I have a rails application which uses Device and Cancan for authentication. When I tried to sign in through my Rails Web view it works fine, but when I tried in Rest client I am getting an error. Is there any token I need to pass while signing in?
Sign in details..
http://localhost:3001/users/sign_in
{
"username" : "abcd",
"password" : "abcd"
}
In Rails Web View
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"A6GbMQxnQO6ELz/QM3yRIDYM5xfFi
Whn6nTLodfghYtU=", "user"=>{"username"=>"admin", "password"=>"[FILTERED]"}, "comm
it"=>"Sign in"}
There is no other parameters other than user credentials are posted through Web view.
How to solve this through REST CLIENT?
Thanks in advance..
Please follow the link https://github.com/applicake/doorkeeper/wiki/Using-Resource-Owner-Password-Credentials-flow
Before that you need to register your application to get the Client_id and secret_id
in Device Registration path is : http://localhost:3000/oauth/applications/new
Once You get the access tocken you can access the resources by passing the access tocken as query string along with resource URL
Eg : http://localhost:3000/users?access_token=<!----access_token----!>
Related
I am new to Rails and have setup devise with a User model with email and password with also a React frontend. My aim is to consume the signup/signin endpoints in a React app instead of using the default Rails view. When I go to http://localhost:3000/users/sign_up I can create an account and also see the data in PGadmin. However, I want to create a React based view for the forms and use the endpoint of the devise. I am trying to test the signup api using Postman but gives me an error 422 Unprocessable entity. Not sure what params to pass in Rails.
http://localhost:3000/users/sign_up
Used:
{
"user": {
"email": "test2#test.com",
"password": "test"
}
}
and
{
"email": "test2#test.com",
"password": "test"
}
First, you are in developement mode, so turn off the token authenticity (and turn on again if on product mode) for Postman requests, by add to app/controllers/application_controller.rb:
class ApplicationController < ActionController::Base
protect_from_forgery with: :null_session
end
Then, config Postman like this:
Type of request = POST
Url = http://127.0.0.1:3000/users
Body with form-data, with after keys, values
Key: user[email]. Value: test2#gmail.com
Key: user[password]. Value: secret
Key: user[password_confirmation]. Value: secret
Click on Send button you will bypass register page and get desire results (such as new user registration informations from Postgres if you not set the Confirmation mode in Devise User)!
Go on!
I have a rails app with a POST url which creates some resources.I have a page with a form which takes in all the information and does an AJAX call to the POST url without authenticity token.
Am doing data["authenticity_token"] = "";, before doing the AJAX call.
Parameters logged on serverside are like below
{"utf8"=>"✓", "authenticity_token"=>"", "company_customer"=>{"name"=>"Anand"}}
The resources are created without any error(I have protect_from_forgery with: :exception in my ApplicationController).
But when I tried to call the same POST url from Postman, I get InvalidAuthenticityToken error.
Why am I getting the error?
How does the rails app verify the authenticity of the POST request in first case?
In the first step i.e. from browser , you might be having some session id in the cookies but here not.
Also, if you were hitting by remote:true option, it will take the authenticity token from the page in the hidden field.
For more details , check your logs in both cases.
This token is automatically added in as hidden field when you are using form_for helper method to generate forms, so Rails makes sure the request comes from one of your forms.
You should unprotect your controller action when requested from postman or any other app, see how to here : https://stackoverflow.com/a/22715175/8352929
You can find how CSRF works from here. I recommend you go through it.
Whenever you use form_for Rails adds one hidden input field to your form which looks like the following:
<input type="hidden" name="authenticity_token" value="doLYVxrkhdrzn7zzriHXjFE6ZhNCuXVxLrau4ouENmuKKC/SWp2NMM/MeL/Ji2tDvzNcJHVN/Hc0LIluL3o5QQ==" />
Also, Rails include CSRF token in the meta tags of the website which looks like the following:
<meta name="csrf-token" content="zxnmBxg81JUQPG/C/wb3HRCah0m9Xe2A+gZ5N0Oy7cfwC+dF4hC325WxdVDLfkIxcw/CR/xyaC1phpvZ4EcgQw==" />
So, when you use Rails form_for or something similar to make AJAX call(may be with remote: true) the authenticity token is sent to the server. Which was not present when you tried to send the same request with Postman.
If you copy the CSRF token and add it to Postman params, the request will be completed successfully.
I'm using devise_token_auth gem in my Rails 5 API application.
For testing all devise token routes i use Postman.
When I try to update a user account using PUT method on route "https://localhost:3000/auth", I fill the body of request with that:
{"data":{"name":"user1"}}
or
{"user":{"name":"user1"}}
the response comes back with "success" status and JSON representation of a user with the same (not updated) "name" attribute.
Does it mean that devise_token_auth does not provide such functionality and a have to overrride the User controller and a model ?
the first step is get tokens valids and after add the headers in the PUT request and add in the body this json format:
{
"name": "newname"
}
The URL for login in devise token is:
http://localhost:3000/auth/sign_in
For update params for example name copy in the body and do not forget add the values in the header
I hope you solve your problem
I'm building a registration flow that allows a user to FB Connect to pre-populate the registration form. I'm also then capturing fb_uuid and fb_access_token.
When the user submits the registration form that is submitted as follows:
Started POST "/users" for 127.0.0.1 at Mon Jul 11 17:44:40 -0700 2011
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"commit"=>"Create my account", "fb_access_token"=>"XXXXXXXXXXX", "authenticity_token"=>"XXXXXXXXXX", "utf8"=>"✓", "user"=>{"remember_me"=>"0", "lname"=>"NNNNNN", "fname"=>"BBBBBB", "password"=>"[FILTERED]", "email"=>"dadad#google.com"}, "fb_uuid"=>"50123190"}
notice the fb_access_token, fb_uuid
In the Registration#Create, how can I capture those values and populate the Authentications table? Do I have to override devise?
Thansk
Although you may not need this right now, here's a blog post that you can use to solver your problem:
Devise on rails: Prepopulating form data
You can use the method described there to capture and process the data you need.
Hope it helps.
You can use the koala gem to pull those fb parameters from the facebook cookie after the user does a FB_Connect. Take a look at this:
https://github.com/arsduo/koala/wiki/Koala-on-Rails
I'm curious on why you aren't creating the user right after the FB_Connect which is the more common and intuitive user experience, as opposed to just prepoulating the registration form.
Like this:
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
I wanna create a new customer through activeresource. without authentication_key its not a big deal. i'm using devise authentication and cancan.
customer = Customer.create(:fname=>'sampath , :last_name=>'munasinghe' ,:auth_token=>'af34afafasfasfasaf')
if I use above code to create a new customer , xml request to web server is
Parameters: {"customer"=>{"first_name"=>'sampath', "last_name"=>"munasinghe", "auth_token"=>"af34afafasfasfasaf"}}
problem id auth_token wrapped by the customer model. so , authentication failed and returned 401 response.
is there any solution to create this format of request?
Parameters: {"customer"=>{"first_name"=>'sampath', "last_name"=>"munasinghe"}, "auth_token"=>"af34afafasfasfasaf"}}
note : auth_token is outside the customer block.
thanks
For json the simplest way to do that is setting Customer.include_root_in_json to false.
Then use this code:
customer = Customer.create(:customer => [:fname=>'sampath' , :last_name=>'munasinghe'],:auth_token=>'af34afafasfasfasaf')