ActionController::InvalidAuthenticityToken Error when creating a doorkeeper application - rails-api

I'm pretty new to rails and I'm beginning with rails-api.
Right now i'm trying to add authentication through doorkeeper using resource owner password credentials.
But when im going to the /oauth/applications page to set a new app to add my frontend for exemple, i get an error about an authenticity token:
ActionController::InvalidAuthenticityToken in Doorkeeper::ApplicationsController#create
As it's a page implemented in the doorkeeper gem itself, isn't it suppose to work by itself?
Does any one know what's going on and how to solve it?
Thank you guys

This is due to the forgery protection enabled by default by rails.
If you're working on an API only, my guess is that you can simply turned it off in the environment file (test/developpement/production.rb) by adding this line :
config.action_controller.allow_forgery_protection = false
Cheers.

It's an incompatibility with rails-api and doorkeeper.
My project are being started and based on this and other things, I've chose grape instead of rails-api. It works for me!
If you can do this, I can't help you now!
tip: Enjoy with grape!

Related

ActiveAdmin taking wrong http method for update and destroy actions

Rails version - 5.2
Active admin version - 2.9.0
I have installed and configured active admin in my rails API application. Everything is working fine, except for the update, delete action of any controller, and logout of the admin user.
Here is my applicaiton.rb file
I have added method override in application.rb file though it is taking the POST request method for any update or delete request. It is working fine in my local even though it is taking POST request but when I deployed the code on the staging environment. I have found this thing. On my staging environment, that route is not present hence it is giving 404 error.
Below is the screenshot of the Update admin user request.
Can someone please help me to fix this issue?
I have finally fixed the issue. I am assuming the issue might be with my staging web server configuration otherwise it was working fine in my local in both the environments local and staging.
Post the answer here so it might help people in future.
By default the browser only supports for GET and POST requests. If we want to use any other request methods then we need to pass that request method in the parameter _method. You can read more about it here.
That wasn't happening in my case though i have added config.middleware.use Rack::MethodOverride in application.rb.
For resolving the issue, I have added the use Rack::MethodOverride in my config.ru file. It means before running the rails application it will use this method. I have added this code and that's it everything is working fine now.

405 not allowed nginx, CORS? Nginx config? Or something else?

Working on an app built using Ember.js and Rails.
Authentication is being done with ember-simple-auth using Oauth2.
I am able to login to my app locally in my development environment, but as soon as I try to login on my production server (through Heroku) I start receiving a nginx 405 not allowed status code.
First thing I thought was maybe it is my request headers / CORS. I am using rack-cors gem on my rails side and configured it based directly off the readme example. Here is my application.rb
Researching, I found the same problem with the solution being to configure Nginx side of things, but I figured since that is being handled by heroku I wasn't really sure if that was where I need to make my changes.
Let me know if there are any other files/info that could help.
What is the best way to debug this problem?
Try using this first to rule out CORS:
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
Does the route work locally when you use Postman or a similar tool?
Are you requesting HTML or JSON?

Authenticating users Ionic App with Rails + Devise backend

Has anyone successfully implemented authentication on an Ionic application that uses a Rails application with Devise as a backend? If so, what implementation did you use to that end?
I have already tried solutions like cloudspace's angular-devise but it doesn't really play well with Devise on the server due to CORS (which I have already included the headers needed for it to work)
The current rails application allows facebook login, it would be nice if the Ionic app had that ability as well.
Try to give this cloudspace's angular-devise another shot
I have combined it with rack-cors
and it worked for me.
Another Implementation via Toke Auth is also working..
An example implementation of the rails part can be found here:
https://github.com/julianbei/authService
The Ionic Part can be found here:
https://github.com/julianbei/authService/tree/master/mobile
Its not beautiful but a working "quick and dirty" implementation
good luck!

Authlogic_oauth2 alternative for Rails 2.3

In order to let users signup and login using facebook I used the authlogic_oauth2 gem (v.1.1.2) along with oauth2 (v. 0.0.10) and authlogic (2.1.6) in a Rails 2.3 application.
Everything worked well for more than 2 years but from a month or so, users are not able to login or signup with Facebook anymore.
I don't know what happened but I didn't changed anything so it seems that Facebook changed something on their end and authlogic_oauth2 doesn't seem to be able to work anymore.
Which could be the easiest way to fix the issue and bring back user login/signup with facebook?
Is there any better gem to help on the job?
Thanks in advance,
Augusto
I doubt that you may have done some changes in your present application unknowingly that caused the login and logout failures.
One possible cause of the problem might be the redirections from: http://yoursite.com to http://www.yoursite.com based on the changes that you made. Check the blog that mentions this problem.
The fix is to set: config.action_controller.session[:domain] = '.YOURDOMAIN.COM' inside of environment.rb (Make sure to prefix it with the .). That will make cookies work for both www.yourdomain.com and yourdomain.com (as well as any other subdomains).
I also recommend to check the login behavior in different environments: Development and Production and then check the output in the log files clearly.
This may help you to tweak the problem domain, as you mentioned that your code was working previously.
Update:
there is an update in facebook oauth and it is mentioned that all applications need to be updated to the latest version of oauth.
So that is the possible cause for your problem.
It outlines a plan requiring all sites and apps to migrate to OAuth 2.0, process the signed_request parameter, and obtain an SSL certificate by October 1.
check the link below:
http://developers.facebook.com/blog/post/497/
Thanks!
I found the solution: Omniauth works perfectly fine with Rails 2.3 and there is even a demo app on how to integrate it with Authlogic.
A popular one would be Devise which plays well with Omniauth. I am not sure of the compatibilities with rails 2 though, maybe time to upgrade...
Any reason you can not use Koala? https://github.com/arsduo/koala

Where should I put username/password for http basic authentication in rails app

I am going to use http-basic-authentication in a rails app. I watched this railscast to figure out how do do that:
http://railscasts.com/episodes/82-http-basic-authentication
In the video he says not to put the username and password directly in the code. Where should I put them then?
I am using rails 3.1.0.
You want to move them into config files. Ceck out this RailsCast about "Application Configuration".

Resources