I'm working on a Ruby on Rails project where we want to automate some form submissions. How do we simulate posting a form from inside a controller method?
You could follow the POST below to use net/http to do a form post to an external or internal HTTP end point.
Submitting POST data from the controller in rails to another website
or you could use a popular HTTP client or REST client like httparty, wrest, mechanize etc. Look at the list here. https://www.ruby-toolbox.com/projects/rest-client
Related
I have built our marketing pages on WordPress and I was hoping I could add a search form on the WordPress site and show the results on the Rails application. Could I use Elementor to build a form and on submit that info is sent to the rails application to show the results from the rails DB and the user will now be on the rails application?
Thanks
You're asking about a form that is hosted on a Wordpress instance, which submits to a Rails app. While in general you could set the form action to post to any server, you will have problems doing this with Rails specifically because of the form authenticity_token, which is required by default for Rails forms with POST method.
See ActionController::RequestForgeryProtection
One way to stop Rails from doing this is to disable request forgery protection in your Rails controller:
protect_from_forgery with: :null_session
Another approach could be to build the search form in your Rails app, and embed it in an iFrame on your Wordpress. After the form is submitted in the iframe, you can redirect_to the results from the Rails controller, which will break out of the iframe with a HTTP 302 response that sets the user's browser location to the Rails application's results page.
I'm developing a Rails app. I have generated all my resources using the scaffold generator, and now I'm working on javascript, on an AJAX function.
I saw that if I request /entities/1.json, it returns JSON data for the record with id=1, so I was wondering if it's possible to do other CRUD operations the same way with GET/POST http requests using routes like /entities/new.json or so, that is, make an AJAX request sending post data as JSON.
Can you guide me on how to do that?
As you saw, scaffolds generates proper url and code for both HTML and json, so sending a POST to create a resource should work without problems.
You can find more info in the Rails guides about JavaScript and JSON
According to the Rails security guide, if you use protect_from_forgery, all non-GET requests include an authenticity token. When I have Jquery AJAX POST requests, however, I don't see the authenticity_token param as one of the params in the request. Is this how it's supposed to work?
Also, it seems that POST requests from outside a session (curl in a script) don't require an authencity_token, either.
Thanks!
Rails will send this parameter in the headers rather than in the post data. You need to include the built in rails UJS library to get this to work. Take a look at the headers in your request and you should see one called X-CSRF-Token.
What is the best way to make authentication?
on frontend I use Angular.js
on backend: Ruby on Rails
Rails app using as API for my frontend.
UPDATE:
This is will be single page application.
Frontend wiil be developed in Angular.js, backend in Ruby on Rails.
In ideal I want to build backend as collection of resources returned in json.
I search best method of security implementation.
When user open the app I need to check if user authenticated.
If not - go to login page,
If authenticated - open that he wants and return needed resource from backend.
I think that I need to store auth token on the client side.
What is the best method to generate it, or maybe Rails already generate it for me?
I don't know Angular.JS at all but I will try to provide you general information on rails that you can use with any Javascript Framework.
For authentication, you just needs:
A model for users
a controller which handle login, this method check user login/password, create a session object with all information needed (session is stored on server side and a cookie is used on client-side to associate each request to a session)
A controller for handling logout which basically only destroy the user's session
You have a good implementation in the rails tutorial here, or you can find several plugins (authlogic seems to be the recommendation of stackoverflow usershere).
Then, there is few differences between handling authentication with static html pages or with AJAX:
A HTML request will send login and password to the controller, which will automatically redirect it to another internal page once the session create
In AJAX, the javascript on client side should send an ajax request, look for the answer by the server (success / failure) and launch adapted actions (message if failure, redirection if success)
In both cases, the important thing is to check that the user is authenticated at at each controller otherwise anybody would be allowed to launch action or access internal information.
I'm trying to do something similar and I found this example app which has been very useful to get me going in the right direction: https://github.com/karlfreeman/angular-devise
Also checkout further discussion about it here: https://github.com/karlfreeman/angular-devise/issues/1
And here's another repo which takes a slightly different approach: https://github.com/colindensem/demo-rails-angularjs
I ended up borrowing ideas from all of the above. Here's a working demo if anyone's interested: https://github.com/jesalg/RADD
I want to grant users access to my API (hosted on heroku.com) from their sites.
But a strange problem occurs, when i want them to allow to post to the api:
Data sent from an correct form with the correct action-url (e.g. "http://myapp.com/projects/123/tasks/321/todos") - the params get serialized and send via jQuery - i encounter an "ActionController::MethodNotAllowed" with the additional info: "Only get and post requests are allowed", that re-routes to ApplicationController#index with :method => :options.
Rails doesnt extract the params for project_id (123) and task_id (321) from the url, neither are any further request_parameters, path_parameters or query_parameters available.
This behaviour occurs, when I POST from external sites, but doesn't occur, when posting from an html-page on my local machine. My first thought was about wrong encoding, but how to fix that problem.
Edit:
I am using authlogic (not devise :-D) and for the :create action the protect_from_forgery is already skipped.
Any suggestions appreciated
i guess that happens because rails tries to protect your form CSRF attacks.
you can comment out the protect_from_forgery line in your ApplicationController to test it.
but im not sure if thats the right way of dealing with this issue in the production environment.
Okay. I'll try and answer the right question this time (see other comment).
So I've thought about this, and I'm wondering, is this a case of the jQuery call attempting a PUT request? When you use the local form Rails will POST the data, but add the extra _method field to emulate a PUT.
Don't know if you are using jquery-rails, but this takes care of setting the _method parameter, and the PUT/POST verb translation for you in your AJAX calls.
The problem occured due to the cross domain policy - the request was made from another domain - and because I was using a recent browser that supports CORS, it was sending an OPTIONS-request first to get known from the server, which actions are allowed for this domain.