin::UsersController#approve_vip as HTML
Parameters: {"authenticity_token"=>"qYrbaVH/cssY3VBYLw6Hd4wXl42Zz8OqkdHGGoITEeeWtbJ4ZOLOmJF/Jmpx70s9aaL5Yr0vFhqNV9kGHtILpA==", "user_id"=>"26"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 4], ["LIMIT", 1]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 26], ["LIMIT", 1]]
SQL (1.4ms) UPDATE "users" SET "is_vip" = 't' WHERE "users"."id" = ? [["id", 26]]
(0.0ms) begin transaction
(0.0ms) commit transaction
DEPRECATION WARNING: `redirect_to :back` is deprecated and will be removed from Rails 5.1. Please use `redirect_back(fallback_location: fallback_location)` where `fallback_location` represents the location to use if the request has no HTTP referer information. (called from approve_vip at /Users/a1/JDDstore/app/controllers/admin/users_controller.rb:26)
Redirected to http://localhost:3000/admin/users
Completed 302 Found in 6ms (ActiveRecord: 1.7ms)
Started POST "/admin/users/26/approve_vip" for ::1 at 2016-12-12 15:41:47 +0800
Processing by Admin::UsersController#approve_vip as HTML
Parameters: {"authenticity_token"=>"uYc9hdEZaYCgfhdmYK3XnyK2lcraPpHWfuXcQ5cRtLyGuFSU5ATV0yncYVQ+TBvVxwP7Jf7eRGZiY8NfC9Cu/w==", "user_id"=>"26"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 4], ["LIMIT", 1]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 26], ["LIMIT", 1]]
(0.0ms) begin transaction
(0.0ms) commit transaction
DEPRECATION WARNING: `redirect_to :back` is deprecated and will be removed from Rails 5.1. Please use `redirect_back(fallback_location: fallback_location)` where `fallback_location` represents the location to use if the request has no HTTP referer information. (called from approve_vip at /Users/a1/JDDstore/app/controllers/admin/users_controller.rb:26)
Redirected to http://localhost:3000/admin/users
Completed 302 Found in 4ms (ActiveRecord: 0.3ms)
And the code in controller is
def approve_vip
#user = User.find(params[:user_id])
#user.is_vip=true
#user.save
redirect_to :back
end
Can you tell me why it not change the role?
If you want to know more informatian, please let me know. Thank you very much for helping me.
It looks you have some model callback (may be before_save) which is restricting to update the records.
You can use update_column or update_columns to bypass the callbacks/validations and directly make a update query to your db.
def approve_vip
#user = User.find(params[:user_id])
#user.update_columns(is_vip: true)
redirect_to :back
end
You need to read error's message. Probably the user's validation is failed.
def approv!
update_attributes!(is_vip: true)
end
This code give you exception with the error's message.