I have a Rails 3.0 application with the latest version of Authlogic. The user login works as expected on localhost. It works in production when using Safari or Firefox or Chrome in incognito mode, but it does not work when using Chrome normally. I have a Resque interface hooked up in the config.ru, but turning it on or off does not make a difference.
It does work when allow_http_basic_auth is set to false, but I need this to be enabled because our API makes use of basic auth.
Anyone else have a similar issue or any idea what could be causing this to happen?
UPDATE:
So I can login in Chrome using http_basic by typing the full URL (e.g. https://user:pass#site.com).
The cookie is the same in Chrome (when not able to log in) as it is in Safari.
It look like what is happening is that the user actually gets logged in, then redirect to a different page (302). This page then thinks that the user is not logged in and the user then gets redirected to the login page.
Related
Context:
I have a chrome extension that pops-up when users connect to a given site (eg: https://www.site-triggering-extension.com)
This extension communicates with a Rails app (that uses Devise) deployed on Heroku (https://www.my-app.com). The basic user flow is :
Users sign-up on the Rails app to create an account
Then they can log-in on the chrome extension and use it
My Rails app has an API that allows the chrome extension to send some usage logs that I store.
To authenticate my users on the chrome extension, I set up an authentication_token exchange between the extension & the Rails app.
Problem :
Users logged-in on the chrome extension are not logged in on the Rails app.
And the Rails app allows them to access a dashboard with their logs, modify their account infos, etc.
=> Having to enter your login+password on both the chrome extension AND the Rails app seems unnecessary and adds friction to the whole experience.
How could I set up my system so that logging-in on the chrome extension also logs-in the user on my Rails app ?
What I tried :
I am probably completely in the wrong direction here but still I wanted to describe what I looked at :
My extension logs the user in by make a call to the /api/sign_in route that sends back the authentication token.
I realized that the response from Rails has a Set-Cookie header with _my_app_session cookie in it. This looks like the type of cookie Rails+Devise could use to consider the user as logged in. However, this cookie is stored (in the DevTools - Application pannel) under http://www.site-triggering-extension.com as the API call originated from this site.
When I open a tab and load my Rails app, the cookie does not seem to be used by the Rails app site (https://www.my-app.com).
I have no idea how to tackle this issue. Help would be highly appreciated !
My current scenario is:
Running an iPhone on the latest iOS
LinkedIn App is installed and logged in
Web browser is NOT logged into LinkedIn (because I have the app)
Developing a web app with "log in with LinkedIn" functionality
On the iPhone, clicking the "log in with LinkedIn" button redirects me straight the the LinkedIn App, which subsequently does nothing - just shows me my feed. I have verified this same behaviour occurs on a third-party site as well as my own. Note that Android exhibits similar behaviour, though I haven't tested as extensively there.
I've found several workarounds:
If I open the web site in Private Browsing mode clicking the login button asks me if I want to open the App or stay in the browser.
If I long-press and "Open in background tab" the login button it'll open (in the background, of course) instead of redirecting to the app, allowing me to log in.
If I manually type "linkedin.com" into the browser and log in then it seems to work too.
None of these are even vaguely practical for end users, essentially forcing us to remove the option entirely.
I'm fairly sure this is a problem at LinkedIn's end and the solution is either:
Don't redirect to the App for OAuth Authorize requests, or
Make the App correctly handle OAuth Authorize requests.
If I'm incorrect and there's some way we can stop this redirect from the client side I'd be happy to hear, otherwise I hope LinkedIn engineers actually see this...
See the comments in Issues with Linkedin Social connection
LinkedIn already confirmed that it is a problem on their side.
I'm working on a rails web app (not originally written by me). Devise is used for authentication. It works fine in the development environment. In production however, users can log in successfully, but on subsequent GET requests, they are no longer logged in and current_user is nil.
I'm not even sure how to debug this because it seems like all of the devise functionality is behind the scenes. Any suggestions as to what could cause this and what I can check?
The application was configured to require https and logged users out if they connected with http.
I recently made a rails app using Michael Hartl's tutorial, but I hit a snag;
whenever someone creates a user using chrome or firefox, it creates the user and logs in; as it should. But when the user is created using safari or IE, the user is created but the login fails. The user can, however, then be logged into using chrome or firefox. I suspect this has something to do with cookies and sessions, but I don't know what I should do to fix this.
Here's the site: http://www.shoulakpredictions.com
Here's the code: https://github.com/JShoe/basketball
Feel free to fork and test and create users and whatnot. I need all the help I can get.
Make sure the browser has cookies enabled, from all sources. With Chrome and Firefox, that is the default setting, but with other browsers, it might have to be specifically enabled.
I have installed rubycas-server on my server. I have a ruby app that supports CAS on mysite.com. I would like to have the rubycas-server login page at login.mysite.com.
I have followed the instructions at http://code.google.com/p/rubycas-server/wiki/HowToConfigure and configured my config.yml file.
I have started the rubycas-server but I don't see a login form at login.mysite.com. There isn't anything on login.mysite.com. I have setup the uri_path to login.mysite.com. I thought that it would display the login form when I start the rubycas-server but it doesn't. I guess I am still missing something. What am I suppose to put on login.mysite.com in order for the login page to display? Is there suppose to be another ruby app?
Sorry, I am new to this.
Remember that the CAS is a single sign-on app and the CAS login page is meant to be central to all of your applications. So a typical usage would be that you have your CAS server running on one machine, and the login will be at somedomain.com/cas. Then you have a bunch of applications that want to authenticate, at mysite1.com, mysite2.com, etc. If you try to browse to a CAS-protected page in one of those applications, you'll be redirected to somedomain.com/cas, where you'll sign in, and then CAS will redirect you back to the page you wanted on, say, mysite2.com.
Out of the box, you should see the login by going to the domain that rubycas-client is installed on and going to /cas.
Basically, it sounds like you're expecting the login page to be part of your application, and with CAS, it's not.