I'm following: The infamous RoR blog tutorial security section
And from some odd reason when trying to reach the specific relevant page i'm getting a:
undefined method 'http_basic_authenticate_with' for PostsController:Class error
I'm using:
Rails 3.0.9,
RubyGems 1.8.11,
Ruby 1.9.2p290
Any idea what might cause this or maybe a specific gem which is missing?
part of the controller code:
class PostsController < ApplicationController
http_basic_authenticate_with :name => "dhh", :password => "secret",
:except => :index
# GET /posts
# GET /posts.xml
def index
#posts = Post.all
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => #posts }
format.json { render :json => #posts }
end
end
I think this method is only available to Rails 3.1 now, looking at the release notes:
http://guides.rubyonrails.org/3_1_release_notes.html#action-controller
Also the guide says:
This Guide is based on Rails 3.1. Some of the code shown here will not
work in earlier versions of Rails.
You can try this for rails version 3 and earlier:
class ApplicationController < ActionController::Base
USER, PASSWORD = 'dhh', 'secret'
before_filter :authentication_check, :except => :index
...
private
def authentication_check
authenticate_or_request_with_http_basic do |user, password|
user == USER && password == PASSWORD
end
end
end
Related
I am building an API in Rails and using Devise for Authentication. My front-end is an AngularJS app. I am able to log in and create a new session on the Rails end, but as soon as I try to access the current_user method in my UsersController it's nil. Am I missing something here?
Appreciate any help. Thanks
SessionsController:
class SessionsController < Devise::SessionsController
respond_to :json
def create
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#failure")
render :status => 200,
:json => { :success => true,
:info => "Logged in",
:user => current_user
}
end......
UsersController:
class UsersController < ApplicationController
before_filter :authenticate_user!, :except => [:create, :show]
respond_to :json
def show
render :json => {:info => "Current User", :user => current_user}, :status => 200
end....
I had to define current_user and run a custom authentication filter in my API to get the information straight from warden. I got the information below from a conglomeration of a few places here and here and a lot of trial and error with a debugger.
before_filter :api_session_authenticate!
private
def current_user
warden.user
end
def warden
env['warden']
end
def api_session_authenticate!
return not_authorized unless authenticate
end
def authenticate
warden.athenticated?
end
def not_authenicated
#render error messages and 401 status
end
I have a Ckeditor textarea in Rails 4, using gem "ckeditor". All works fine, and it's placed in an administration interface. So, when I click 'browse server' to upload the assets, it links to the url:
http://localhost:3000/ckeditor/pictures?CKEditor=skill_description&CKEditorFuncNum=1&langCode=es
The problem is that I don't want anybody to be able to access this page, only the administrator. So I use the gem cancan (supported by the ckeditor gem) to do it.
class Ability
include CanCan::Ability
def initialize(user)
can :access, :ckeditor # needed to access Ckeditor filebrowser
can [:access, :read, :create, :destroy], Ckeditor::Picture
can [:access, :read, :create, :destroy], Ckeditor::AttachmentFile
end
end
The problem is that the logic for cancan goes in a Model, so I can't get sessions there. If a make a before_filter in ApplicationController, somehow the app doesn't pass through it when going to the previous url. I think that with cancan the best way is to create a User model and create a is_admin field, but that's no what I want at this moment. Any ideas for how to handle this?
I found a solution for this issue.
Create a controller under controller with name ckeditor/pictures_controller.rb.
class Ckeditor::PicturesController < Ckeditor::ApplicationController
before_action: something
def index
#pictures = Ckeditor.picture_adapter.find_all(ckeditor_pictures_scope)
#pictures = Ckeditor::Paginatable.new(#pictures).page(params[:page])
respond_to do |format|
format.html { render :layout => #pictures.first_page? }
end
end
def create
#picture = Ckeditor.picture_model.new
respond_with_asset(#picture)
end
def destroy
#picture.destroy
respond_to do |format|
format.html { redirect_to pictures_path }
format.json { render :nothing => true, :status => 204 }
end
end
protected
def find_asset
#picture = Ckeditor.picture_adapter.get!(params[:id])
end
def authorize_resource
model = (#picture || Ckeditor.picture_model)
#authorization_adapter.try(:authorize, params[:action], model)
end
end
Or you can find the ckeditor controller in Ruby2.1.0\lib\ruby\gems\x.x.x\gems\ckeditor-x.x.x\app\controllers\ckeditor. In there, you can custom it.
I can't understand what's happening, when I ask for index action I receive ActionController::UnknownFormat, even existing a index.js file inside views/products folder. Anyone can help me to figure out what I'm missing out? I'm using Rails 4 and Ruby 2.0.0-p247.
class ProductsController < ApplicationController
respond_to :js
def index
#products = Product.published.newest.page(params[:page])
respond_with #products
end
end
You should specify the format on the petition, i.e:
get :show, :user_id => user_id, :format => :json
Hi maybe this is a fool question, there are info in a lot of posts, but i do not understand because im learning rails..
I have made this controller, posts_controller.rb
def index
#posts = Post.all
end
def show
#post = Post.find(params[:id])
end
def create
#post = Post.new(params[:post])
#post.save
redirect_to #post
end
def new
end
end
This is now public.. How can i make this just for admins, Im using devise. this is the controller for > SecureController
class SecureController < ApplicationController
before_filter :authenticate_user!
authorize_resource
def has_role?(current_user, role)
return !!current_user.roles.find_by_name(role)
end
rescue_from CanCan::AccessDenied do |exception|
render :file => "#{Rails.root}/public/403.html", :status => 403, :layout => false
end
end
Also Registratons controller
class RegistrationsController < Devise::RegistrationsController
protected
def after_sign_up_path_for(resource)
if current_user.user_type == 'player'
player_steps_path
elsif current_user.user_type == 'coach'
coach_steps_path
elsif current_user.user_type == 'elite'
candidates_path
end
end
end
How can i make that domain.com/posts/new is just available for Admin, but domain.com/posts is open to everyone..
Also i see there is views for admin... how can i make domain.com/admin/posts/new to work?
Any Documentation will be nice, but also a explanation, cause as i said, im just learning rails.
thanks
Use :except
before_filter :authenticate_user!, :except => [:new]
Having problems figuring this out.
trying to do a
rescue_from NoMethodError, :with => :try_some_options
But its not working.
EDITED:
For testing I'm doing a simple redirect
def try_some_options
redirect_to root_url
end
EDITED 2:
Sample of my controller. Added (exception) as recommended below.
I know the reason I'm getting the error. Using Authlogic and authlogic_facebook_connect plugin. When user is created from the facebook plugin the "MyCar" model, which is associated with a user is not created like it normally is created if a user registers locally. Since I do call on the user model and reference the users car throughout different parts of the site, I would like to do something like what you see below and eventually put it in my application_controller.
class UsersController < ApplicationController
before_filter :login_required, :except => [:new, :create]
rescue_from NoMethodError, :with => :try_some_options
...
def show
store_target_location
#user = current_user
end
def create
#user = User.new(params[:user])
if #user.save
MyCar.create!(:user => #user)
flash[:notice] = "Successfully created profile."
redirect_to profile_path
else
render :action => 'new'
end
end
...
protected
def try_some_options(exception)
if logged_in? && current_user.my_car.blank?
MyCar.create!(:user => current_user)
redirect_to_target_or_default profile_path
end
end
...
end
EDITED 3: Hacked it for now since I know why the error is showing up, but would like to figure out how to rescue_from NoMethodError
class UsersController < ApplicationController
before_filter :login_required, :except => [:new, :create]
before_filter :add_car_if_missing
def add_car_if_missing
if logged_in? && current_user.my_car.blank?
MyCar.create!(:user => current_user)
end
end
end
I just read your post when trying to come up with a solution to the same problem. In the end I did the following:
class ExampleController < ApplicationController
rescue_from Exception, :with => :render_404
...
private
def render_404(exception = nil)
logger.info "Exception, redirecting: #{exception.message}" if exception
render(:action => :index)
end
end
This worked well for me. It is a catch all situation yet it just may help you. All the best.