how to generate AuthenticityToken on rails - ruby-on-rails

I build the form tag by myself and when I post the form to server it give me a InvalidAuthenticityToken error, so I want to know how to add it in my own in current situation:
<form accept-charset="UTF-8" action="/crops/update" method="post">
<input id="crop_x" name="crop_x" size="30" type="text" /><br />
<input id="crop_y" name="crop_y" size="30" type="text" /><br />
<input id="crop_w" name="crop_w" size="30" type="text" /><br />
<input id="crop_h" name="crop_h" size="30" type="text" /><br />
<input id="crop" name="crop" type="submit" value="Crop!" />
</form>
Response error is:
ActionController::InvalidAuthenticityToken in CropsController#update
ActionController::InvalidAuthenticityToken
Rails.root: /home/mlzboy/my/crop2
Application Trace | Framework Trace | Full Trace

There is a view helper called form_authenticity_token that returns the current session's authenticity token.
In your view.html.erb:
<form action="/blah" method="POST">
<input name="authenticity_token" value="<%= form_authenticity_token %>" type="hidden">
<input name="first_name" type="text">
</form>

This answer is first for rails form token tag in Google so to keep it simpler for future googling generations: just use token_tag, it's a helper defined in ActionView::Helpers::UrlHelper that returns hidden input with form_authenticity_token as default value.

To generate the token you have to use the method: form_authenticity_token as it was correctly noted by #flitzwald. Since it is rediced in a active controller's concern, you must include the module into a controller expclicitly before using as follows:
include ActionController::RequestForgeryProtection
# use
def set_csrf_header
response.headers['X-CSRF-Token'] = form_authenticity_token
end

Related

Get method : form input not in url

I am doing my first ASP.NET mvc project, on the home page, Index.cshtml, I have a small form:
<form action="ChoixFormulaire" method="get">
<fieldset>
<label>NAS</label>
<input id="nas" type="text" placeholder="###"/>
<br />
<label>Date of birth</label>
<input id="date" type="text" placeholder="AAAA-MM-JJ"/>
<br />
<label>Employee number</label>
<input id="numEmployee" type="text" placeholder="######"/>
<br />
</fieldset>
<input type="submit" value="Soumettre" onclick="return VerifierFormulaire()" />
</form>
When the button is clicked, there is some verification made in the 'VerifierFormulaire()' method, which is defined in the same Index.cshtml file. Then the ChoixFormulaire.cshtml is displayed (called from the ChoixFormulaire() method in my HomeController, which returns View()).
I was expecting the form inputs to be in the URL as parameters. For example, If I enter '123' for NAS, '1989-01-01' for date of birth and '123456' for employee number, I am redirected to http://localhost:15778/Home/ChoixFormulaire? but I would expect to be redirected to http://localhost:15778/Home/ChoixFormulaire?nas=123&dateBirth=1989-01-01&numEmployee=123456
Try adding the name attribute:
<input id="nas" name="nas" />

Rails access uploaded file

I'm building a site on rails and backbone. On the front end I have a simple form:
<form action="/api/users" method="post">
<input type="file" name="profile_image" />
<input type="submit" value="submit" />
<input type="hidden" name="id" value="1">
<input type="hidden" name="method" value="put">
<input type="hidden" name="authenticity_token" value="<%= csrf_token %>">
</form>
When I post this form and print params[:profile_image] from my UsersController the line
logger.debug params[:profile_image].class
just returns
String.
Where's the file?
For what it's worth, I'm using carrierwave, but don't want to mount an uploader. I would just like to pass a file to myUploader.store!.
You need to set enctype on your form in order to submit files. See http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2
Example
<form action="/api/users" enctype="multipart/form-data" method="post">

JamboPay and Rails Integration

I have JamboPay api that i want to integrate with my rails application. It looks something like this;
<form method="post" action="https://www.jambopay.com/JPExpress.aspx" target="_blank">
<input type="hidden" name="jp_item_type" value="cart"/>
<input type="hidden" name="jp_item_name" value="test shop"/>
<input type="hidden" name="order_id" value="455879"/>
<input type="hidden" name="jp_business" value="business#yourdomain.com"/>
<input type="hidden" name="jp_amount_1" value="51"/>
<input type="hidden" name="jp_amount_2" value="0"/>
<input type="hidden" name="jp_amount_5" value="0"/>
<input type="hidden" name="jp_payee" value="email#yourcustomer.com"/>
<input type="hidden" name="jp_shipping" value="company name"/>
<input type="hidden" name="jp_rurl" value="http://www.yourwebsite.com/testpost/Result.aspx?ii=0"/>
<input type="hidden" name="jp_furl" value="http://www.yourwebsite.com/testpost/Result.aspx?ii=1"/>
<input type="hidden" name="jp_curl" value="http://www.yourwebsite.com/testpost/Result.aspx?ii=2"/>
<input type="image" src="https://www.jambopay.com/jambohelp/jambo/rsc/paymentsbyJamboPay.jpg"/>
</form>
I want to be able to send this information from my transactions controller in the create method.
Any ideas how i can pass this form from my controllers because i keep the same form for all payment methods in the views.
Thank you in advance.
You can send this post request using Net::HTTP library all you have to do is to send this information to your controller action and then send post request from action.

Accessing HTML tags in a RUBY Controller

I have the following code in my HTML.erb
<form>
<input id="do" type="hidden" value="0" />
<button type="submit" value="Next">SUBTRACT</button>
</form>
<form>
<input id="do" type="hidden" value="1" />
<button type="submit" value="Next" >ADD</button>
</form>
Now When I click the any of the 2 buttons, I want to check the value of the input id="do" inside my Ruby Controller. What would the syntax look like ?
This should optimally be separated into two actions in the controller where each of the forms would submit (using the action attribute).
<form action='add'>
<input id="do" type="hidden" value="0" />
<button type="submit" value="Next">SUBTRACT</button>
</form>
<form action='subtract'>
<input id="do" type="hidden" value="1" />
<button type="submit" value="Next" >ADD</button>
</form>
#in your controller
def add
# do the addition processing
end
def subtract
# do the subtraction processing
end
If you really need to implement them in 1 action, then you could use Rails params object.
You need to set the name attributes, the name attributes get sent to the controller in the params hash
<form>
<input id="do" name="subtract" type="hidden" value="0" />
<button type="submit" value="Next">SUBTRACT</button>
</form>
<form>
<input id="do" name="add" type="hidden" value="1" />
<button type="submit" value="Next" >ADD</button>
</form>
In the controller,
the params[:subtract] or params[:add] will have the value depending on subtract clicked or add clicked .

Google Checkout in ASP.Net MVC

I have a fairly simple ASP.Net site that uses google checkout (I have an imagebutton with the PostBackUrl set to the Google address passing values of hidden fields) which works fine.
I've been moving this app to MVC and I'm not sure how to handle this. I thought about using jQuery form but I don't believe this would work in this situation because there are times when they're redirected to the google pages. Has anyone used google checkout in an asp.net MVC app?
You can do the same thing as you were doing before, just you end up doing it manually.
Sounds like you're using just the basic version, yes?
You create an HTML form that has the Action set to the Google checkout process, add in the proper Hidden fields (the model your controller passes down would be populated w/ the correct values for those) and then you have a submit button (or image if you prefer).
So, an example off Google's Basic HTML page, modified for some MVC-ish-ness would be something like this:
<form method="POST"
action="https://checkout.google.com/api/checkout/v2/checkoutForm/Merchant/<%= Model.MerchantId %>"
accept-charset="utf-8">
<input type="hidden" name="item_name_1" value="<%= Model.Item.Name %>"/>
<input type="hidden" name="item_description_1" value="<%= Model.Item.Description %>>
<input type="hidden" name="item_quantity_1" value="<%= Model.Item.Quantity %>"/>
<input type="hidden" name="item_price_1" value="<%= Model.Item.Price %>"/>
<input type="hidden" name="item_currency_1" value="<%= Model.Item.Currency %>"/>
<input type="hidden" name="ship_method_name_1" value="<%= Model.Shipping.Price %>"/>
<input type="hidden" name="ship_method_price_1" value="<%= Model.Shipping.Price %>"/>
<input type="hidden" name="ship_method_currency_1" value="<%= Model.Shipping.Currency %>"/>
<input type="hidden" name="tax_rate" value="<%= Model.Tax.Rate %>"/>
<input type="hidden" name="tax_us_state" value="<%= Model.Tax.State %>"/>
<input type="hidden" name="_charset_"/>
<input type="image" name="Google Checkout" alt="Fast checkout through Google"
src="http://checkout.google.com/buttons/checkout.gif?merchant_id=<%= Model.MerchantId %>&w=180&h=46&style=white&variant=text&loc=en_US"
height="46" width="180"/>
</form>
Obviously, you could make all that even more MVC-ish by using the form helper Html.Hidden and so on, but that shows the really basic version of what you need to do.

Resources