I am using ruby-cas client, for an authentification based on a CAS.
I would like to link the ruby_cas authentication to my application :
when we log in with cas, in additon to the CAS session created, a session for my application is also created.
What should i do?
thanks
You could use devise and devise_cas_authenticatable
This should work for Rails 3. I am trying to make it work with rails 4 but rubycas-client (needed for devise_cas_authenticatable) is giving me a lot of trouble. However I haven't surrendered yet :)
Related
I am working on a Rails 5 API only app using JWT tokens.
I'd like to use Rails Admin for internal processes and would like to configure Devise (or Clearance) for auth for staff members instead of integrating JWT tokens with Rails Admin directly.
The problem I have is once I set up Devise or Clearance (the controllers, models, and routes are there) the sign in screens return an empty HTML page.
There are some related issues with Clearance mentioned in https://github.com/thoughtbot/clearance/issues/741 but I've been unable to figure out why the HTML does not load.
The Rails API does exclude some middleware but it's not clear to me which is missing or causing the issue. Thanks.
I solved the problem by converting the Rails API only app to be a normal Rails app. Not the best solution, in my opinion, but it works!
I have a Rails application with devise-like authentication and a lot of parts that depend on it. Now I want to add a chat between users using ejabberd (xmpp). I was searching through net and found that it's quite possible, but I can't understand how to make authorization in ejabberd server. For example user logins in a Rails app through login page with one credentials how to implement ejabberd loggining in this action? It will not be good to write like "please, put your user pw and ejabbered pw". Other way is to monkey-patch users registration, so ejabbered will use the same pw as user in the database and I will make authorization in one action, but will it be good? And how long user will be online in this way? Maybe I misunderstood something?
I've used rails extauth script like this https://github.com/geoiq/digitalgazette/blob/master/mods/chat/files/ejabberd-auth.rb and ruby_bosh gem for my application.
So now ejabberd is using my app to authenticate users. At login (for example) user's jid and password is using by ruby_bosh to make session and get jid, rid and sid saving them to session to use them later in a strophejs.
Referring to: Ember authentication best practices?
We have two separate apps: a Rails backend/API and a standalone Ember app. The Ember app will speak to the Rails API.
I've found ember-auth (https://github.com/heartsentwined/ember-auth), but I don't understand why I'm going to benefit from it.
Here's what I want to do :
- When logging in, Ember sends username and password to my /accounts/login endpoint.
- If correct, Rails responds with the authentication token.
- Ember will store the authentication token locally and pass it along with each subsequent requests. I do not want my tokens to expire so users can always close the browser, come back, and still be logged in.
Is there any issues with my approach? What about security?
Take a look at these two Embercasts videos:
Client-side Authentication Part 1
http://www.embercasts.com/episodes/client-side-authentication-part-1
Client-side Authentication Part 2
http://www.embercasts.com/episodes/client-side-authentication-part-2
And this blog post:
Authentication in ember.js
http://log.simplabs.com/post/53016599611/authentication-in-ember-js
I have an rails app which relies on authenticating username/password entered to an external webservice. Rails app will not have a user model. When a user enters login/password and it makes a post request to check that login/password. External application will return back a cookie or token which can be used for subsequent requests made from rails app.
There is no User model in the rails app since all the users are stored in an external application.
Is there a gem which let me strictly do session management? I'm planning on storing that token in a session.
why not just create a sessions controller that saves the token into a session? I don't see a need for a gem.
something like
sessions[:token] = token
If you are dealing with a tokens that expire like facebook you can take a look at this
http://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
hope it helps
I might look at the way Michael Hartl does user sessions in his Rails tutorial. What you want is something slightly different, but you might be able to reuse some of what he did there. http://ruby.railstutorial.org/chapters/sign-in-sign-out#sec-current_user
(It's also just a good tutorial to go through, regardless of your level of Rails experience.)
I'm now on level 7 of Hartl's rails tutorial book and I'm starting to think about my application in deployment. It's an app that allows about 12 social workers to communicate collaboratively and privately. Thus, I need to password protect it.
However, it also needs to be easy to use, very easy to use. A few of these people haven't used a computer before, and having logging on and sign-up processes would put them off completely.
Thus I want to create a landing page, where they have to type a password in (the same password for everybody), then it redirects to the 'discussion pages.' My first idea was to use some obfuscated javascript such that upon typing in the password, it redirects them to the discussion pages, but this doesn't sound very secure.
Can anyone recommend me a better way to do this in rails? Ideally they would only have to type it in once, and then it would authenticate them for all the pages automatically (by setting a cookie?) and anyone trying to access a page directly would be redirected to the authentication page.
Cheers in advance
A very simple authentication option is available to you in this situation. I would suggest you watch the Ruby on Railscast episode 270. I think it just maybe what you are looking for.
If you want really simple, you can use authenticate_or_request_with_http_basic
It's not a replacement for a real authentication system, e.g. Devise or AuthLogic however.
I started to use the lockup gem for this purpose:
https://github.com/gblakeman/lockup
It is super easy to setup and almost every user accessing the site should be able to use it.