I have a working application for using Devise for user models and authentication. I want to create a table that effectively stores ALL the logins a user ever has, and the length of these sessions. I do not need to store session data with the entries. Am using the "timeoutable" option in Devise which I think will ensure I always have a logout time (?) even if a user just closes the browser window.
What I want is effectively the opposite (in some sense) of how the sessions table operates in only recording the latest user session when using active_record_store option in config/initializers/session_store.rb
So what's needed is a logins table with user_id and login_id/index (plus login time and logout time) that is edited automatically any time a user logs in or out, and DOESN'T delete or overwrite the older sessions. Does this require a model, controller, etc. like other user-edited objects?
Answer is probably something simple, but I spent a lot of time looking and didn't see too many folks who actively want to store MORE user data like this. Thanks for any advice! [I'm a Prof. doing this for a basic web-course app so I can make student time on the site part a factor in their grade ;)]
Using rails 3.2.13, devise, sqlite3 for development db
If you don't want to reinvent the wheel, you can have a look at those 2 gems. They offer model data change tracking:
https://github.com/airblade/paper_trail
https://github.com/collectiveidea/audited
Related
I am new to Active Admin but from what I have seen so far I think this is quite easy to implement.
I have an app with the apartment gem to add multi-tenancy.
I am adding active admin to my app. Apartment uses PostgreSQL schemas to segregate data. So for example by default your models in Apartment have a 'public' tenant unless you call something like Apartment::Tenant.switch!('abc').
In my app my User and Company model are in the public tenant and everything else is in tenants. So out of the box Active Admin works fine except that the tenant models show no records - as they should.
I did some tinkering and manually added Apartment::Tenant.switch!('abc') one of my AA model files and that worked perfect. Here is an ideal solution:
when the AdminUser logs in the tenant gets set to a default (say the first tenant)
On each tenanted model there could be a select menu that submits a param (?tenant=abc) and then the tenant is changed
The active tenant is persisted in perhaps the AdminUser session store so you can work in the same tenant data until you need to switch.
I think I can do this myself quite easily but I wanted to see if there was any Active Admin specific issues I would need to address like:
Does AA have an equivalent of a application controller? It would be nice to keep the tenant switching logic in there vs the main one.
The alternate AA Devise AdminUser has a separate session variable store available right?
Any suggestions would be appreciated - I will post my final solution / code back to this post once I sort it out.
Does AA have an equivalent of a application controller? It would be nice to keep the tenant switching logic in there vs the main one.
Indeed, there is an ActiveAdmin::BaseController, but the gem authors don't talk about using it for customization, not sure why. Seems like a fine place for the logic you're talking about.
I've never needed to modify it before, but here's a blog article from someone who did.
The alternate AA Devise AdminUser has a separate session variable store available right?
Hmmm. Devise uses Warden for session management, which supports multiple user 'scopes' logged in simultaneously as well as separate session data, and if memory serves from when I've dug around in the code Warden puts the separate session data in a different key in the same cookie. Not sure if this is what you meant, but I verified that it definitely does not use a different cookie for users vs admins in my current ActiveAdmin-using Rails project.
Not a definitive answer, but moving the ball!
I am new to Ruby on Rails. The rails application that I have developed has several models including one for user that stores user name, passwords and other user related information.
Now the problem is that a few columns of a table corresponding to a model has modified erratically. Now I want to know if Ralis has any feature so that I can know the user who has done this or this is because of some other reasons.
You can try installing Userstamp and maybe Paper Trail to track changes to records. If you've implemented the User model yourself (as opposed to a framework like devise), you'll need to read the docs carefully to see what properties are expected of your User models to get the full benefit.
Using devise
It adds other columns(yours) in migrate, before generate views
https://github.com/collectiveidea/audited might provide the auditing you require.
I am building a website for a client that wants to be able to make edits to things on their website. As such I need a way to allow the client to login to the site to make their changes.
My initial thought was to make an authentication system that relies on a User table in the database that is capped at one and only one user. It seems sort of overkill however to make a database table for just one result, so I was wondering if there were any other approaches or best practices that anyone could point to for building a site with just one user.
You could simply authenticate with a static password that is received from a file(encrypted), if you do not want a db model for that.
However, setting authentication with a gem like Devise is like 10 minutes of work. In order to be more secure(it can be a matter even in single user apps), you can set it up and be fine :)
I would highly recommend you set up authentication. As SpyrosP said it does not take long when you use Devise.
First, my obligatory "I'm new to rails" statement: I'm new to rails.
Sorry for the following long-winded expository stuff, but I want to make sure I'm asking my question clearly. I'm building a sample manager for a small analytical lab. So far I have built the core user stuff using devise to manage sessions (Basically so I can use all of Devise's nice helper methods throughout my app). The users don't need to be securely separated, so there is no sign in form, it just automatically signs them in for whatever action the user wishes to do.
I would like to put a front door on the website for macro-security that signs in to either the user version of the site (described above) or the admin version. I understand how to implement this using Devise, however, I am unsure as to whether Rails allows this sort of double-session where there's a macro-security session on constantly while a bunch of internal sessions are created and destroyed. Again, sorry for the long-windedness and thanks for your time and help!
Decided to just give it a shot and it turns out it worked. I have to test to see if there are any kinks in the functionality, but as it stands it works well as a front-door while allowing the internal transient sessions.
My goal is to allow users of a Rails web app to see all their open sessions on other computers and close/sign out of them remotely. Similar to gmail's "Account activity" page (link found at the bottom of the gmail inbox page).
I can technically achieve this by using the sessions in the database
account_sessions = CGI::Session::ActiveRecordStore::Session.find(:all)
and iterating over them to find sessions corresponding to the current user (the user ID is stored in the session data), and allowing the user to destroy these sessions.
However, this doesn't offer the usual convenience of working with Rails models. I can't easily express a has_many relationship with the user and make use of
current_user.sessions
nor can I easily put an index on user_id since it's in the data part of the session (instead of being its own column).
This approach also may become impractical if the number of sessions grows, since in the above the table is read into memory.
As a solution, I'm thinking of creating my own model which "mirrors" the relevant portions of the session and is created/updated/destroyed to maintain that correspondence.
This isn't a great way to go about it due to data replication and added complexity of code, but I didn't find another way to do it.
So the question is: is this a good way to go about it, or am I missing something?
Thanks in advance!
Fraser
Edit: I should have mentioned that I'm currently using restful-authentication, and would prefer not to switch.
Since authlogic offers a user session model and is easily extendable, you should be able to achieve exactly what you want, if you don't mind to switch to another authentication mechanism.
Edit: This Railscast should give you a pretty good overview.