We have a php website that currently acts as a registration portal. I want to port this to RoR or Sinatra.
When a user signs up, they enter their name and email. The sign-up page contain some other hidden variables, including which group they belong to. Using php when they submit the form we do this:
insert into name, email and password into usertable
insert groupname and some other attributes into grouptable
We have multiple sql functions do this.
Question 1:
How do I do this in a RoR app? I can create a nested form with some hidden variables but I do not know how to insert the data in to a couple of tables? Do I have to create some kind of association?
Question 2:
How can I prevent the users from tampering with the hidden variables? If the change the group from A to B in the html and submit, I want the app to know.
I assume that the the group is in some way determined by the server (path, some random variable, something else), so, instead of passing it down to the client, store it in the session for that user when the page is generated, and read it when the response is read.
Related
I'm working with a web application in Asp.Net Core 1 and would like to integrate authentication, I thought of using Stormpath but can not connect to a local database to make the login match.
If there is no way, what choice do I use?
Thank you
Stormpath will store your user accounts, but you can also use a local database to 'relate' to your Stormpath user accounts.
The idea is pretty simple. When you store a user in Stormpath, you'll get back an account object. This object has an href property which is a unique ID for the user.
If you want to create a database table named books, that has an author_id ForeignKey type field, you would define the author_id field as a TEXT field, then store the account href from Stormpath there.
This is how you would 'relate' to Stormpath accounts.
I currently have a site (Rails 4.1, ActiveRecord, Postgres) where a visitor can log in to one of multiple models — for example, a visitor can create an account or login as a User, Artist, etc. Each of these models have a password_digest column (using bcrypt and has_secure_password).
Now we want to move to the site to a unified login system — everyone creates and logs in as a User, and a User can belong to an Artist and the other models we have.
I think it makes sense to directly use the password_digest column in the User table, rather than looking across all the existing models. This means we'll have to create new entries in the User table and copy the password_digests into them.
Can this be safely done, and would everyone be able to login with the password they already have? I've tried playing around with password_digests in the Rails console (copying digests to known passwords and assigning them to other entries) and it appears to authenticate correctly … are there any downsides to doing this?
There's no uniqueness constraint on passwords (i assume) and so it doesn't matter if the passwords are the same between different User accounts (in the resulting table, with all the Artist etc records copied in). There's no safety issues with copying the data from one table/column to another: there's nothing magical about the password_digest value, it's just a text string. As long as you carry on using the same encryption method then the crypted password you generate to test on login should still match the saved value.
You may have a problem with usernames though, if they are required to be unique: what happens if you have an existing User and an existing Artist who have the same username? Is one of them going to have to change?
In my rails 4 app the user gets started by signing in via oauth which creates a new record in the users table. The next step the user enters keywords in a form which consists of five fields plus a sixth field for their email address. Upon submission, how do I tell rails to update their record in the users table with their email address and save their keywords to the keywords table? Is this possible because I don't think you can do a post and put request in the same submit. If not, do I create a separate table for user email addresses? What is the best solution?
See this PUT vs POST in REST
Why can't you do it all in the same request?
Currently, the site is storing "previously viewed items" via cookies.
I need to take that a step further and not only store those items in the database, but save the user's most recent search, so that they can retrieve the search later by returning to the site (the cookie can handle this), but also through say a four-letter code and later a QR code.
When you get into writing these non-authenticated users' data to the database, what is the identifier to use as the key to differentiate them? And would it be ideal to create the actual model record upon visiting the home page, or perhaps after the initial search?
You could save the IP address, other than that, there is really no way to save something specific to a user.
Use the rails request object. You can access the IP with request.remote_ip.
This is the only thing I can think of that is request specific without auth.
How is it possible to prefill inputfields in a form with data from a database?
Example:
In my database I have name, age and gender
The form that is on a website have the same input fields and the names are name, age and gender.
A user click on link which goes to another website and the inputfields are automatic filled out.
How do I send the information in my database to prefill the input fields on the other website?
You can't make your application type things into a web form that you don't control. If you do control the web form, you could of course make it accept parameters for those values and fill them in when the form is constructed.
You can construct a POST to the other site that would be the equivalent of filling in AND SUBMITTING the form, but that won't show the fields to the user and allow them to edit; it would skip past that step. Also that might very well be prevented if the external site has security in place to prevent cross-site request forgery.