I would like to test some mobile app development.
I choose to use Rails as my back-end and Phonegap as my front-end.
What do you think about those choice ?
I already manage to register a user from my app (Using AVD) to my server Rails.
But now, after registering the user, rails want to redirect to a page on the rails server. But I don't want it, is it possible that Rails send a "callback" (or whatever) to my mobile app that say "Ok the user is register" and then perform an action in my mobile app according to this message ?
My register form looks like
form accept-charset="UTF-8" action="http://3dcb84c4.ngrok.com/users" id="new_user" method="post">
<label for="user_name">Pseudo</label>
<input id="user_name" name="user[name]" type="text">
<br>
<label for="user_email">Email</label>
<input id="user_email" name="user[email]" type="email">
<input type="submit" value="Submit">
</form>
And my controller on my server looks like
def create
#user = User.new(user_params)
if #user.save
# send OK
else
# something
end end
thanks
You're probably looking for the rails-api gem.
you have to respond to the format and if it is js you have to
msg = {:status => 200, msg_text => 'Ok the user is register'}
render json: msg
instead of render the default erb.
Related
I take courses on rails 5.x.x and when they used form they add a line for token authentication to protect their site, on the start of the form, like this :
<input type="hidden" name="authenticity_token" value="<%= form_authenticity_token %>">
But to be on the last version of rails i'm on 6.1.3 version and i don't see anything on the web about that.
So the question is : Did I still need to set this authenticity token anywhere ? if yes, where ? and if no, why ? If you have some links about that for rails 6 I don't say no. Thank's you.
No, you don't need to add it manually, Rails does it for you in each form.
<%= form_with do |form| %>
Form contents
<% end %>
generates
<form accept-charset="UTF-8" action="/" method="post">
<input name="authenticity_token" type="hidden" value="J7CBxfHalt49OSHp27hblqK20c9PgwJ108nDHX/8Cts=" />
Form contents
</form>
You'll notice that the HTML contains an input element with type
hidden. This input is important, because non-GET forms cannot be
successfully submitted without it. The hidden input element with the
name authenticity_token is a security feature of Rails called
cross-site request forgery protection, and form helpers generate it
for every non-GET form (provided that this security feature is
enabled). You can read more about this in the Securing Rails
Applications guide.
https://guides.rubyonrails.org/form_helpers.html
I have what should be a relatively simple form in Rails that I'm using to send an email for two different previews, a desktop preview and a mobile preview.
<form id="email-form" role="form" action="<%= action_name == 'desktop_preview' ? email_preview_newsletter_path(#newsletter) : email_preview_newsletter_path(#newsletter, mobile: 'true') %>">
<label for="email_address">Email</label>
<input type="email" id="email_address" name="email_address" value="<%= params[:email_address] %>" placeholder="PLEASE ENTER EMAIL">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<input type="submit" value="Send" class="btn btn-primary"></input>
</form>
Right now I have it setup so that both previews get sent to the same endpoint, '/email_preview', but in the case of the mobile_preview I want to pass in a 'mobile' query string so that it ends up looking like this:
'/email_preview?mobile=true'
When I inspect the form on the page everything looks in order, however when it gets passed to the controller the 'mobile' part of the query string disappears and only the 'email_address' exists.
I suppose I could pass in the mobile value as a hidden field, but something about that just doesn't feel right to me. What is the best way to setup this form so that both the 'mobile' and 'email_address' key value pairs are passed as query strings when sent to the controller?
In the process of writing out this question I realized exactly what the problem was:
I had the form setup as a GET request as opposed to a POST request.
This was causing any pre-established query strings to get erased in the process of setting up the GET params being defined in the form (in this case, the 'email_address' param). Changing the form from GET to POST, (i.e. form method="POST")
Took care of this issue. Please note that if you are going to manually setup a form like this in rails then you also need to explicitly take care of the csrf token. This can be done by inserting the following input with the helper method into your form:
input type="hidden" name="authenticity_token" value="<%=form_authenticity_token%>"
when I submit one page to another, the sites shows the information!
Someone told me to use post to avoid it. however, when I use post method it doesn't work.
<form action="\look\at", method="post">
Select your new car's color.
<br>
<input type="radio" name="radios1" value="red">red
<input type="radio" name="radios1" value="green">green
<input type="radio" name="radios1" value="blue">blue
<br>
<br>
<input type="submit"/>
</form>
When I submit I can not see \look\at page. but I delete method="post" It works well.
How I use post method?
Check your routes (in config/routes.rb).
Probably you will have a line
get '/look/at', to: 'look#at'
replace get by post and it will accept a post.
Since you are not using the rails form helper or view mechanism (erb/haml) (please start using them, why write plain html????), you have to skip the authenticity token check (please note that this check is there for a reason: it is a protection against cross-site request forgery).
Just add the following line at the top of your controller:
skip_before_filter :verify_authenticity_token
I am trying to use Twitter's Bootstrap (http://twitter.github.com/bootstrap/index.html) with Ruby on Rails (v 3.2.8 with Ruby 1.9.3). I am using Devise for authentication.
Twitter has a nice sign-in form in their navbar. (see http://twitter.github.com/bootstrap/examples/hero.html?)
How would I set up my Rails application to use that login? I can set Rails up to login from its own login page, but how do I use the Navbar login? What would be the controller/model structure?
I found this on github, but it does not implement the navbar signup (https://github.com/RailsApps/rails3-bootstrap-devise-cancan/).
Thanks
UPDATE:
Found the answer : https://github.com/plataformatec/devise/wiki/How-To:-Display-a-custom-sign_in-form-anywhere-in-your-app
You can simply run rails g devise:views and customize the form to display correctly inside the nabvar. The you render it with a render 'devise/sessions/new' inside any of your layouts. For more detail look here.
The code from the example has the following after the tag.
<form class="navbar-form pull-right">
<input class="span2" placeholder="Email" type="text">
<input class="span2" placeholder="Password" type="password">
<button type="submit" class="btn">Sign in</button>
</form>
I would use this code, but change the form's action and input names to that of my login form.
Just view the source code of your login form and change the necessary values. You could also add in some code similar to below so that it will not show the login form if they are already authenticated.
<% if not current_user %>
//login form
<% else %>
//welcome the user and provide logout option
<% end %>
After the user has logged in and their username authenticated and saved in session[:user_name], when submitting a form with method="post" (using standard html) all session data is cleared and user is routed back to the login page. This does not happen if the method is set to get.
Post works when I use the rails "form_tag" which generates these additional lines:
<div style="margin: 0pt; padding: 0pt; display: inline;">
<input type="hidden" value="✓" name="utf8">
<input type="hidden" value="a_bunch_of_gibberish" name="authenticity_token">
</div>
What is happening?
Are you using Rails 3.0.4? It sounds like it might be related to the CSRF fix.
If you need a fix specific to your needs, you can overwrite #handle_unverified_request in your controller. See https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb.
Here's an example where this issue was with OmniAuth and OpenId. (See section 'CSRF Protection In Rails 3.0.4')
This issue can also happen if you're creating your own html form.
If you're getting redirected without knowing why, it's because of "protect_from_forgery" in your ApplicationController
In order to allow your form to post, add the following code to it (or use form_tag, explanation below):
<form ... >
...
<%= hidden_field_tag "authenticity_token", form_authenticity_token %>
...
</form>
The reason the "form_tag" works is because form_tag generates the hidden field for you =)