My Ruby on Rails app has a subdomain URL for each user's public page. Eg. username.xyz.com
I want to publish this URL on the user's Facebook Page from Rails.
So far, I have created a Facebook App and set it's Page Tab and URL.
I'm using the fbgraph gem to set this app on the facebook page. (This page will be created by the user and will have admin access of this page.)
I used this code:
user = FbGraph::User.me("USER_TOKEN")
account = user.accounts.select {|account| account if account.name == "PageName"}.first
page = FbGraph::Page.new(account.identifier).fetch(:access_token =>"Access_token",:fields => :access_token)
tab = page.tab!(:app_id => "APP_ID_I_CREATED")
Using this code, every user's page points to the URL defined in the APP's Page Tab URL.
I want every user's page to point to their own subdomain URL (eg: user1.xyz.com)
What do I need to do to achieve this?
The subdomain is not handled by the web server, it's handled by DNS. So first you need to get DNS to route everyuser.xyz.com to the IP address where your web server is.
The way DNS works, you will likely have to have a DNS entry for every user. You might be able to find an API to add DNS subdomains when you create a user.
Don't ask me about how to do this, because I don't know, and am uninterested in researching it.
You also have to get the web application to accept the request, and #lightyrs has a good description on how to do that.
You can do the following:
Edit: Make all of these user.mywebsite.com subdomains resolve to the same URL. At that URL:
Create a catch-all route that will handle all traffic originating from *.facebook.com.
Point that route to a controller action that decodes params[:signed_request].
The decoded signed request will yield the facebook id of the page that is responsible for the request.
Fetch the user in your system that is an admin of the page in question.
Fetch the user's subdomain.
Redirect to the subdomain.
Currently, this is the most common way of solving this problem, however, I'd like to see a solution from facebook in the future that allows us to have some kind of dynamic tab URL based on the page, user, and referral context.
Related
I am trying to find a way to distribute a Ruby on Rails app selectively by sending them an email with the link that logs them in. This should be the only way to get to the page hosted at a unique subdomain. Additionally, we don't plan on having a login wall so the access would need to be guarded by using Cookies or the Query URL params.
A couple of questions regarding this:
Is it possible to leverage cookies exclusively to achieve this? I.e Any way to embed cookies within the URL sent in the email itself?
An approach I felt that might work is to embed the user ID (encrypted) in the URL in the email. In order for the users to not need to bookmark this URL or go back to the email to access this link, I was planning to store their session ID via a browser cookie. Any issues with this approach?
How to avoid wandering users(i.e users who haven't received this email) to access this page (i.e a nice way to raise a 404 error)?
Any other cleaner ways to accomplish this task?
Is it possible to leverage cookies exclusively to achieve this? I.e
Any way to embed cookies within the URL sent in the email itself?
No. You cannot "embed cookes in a URL". Cookies are set via the SET-COOKIE header in a response or through JavaScript.
An approach I felt that might work is to embed the user ID (encrypted)
in the URL in the email. In order for the users to not need to
bookmark this URL or go back to the email to access this link, I was
planning to store their session ID via a browser cookie. Any issues
with this approach?
Yes. You should generate a random token thats not tied the users id.
How to avoid wandering users(i.e users who haven't received this
email) to access this page (i.e a nice way to raise a 404 error)?
Create time limited access tokens that can only be used once by the user. There really is no other way for you to actually know that the person requesting the URL is the recipient of the email.
What you are describing can be accomplished with Devise Invitable which is a pretty good community tested point of reference if you want to reinvent the wheel.
When you invite a user Invitable creates invitation tokens which are stored in the users table. This is just a random string. There are also timestamp columns that expire invitations automatically.
The token is included in the URL in the invitation email as a query parameters.
When the user clicks the link the controller looks up the user based on the token and nulls users.invitation_token so that it cannot be used again. This stores the user id in the session and takes the user to a screen where they edit and finalize their account by setting a password.
I am running google adword campaign for one brand on google search result it will show display url www.mysite.com and when someone hit on the ad then on the url tab first of all it will redirect to some other page then it will show my original url i.e. www.mysite.com Please visit the following link for reference Example URL
Rids - If I understand you, you want to set up adwords ad (that you control) to link to your site that you're advertising...then you want to redirect them somewhere else.
You should be able to provide the url in the ad to the first location.
Then you'd have to code something that redirects them to a different url...
There is no way to do a double end point in http protocol. its a request,response. once a user clicks on your ad - they have requested your URL, your server will send a response page, which gets rendered in the browser...
Your server, OR your response page can perform a redirect - but you have to code that. Unless you're using some CMS (content management system) that will 'code' it for you thru an interface...but it's still 'code'
Hope that helps.
I have a page with public access, role based authentication, on it. Now when I surf to this page I see my login page, but the url is still the one of the protected page.
Why is this? Can we change this so it redirects normal to the login page?
The built in behaviour of Umbraco is to keep the protected URL in the browser and then display the login page on it. As far as I know, you can't change this behaviour out of the box, but if it bothers you, you can add a check to your login view to check of the request URL matches the URL of the login node (it shouldn't do in in your case), and do a redirect to the actual login page if they're different.
I believe this is done so that it doesn't have to redirect you once you've logged in, as you're still on the URL that you originally requested.
I'm developing a desktop application which is supposed to allow users to login via Twitter.
There seems to be 2 ways to do so, that differ in a way oauth_verifier is returned to the application.
The first one is for web applications and oauth_verifier is returned as a url query parameter when redirecting user back to redirect_url.
The second one is using a PIN displayed to the user, which user enters to the app.
Now Facebook, for example, has a page facebook.com/connect/login_success.html , where FB can redirect a user with ouath_verifier as a query param (e.g. facebook.com/connect/login_success.html?code=<token>. Then I can read that param back from the browser's location field (I'm using an embedded browser).
So, is such a workflow possible with Twitter? Does it have a static page, where it can redirect user with oauth_verifier ?
I haven't been able to find such a page in Twitter's API docs, so I ended up using the main page twitter.com for the redirect. Everything works fine.
I'm building a music website on Symfony 1.4 and Doctrine 1.2. I'm trying to integrate facebook plugins (like, send, post a message buttons) on my pages. For example, I want users to be able to like a song on a song page in my song module. But the problem is, I've used sfDoctrineGuard to secure all modules on my app except for the landing page. So if a user logs in and uses the facebook like button to like a song on the song page, because that song module is secured by sfGuardAuth, facebook API can't talk to it and gets forwarded to the landing page. This means that all likes on my app get posted on facebook activity feed as if the user liked my landing page.
Is there a way to build an exception into sfGuard so that any traffic coming from facebook domain can access that page? Is there a workaround to this? I want to be able to show all the facebook meta data from my secured pages, for whichever song is liked, on a facebook wall. If I disable all sfGuard security, it works fine.
Any help would be great as I'm stumped and haven't found any one else with this problem.
Well, it could be a huge security hole if you want to allow request from Facebook to be able to by pass your sfGuard security. If someone click that link on Facebook, it will also have access to your website without having to be logged in.
You might find a work around by tweaking the Facebook bot who scrape your page. The user agent of the scraper is: "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)". So it could be easy to allow access to its request by looking at the user agent. BUT, any one can spoof a user agent easily today.
Maybe you have to find an other way. I though about a kind of light page wich can be accessible for every one and where you display the minimum information (like only the artist and the song name without being able to play it. But just to be sure that, if someone not logged in try to see the page, it won't be redirect to the login page but to this light page. You get the point?
Then, you can put a huge button to allow new people to register to see the full page.
Anyway, in any case you will find, you should implement it using filter (in filters.yml). Filters are executed before any action. So it's the perfect place for this kind of check.
You will find info about filters:
on the official website (they are 2 links)
here an implementation of a ssl requirement (sorry a googlecache page)
here a basic implementation
edit:
I will go on sth like that. First, create a user called "facebook bot", and put its id in the /apps/frontend/config/app.yml:
all:
facebook_bot_id: 56 // sf_guard_user_id
Then create a simple filter lib/filter/facebookBotFilter.php
<?php
class facebookBotFilter extends sfFilter
{
public function execute ($filterChain)
{
$context = $this->getContext();
$controller = $context->getController();
$request = $context->getRequest();
$user = $context->getUser();
// get the user agent
$pathArray = $request->getPathInfoArray();
$useragent = isset($pathArray['HTTP_USER_AGENT']) ? $pathArray['HTTP_USER_AGENT'] : '';
if (preg_math('/facebookexternalhit', $useragent))
{
$member = Doctrine_Core::getTable('sfGuardUser')->find(sfConfig::get('app_facebook_bot_id'));
// logged in the facebook bot
$user->signIn($member);
}
// execute next filter
$filterChain->execute();
}
}
Don't forget to enabled the filter in apps/frontend/config/filters.yml:
rendering: ~
facebookBotFilter:
class: facebookBotFilter
security: ~