I have two applications that use same database. Let's call them Site and API. I'm using Restful Authentication for user management.
If I create a user from "Site" this user doesn't work when try to login from API and vise versa. I can see the records are being saved in the same table.
Am I missing something? It should work?
I'm using Rails 3.
In your initializers/site_keys.rb REST_AUTH_SITE_KEY should be the same in your both applications then authentication will work properly in your both applications.
Related
Cause i'm new to the whole angular (specific angular2) thing i wonder about something.
I want to build an "api" backend with rails 5 as they released the api mode and my frontend with angular2. Because i'm used to rails i wanted to implement a devise user authentication and because i'm new to angular2 i searched for a way to authenticate the user against my rails/devise backend.
But all i find are tutorials about angular2 and auth0, which i never heared before.
So my question is, is it "normal" to user angular2 with auth0 authentication?
And when i use auth0 my user data are not in my database right? So how do i create relationships with my rails models?
Would be great if someone can explain that to me or link me some article if they exists.
Auth0 is one of the many choices available to you. If you'd like to use Auth0 but store credentials in your own database, there is a tutorial for setting that up with Auth0.
So it can be normal to use Auth0, and you can also have your user data available in your own database-- do keep in mind you'll need to secure user credentials thoroughly when storing them yourself though!
I've also faced the same problem and considered Devise (going so far as setting up a Rails+Devise landing page that redirected users to the Angular app after successful login). After much pain I have come to the same recommendation as Kassandra, that using JWT authentication is the way to go.
However, if you plan to use Auth0 note that after 7000 users have signed up you will need to upgrade. This may not be a problem for you but since I plan to deploy something substantial it's a decision I had to think about.
I have an app made with Rails 4. I want to add a blog made with Drupal 7. It hasn't been in production yet so no users are stored. I want the users to be able to comment in Drupal 7 with the same email / password (and ideally sessions) that with Rails 4. From my point of view, maybe the solution may come from setting the table that Devise uses to the one Drupal creates, and then copying the encryption salt of the Drupal installation, or maybe using the same OAuth login for both sites, like Google or Facebook, but I would need specific registration for this app.
I know there is a similiar question: Import Drupal user accounts into Rails without requiring users change their passwords but in my case I the users to work both ways.
Any ideas would be appreciated, thanks.
I would go for a clean solution. Whatever login feature you have in rails ( be it implemented by hand, devise or any other), allow it to login users using a GET request (i.e. Embedding the authentication details in the url). This way, you will be using the Rails application as an API for the blog and you will not have to expose the user credentials.
I am interested in deploying a Node.js along side my Rails application server. Just as a reference, I plan on using socket.IO to create a chat server, so users will be able to chat inside of my web application.
My current application uses Authlogic to authenticate users. I would like to ensure that only a user cannot read other users' messages, so I will need to authenticate the user session somehow. My Node.js will have access to my database, and I know Rails can store the sessions inside of the database, so I would like to use this feature to authenticate chat users. The problem is, I have no idea how to go about doing that. I'm not even sure what information is present in the session, and I do not know how I can use this information to authenticate a user.
Thanks in advance!
The rails session is tricky to use from other languages: it's just a serialised ruby object and pretty much the only documentation for the marshal format is the implementation/rubyspec.
However authlogic doesn't actually store anything in the session: it has a separate cookie (user_credentials by default, assuming your model is User)
The data in that cookie is "#{user.persistence_token}::#{user.id}", so you should be able to easily verify this from your js code
I have a PostgreSQL database that I access from various locations, and would like to add an interface with Ruby on Rails 3. For authentication I need to login users with the same credentials used to create them directly in the database; is there a way to make Rails connect to the database each time with different username/password, based on the current user?
Thanks for any hints!
Yes.
Use a custom authentication on devise that makes a query to the underlying postgresql database.
See:
Custom authentication strategy for devise
I would certainly add some kind of filter to reduce the list of users that can authenticate this way.
I have been trying to figure out how to integrate a node.js app into a rails app and having them share sessions. I've so far only been able to dig up sharing sessions between sinatra and ruby on rails via rack middleware. Is it possible to to do this?
I thought of a workaround involving the ror implementing a rest service that "poops" out a guid that node.js can use to create its own session. This solution however requires having model validations ad such stored in two seperate apps.
just wondering if there was a way to integrate them.
and while using a js based webframework like geddy or express is cool, I have alot of existing rails code and 3rd party libraries such as active merchant that I would have to reinvent.
how about using something like memcached to share a validation mechanism, for example set a session in rails and for every message to the nodeJs server a token is given, nodeJs checks on memcached if the token exists and grants or denies based on that. You would of course add the record on memcached from the rails app
Isn't that the same as sharing authentication between two different domains like openid, facebook connect, twitter sign-in.
from rails site do an openid like redirect to node.js with the authentication information encrypted inside the url and vica versa?
I am wondering if it is not possible to use Custom OAuth Provider Strategy from connect-auth and vica versa because connect-auth is "Authentication middleware for connect". I haven't figured the complete details out, but this might be an option?