I have a current system that creates database users in my MSSQL database. These users can connect to the database with other clients we've written. I need to challenge the user to enter the username and password that is already defined in the SQL Server Security/Logins of the database.
I'm able to connect to the database and create tables with rails, I just can't find any information on how to authenticate against the database I'm connecting to.
We have a table in our schema already that has the user information such as usr_name, usr_desc, usr_email, etc.
Assuming you do no hashing and you user model is set up correctly in rails you can use
#assuming your table/model is called user your user name field is called user_name and your password field is called password
user = User.find_by_user_name_and_password
if user
#do authenticated stuff
else
#don't do authenticated stuff
end
Check out http://guides.rubyonrails.org/active_record_querying.html
Down toward the bottom it talks about dynamic finders. These are created for each field in the rails models. That's what makes sql querying in rails a cinch.
Related
I have a database and there some tables.
There are some users in the table users
I am trying to create a form which the user will be able to get his/her password to his/her email.
I would like to send an automatic email with both username and password (which are fields in the table named 'users')
//you can connect to you database with the following code
mysql_connect(HOST, USR, PSD);
mysql_select_db(DB);
/*where HOST = Database host server eg localhost
USR = Database username
PSD = Databse password
DB = The name of the database that contain the table
*/
place the code after
$id = mysql_real_escape_string($_GET['id']);
PS
using mysql is has been deprecated and remove as of php 7. Try to use PDO or MYSQLI
To connect to a database, please read this page. You need to connect to a database before you can perform any action with SQL in your file. Also consider security when sending account details by mail, especially unencrypted passwords. Even if you're practising it's a good exercise to make a secure system.
At my company we're designing a new flow for our user to register. User and Company are very closely tied to each other. Due to several reasons we can't create the user and the company one after the other but we need to create them at the same time.
However as our form is on several steps, we collect all the user input in a separate Registration model in a jsonb attribute and then create the user and company at the end of the process from this intermediate model.
One of the problem is that we collect the user password. However as we're storing the registration in our database, the password is exposed.
How would you try to protect this?
EDIT: We're using Bcrypt to encrypt password
I have not tried this but I guess this will work. You can use the following code to encrypt the password before storing it as intermediate json.
my_password = BCrypt::Password.create("my password")
If you have designed the User model properly, there will be a password_digest field in your table. So while saving encrypted password, use:
#user.password_digest = my_password
instead of
#user.password = my_password
where you expect encryption to take place in the background.
I have User table and Employee table, but I have only one login form for user(Admin). I want to login Employee also from same login page please help me as soon as possible? In MVC.
First check if username exits in the User table, if it does then match the password and return accordingly. If doesn't exist then check username in employee table and match password. If not found in both tables, return user doesn't exist.
I prefer having all my users in one table, then assigning them the Admin role if required.
But if that is not an option, check if the user exists in the admin table, if not, check the users table. If still not, don't log him in. Otherwise do the rest of the login process.
My preference is:
All users should be into a single table. And user table needs to contain a column "isAdmin[bool]".
when user press on the login button with correct username and password, system will check the role. if isAdmin == true then the user should log into the system with admin functionalists as well as the regular employee functionalists. Because a admin is also an employee.
when isAdmin==false the the user should log into the system with only employee functionalists.
Try to learn more about role based authentication.
Thanks
Background
I have a multi-tenant Rails application which uses the Apartment gem to switch schema depending on their subdomain when they login. The User and Account entities are in the public schema. All of the other related entities are in the account specific schema.
Question
When a new user signs up, the User and Account records are created during the initial form post (i.e., in RegistrationsController#create).
However, I would like to create other records at this time (e.g, a Family record), but the account specific schema hasn't been created yet and the context hasn't switched, so if I do something like this:
#resource.create_family(name: #resource.last_name)
The Family record will be incorrectly created in the public schema.
Devise lets you specify a after_sign_up_path_for value, so I was thinking of maybe creating a custom action in the FamiliesController that does the work of creating new record, but that seems kind of kludgy and non RESTful:
def after_sign_up_path_for(resource)
# root_url(:subdomain => resource.account.subdomain)
family_autocreate_url(:subdomain => resource.account.subdomain, :query => resource.last_name)
end
What's the right way to do this?
(Note: the schema context isn't switched until I redirect to a URL with the account specific subdomain. Hence the thought of doing it )
I'm trying to migrate a legacy app to Rails 3 and change the authentication to use Devise. I've created the model and migrations and imported all the user data.
I don't plan to migrate the passwords over as the existing scheme is not one we'd like to use going forward, but I want to be able to present users with a simple experience.
Ideally I'd like to catch a login error and then check the password with the legacy field and then update the Devise password with it if it matches.
I can see that Warden gives me a callback that can trap errors so I expect I can trap a login error.
However because all the passwords (in Devise) are blank I get errors relating to the hash as the encrypted_password fields are empty.
Is there a way I can update all the user accounts with a random password?
I've seen in Devise::Models::DatabaseAuthenticatable that there is a method 'password=' but if I call that, e.g. in rails console for the app:
User.find(1).password=('new')
=> "new"
I just get the same plain text string back ('new') and saving the user record post this doesn't populate the encrypted_password field.
I've searched around but can't seem to be able to find it. Any suggestions much appreciated!
Ok just in case anyone else is as cloth headed as I have been the last 24 hours, here's how you set the password:
user = User.find(id)
user.password = 'new-password'
user.save
Simple really :)