Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
We all know that Devise is de facto standard for implementing authentication on rails based apps.
By default it uses email as ID but also allows you to use usernames instead. It also has "Confirmable" module which lets you confirm the email address by sending an email and clicking through the link to verify your email.
I was looking for something similar for phone numbers--basically accepting phone numbers as primary ID instead of emails, and then confirm the phone number by sending an auth code as SMS message to the user's number via something like Twilio, and then let the user confirm it by entering the code (or even let the user click through a generated link to verify just like they do with emails)
The reason I was expecting there to be a popular devise module for this functionality was because it seems as if most mobile social apps accept phone numbers and confirm the number nowadays. There's gotta be someone who thought this was a problem and open-sourced a module for this. However I couldn't find any popular ones. Actually to be precise, here are the only three relevant links I've found on this:
https://github.com/giano/devise_sms_activable
https://github.com/baranov-sv/devise_sms_confirmable
Rails register User using phone number and confirmation
None of them leads to a working solution (I've tried devise_sms_activable but it doesn't work for rails 4, plus I'm wary of the low number of stars) So I wanted to ask if there's any viable solution to this. Am I missing something? Has this topic been brought up among the Devise developer community? I'm curious about the solution but if there is none, I would at least appreciate any answer on why this is not readily available.
[UPDATE]
I think the question might have been a bit misleading. While I can just build it myself, I don't like to re-invent the wheel.
Basically my intention with this question was:
If there's any package that does this (like all the modules such as confirmable, token_authentcatable, etc. Maybe not even a Devise module and it could be entirely a different thing)
Or, if there is no such pre-built solution, why there isn't one. I just can't comprehend why there is no such solution I can find when everyone seems to be doing this.
I will gladly accept when I get an answer to either #1 or #2. Thanks!
i've looked into that before... but the project requirements changed... so all of the following are relative links found on the devise wiki
this how to allows you to sign in and authenticate with different fields other than the email address
A Simple Token Authentication Service for Mobile Devices Using Rails 3 and Devise.
you can use the previous tuts in conjunction with some thing like Twilio to send the created custom auth token and authenticate user with phone number other than email.
[UPDATE]
since you mentioned an already working solution, I think this is what you are looking for. Active Model OTP and this blog post it's new and i didn't have the chance to test drive it :D
I also found Two factor authentication Devise extension
[UPDATE Aug/2017]
Based on a project that I was recently working on, I found that Tinfoil/devise-two-factor provides a really good/extensible integration with devise (and is highly customizable)... using the internal ROTP gem, you can provide different length codes based on different authentication methods (APP/SMS) and different window/drift allowed per method without having to write the whole thing from the ground up. (highly recommended if you want full power over complex workflow)
I'm the OP, and since I asked this question, I've come across a gem called active_model_opt https://github.com/heapsource/active_model_otp
This gem is not exactly a devise plugin but it does exactly what i was looking for. Basically by adding it to your user model it generates one time passwords that are valid for a certain amount of time. It even has a built-in function to "authenticate" using the one time password.
Anyway I hope anyone who stumbled upon this question may find this answer useful.
Probably not exactly what the OP was looking for, but for Rails developers in China, now there's a gem called china_sms which automatically integrates various Chinese SMS sending services into your Rails app. I'll just add it here in case anybody shall find it useful.
https://github.com/saberma/china_sms
https://ruby-china.org/topics/12407
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Is there any solution to protect google analytics from receiving fake information from Spammers ? The problem is anybody can send information by knowing tracking id.
I found the following solution, filter domain. But that's for web and how to implement for mobile app ?
https://blog.kissmetrics.com/protect-analytics-from-hacking/
Thanks
Visible Tracking ID
On a website you can right click, Show source but you can't on a mobile application. Therefore your trying ID can't be find from your clients application. Nonetheless, if your code is pushed to a public repository (Github for example) robots may find it.
Random spammers
Even if your trackingID is kept secret you'll have some bot spamming your account randomly (they try every possible tracking ID). Google added a tool to prevent this: go to Admin > View > View settings > turn on Exclude all hits from known bots and spiders. Then Google will automatically filter hits from the known fake domains.
Hostname security hack
Even with Google's automatic filter you may still see some spam. This can be fixed with what they explain in the link you provided.
In your article they create a custom dimension and use it to filter real data from spam data. You can also use this with your mobile application, the thing is, it does not need to be a host name it just need to be a string only known by you, its sort of a new secret added to your tracking ID (which should already be secret).
This works because bots can handle the try of every trackingID but they can't try every custom dimension with every possible value, it's too much work for them.
I know this question has been asked but most answers were a few years old and not all for a Ruby on Rails project. In my current project, I am using the Geocode gem (via Ruby on Rails) and anyone is able to search users by their location (which I also use the Carmen gem for country, subregion).
Anyway, I've been receiving this issue lately (Google Geocoding API error: over query limit.). After reading up on it, I see that this is quite common. Most of the resolutions seem to involve caching but others say that it does not work much/well.
I wanted to pose the question to many here and see what various people think is a good resolution. Ideally it would be great to keep the Geocoding gem within the project, but if it is not worth it, please let me know of an alternative. If you know of a resolution to this issue, please let me know too.
Thank you and simply looking to receive feedback for this situation =)
PS: I do not use the Google Maps API. The project is setup so that a user enters their information (using Carmen gem) and typing the cit. The location is geocoded and others can type in a city, state/region to find users within that region.
EDIT
Additional Question: When this limit is met, would that also cause the longitude and latitude value to be nil when a user signs up? Since it is as the limit, it will not geocode the location entered and so it keeps the value at nil? I've had this happen before so I just want to make sure this is why =P
EDIT 2 - ANSWER?
After speaking a bit (in comments below), it seems the best option is to cache the information. With that being said, after researching I see that there are a lot of legalities when it comes to caching with google? Again I do not use the Google Map API so the legal aspect may not be relevant?
Would this be a good solution to implementing the cache (https://github.com/codeforamerica/ohana-api/wiki/Customizing-the-geocoding-configuration)?
Just want to make sure I implement the cache aspect properly =P Thanks!
Joe
ANSWER
So after some research and help from japed (see comments above), I found this documentation (https://github.com/codeforamerica/ohana-api/wiki/Customizing-the-geocoding-configuration) which clearly explained how to setup Redis with Geocoding for caching purposes. It also provided another link with more information to test it in development before deploy.
Thank you!
Joe
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
I've been trying to add basic app.net implementation into my ios app and having loads of trouble for reasons I cannot figure out. All I really want to do is something simple like this:
http://hashpan.com/dev/help/appnet_client_side.htm
I have looked at the documentation and the various objective-c wrappers and really can't figure this out. I find zero sample code out there as well which doesn't help. Specifically I keep getting this when trying to setup an authorization screen:
http://cl.ly/0o032Z1H1E2y
And yes I have paid the dev fee so I have the rights to their api. If anyone would be willing to spend a few minutes to help me that would be much appreciated as I'm not sure where to go for help with this. Thanks,
rc
It looks like you are trying to use one of the web flows.
Since it is an ios app, you will want to use either the password flow or the app.net Passport flow. The latter is probably what you really want to be doing. This allows users to authorize your app from the app.net Passport easily.
Password flow: http://developers.app.net/docs/authentication/flows/password/
app.net Passport auth: https://github.com/appdotnet/ADNLogin-SDK-iOS
Also, since you are on ios, you will be well served using ADNKit by #joeldev: https://github.com/joeldev/ADNKit
If you do indeed want to use the web flow, this error message probably implies that you have not setup the callback URL appropriately in the dev console for that app or that you are not escaping the characters in the callback URL properly inside of the authorization URL.
I'm currently trying to send emails from a Rails application and would like to check the open/click rates of these emails. (without using any web service) Is there a gem or plugin that I can use to help me find out? Or is it even possible to do this?
Take a look here:
http://www.codingforums.com/archive/index.php/t-122920.html
I think the first mentioned method, detecting how many times an image has been viewed would be the easiest. Then again, these are not exact solutions, but I think an exact solution would be sort of a security hole (i.e. sending an HTTP request to a foreign server once you open an email).
Varatis is correct, using image tracking is the most common way this is done, and it is the way that most web services provide you with analytics on the e-mails they send on your behalf. Here is another Stack Overflow question that includes an example of how you might do this in Rails.
I have noticed that some applications provide functionality allowing the user to pull down transaction records (usually for credit cards) from an online banking system. Usually specific banks are supported.
What is the general method to achieve this (i.e., using an API, or something else)? I have seen a web app that supports the bank that I want to pull down transaction records from (ANZ), so I know it's achievable - but have not been able to find any references to any kind of online banking API.
I intend to implement a solution in Ruby on Rails, but I imagine the underlying method would hold regardless of the language used.
Perhaps the bankjob gem might be useful:
http://bankjob.rubyforge.org/
Contact the bank in question and ask them for their API - most of the information you want relates to the security/automated logon issues. the actual data is usually just transferred as a CSV file.
I know easier said than done, but be persistent until you actually are talking to someone in the IT area who can answer questions and not just lawyers and front people. It helps to do some of this in person rather than by email or phone - banks are conservative organizations after all (and if your money is in that bank you want them to be).
EDIT:
Now when dealing with banks don't be surprised if you run into stuff like this:AMEX Security - what's behind this jaw dropping stupidity? - a legacy mainframe system that only accepts 6-8 character, lowercase, alphanumeric entries with no spaces and no special characters. This is why most banks are reluctant to let people know about any outward facing APIs.
Hi I know this is 6 years later but... I thought i would answer it so that future users(like me ) could come up with a solution.
Banks now have api's so you could use something like httparty gem to parse api data.
A simple option is yodlee and their api, or if using rails the Yodlee-icious gem.
hope that helps.