There's this mother app which is on Java (Struts), which also handles authentication. My Rails app which is being integrated into the mother app uses authlogic. Ofcourse, the requirement is, once someone logs into the mother app, they should automatically be able to access my Rails app without signing in again.
Is there any way, by using just the user id , I can authenticate the user using Authlogic?
I removed my password column in my Users table and stuck this piece of code into the User model.
acts_as_authentic do |config|
config.check_passwords_against_database = false
config.validate_password_field = false
config.crypted_password_field = false
end
But I'm still not able to do what I wanted to do.I get an error indicating that the password can't be blank.Help would be appreciated! Thanks.
Just pass a user object instead of login/password
UserSession.new(User.find_by_username('Shreyas Satish'))
(This works with rails 3 and authlogic 2.1.6)
Related
a have a client with a website built on RoR by other developer, the website uses devise for user authentication and registration.
The website allows users to registrate and then send them a confirmation email, when they confirm their email, then they can login, BUT they can't see the content until they are approved to see it.
My client ask me to don't allow users to login until two things happen: They confirm their email and him(my client) approve them to see the content.
I tried this adding active_for_authentication? to the user model and returning true or false deppending if they are approved or not, but like the documentation of devise saids: the method active_for_authentication? is overriden by other modules like confirmable.
How can i perform this two validation using devise?
thanks for your help
You have to add authorization control in your application.
So I advice you to use CanCan gem it's easy to set and it allows you to define access rules based on your criteria.
Within a rails app i'm working on. I'm trying to add the ability for users to signup simply by entering their email address and then confirming their account via the confirmation email. I don't want the user to have to enter in any password. How would I go about doing this?
This example is useful, but requires for the user to enter a password: https://github.com/plataformatec/devise/wiki/How-To:-Email-only-sign-up
Should I just automatically use one password for all users?
Devise is built for authentication, which is either a password, or a quick check with a social network that this is actually the person they claim to be. The email address is used as identification.
If you just want to identify a person by their email, I suggest you create your own system for it. You can even add some of the Devise features in if you like. First, create a User model with an email attribute:
rails generate model User email:string
Once you've migrated the database, create a controller for it:
rails generate controller users
Then create a Session model and let each User create sessions by logging in. There'll be plenty of great tutorials on the web of how to create a system like this. Writing helper methods like current_user or user_signed_in? should be quite easy too.
Now for the last point, if you want people to sign in after they signed up using the email confirmation, how will you make sure that it is actually the same person signing in as the person who confirmed the email? Any malicious user could simply use an already confirmed account to sign in, unless you have to do an email confirmation every time you sign in...
So while you can do the above, I would seriously recommend to have some kind of authentication, whether it be with a password, or using OmniAuth to connect to social networks. There's a railscast for that here.
Not sure if this would help you, but based on the simplicity of the authentication process, I would suggest not to use Devise at all. You can just create an action in your SessionsController, which will compare the params[:email] (or however you are calling it in your app) against the emails listed in the UsersTable.
I'm using active admin in my rails application.
I want to enter user's account page from active admin page because I want to check what the user exactly is seeing.
I thought that I can decrypt devise encrypted password, but I found out that I cannot do that Rails Devise, how to unencrypt a password?
I tried entering the site by using the encrypted password, but I couldn't.
How can I implement this?
If it so important, you can copy encrypted password from db and paste own encrypted password for this user. You can do it via rails c. After your actions rewrite password again. But it is a bad way. You must write some tests for your app.
There is an example in the Devise Wiki How to :
How To: Sign in as another user if you are an admin
The proposed solution replaces the current user in session, so I think you'll be signed out of ActiveAdmin.
im running rails 2.3.8, authlogic 2.1.6 and the extension for facebook connect (https://github.com/studybyte/authlogic_facebook_connect)
the facebook side is working good, user click on facebook connect button, goes to facebook, logs in and returns to my app.
my problem is very simple but i cant figure it out. when user is redirected to my site after logging in, if is a new user, i create a new record. Since it comes from facebook the user has no email or password but the user is not saved because authlogic fails password and email validation.
the authlogic_facebook_connect shouldnt skip these validations?
i realized that i don't have to create a user, the plugin is supposed to do that for you. You just have to login the user after he connects to facebook.
It didnt work before because a did not create the facebook_session_key field but facebook_access_token instead.
It should. It's supposed to call save(:validate => false) (in Rails 3.1 or save_with_validation(false) for older version if I remember correctly) to skip the validations.
I am trying to enable openid authentication on my website as well as use auto_register feature of latest authlogic_openid add-on.
Everything works fine until second login. The first time user is created and logged in, but after I logout and try logging in into the system with same OpenID identifier I get user registration form with errors saying that username and other fields are already taken and the form is prefilled with values of earlier data passed with openid.
Everything is implemented by authlogic/authlogic openid tutorial except for the user session model with new auto_register call:
class UserSession < Authlogic::Session::Base
auto_register
end
Any help much appreciated!
It seems like you're registering the users twice. The OpenID plugin doesn't know whether or not a user has been registered it just does SREG every time if auto_register is true. Rather than calling auto_register every time you could look up the user by openid_identifier and send auto_register(true) if they're a new user.
I've found http://github.com/gaizka/authlogic_openid
His version of the Authlogic Open ID extension seems to work with the auto_register feature... although I can't get it to capture the emails correctly from SREG (works with regular registration).
There's a demo of it working here:
http://big-glow-mama.heroku.com/
http://github.com/holden/authlogic_openid_selector_example/tree/with-facebook/