Help with rails restful authentication - ruby-on-rails

I just installed the restful authentication using this plugin and when I go to localhost:3000/login
i get this error
NameError in SessionController#new
uninitialized constant
SessionController
Any ideas? please help.

First of all, if you're just getting started with Rails authentication, I'd highly recommend you use Authlogic. Restful Authentication had its time but it generates a lot of code that isn't always clear and it's pretty tough to extend.
If you're set on using Restful Auth, make sure your Session controller is created, the routes are present, and the actions within the session_controller.rb are created.

This was mentioned on the Railscasts site...
Try this (pluralize sessions):
map.resource :session, :controller => 'sessions'

Restful auth had its day. You'll be better off with authlogic. I wrote a little post here on authlogic basics.
http://blog.platform45.com/2009/09/30/user-authentication-with-authlogic

Related

How to use 'post' in routes.rb

please help me
I have created a controller 'users' with a view 'login' with a form to login users, I have changed the routes.rb changing get user/login to post user/login
now when I go to localhost:3000/users/login appears:
Routing Error
No route matches [GET] "/users/login"
Try running rake routes for more information on available routes.
please what should to do to works that page, that problem is because I have changed 'get' to 'post' in the routers, there are something more that I should to add?
When you just go to that url in your browser, the type of request is GET - but, as you said, there's no route for this request now.
POST route will be useful when you actually submit a form on this page - with simple submit (specify method attribute as POST) or AJAX request.
You can use both in routes.rb:
get user/login
post user/login
This means that the controller will recognize requests made using both methods. It is up to your controller logic to sort it out. The get would typically be used to render the login form; post would receive the user's username and password, authenticate him/her, and then redirect to a page for successful login (or unsuccessful, if necessary).
I may spark some controversy by saying this but if you are a beginner and you are looking to make a "serious" web site with user authentication, you may not want to leave anything up to chance and instead use a gem like devise (https://github.com/plataformatec/devise) to do it for you. Some will say that it's better to learn how to do it from scratch first, and there's some sense in that, too.

How to change Devise 401 redirect address?

I have a Rails 3.2.7 app with Devise and I wanna know how do I change the url to which Devise redirects the user on 401 after he tries to access a page he has no access to. This address defaults to http://localhost:3000/users/sign_in but I wanna change it to point to another action? How do I do that? Do I have to monkey patch Devise into my app? I find this idea very awkward...
I appreciate any help,
Thanks!
You're going to have to monkey patch it, unfortunately. You can see a good tutorial on how to do it here: devise wiki

Puzzling over my routes.rb file

I am writing a Rails app that I partially inherited. There is a snippet of code in the routes.rb that I'm trying to puzzle out and can't find anything in the documentation.
authenticate :users do
resources :authentications
end
What does this do and why is it needed here? I'd never seen the authenticate used in this context before. There are resources called users and authentications in the file, and I am using Devise+OmniAuth for authentication.
As seen here in the Devise Docs, it allows you to add authentication at the router level rather than at the application level(aka controllers, essentially).

authlogic session creation fails when used in combination with authenticate_or_request_with_http_basic

I recently wanted to deploy my Rails app on heroku but wanted to shield it from the outside world until I had tested it on the heroku itself. In order to shield it I have used authenticate_or_request_with_http_basic. However after having passed through the basic authentication and wanting to login (login system using authlogic) I find that authlogic doesn't remember a session (e.g. current_user == nil).
Without the authenticate_or_request_with_http_basic before_filter the authlogic sessions work fine.
Does anybody know why this is and how to make the two work together?
Thanks in advance.
PS: Just to be clear, my goal is not to be able to use authlogic users with authenticate_or_request_with_http_basic.
PPS: I use Rails 3 and git://github.com/odorcicd/authlogic.git
I'm having this issue also! I'm going to try and look into it to see if I can come up with anything...
EDIT: The fix is to disallow HTTP basic auth on your Authlogic session...
class UserSession < Authlogic::Session::Base
allow_http_basic_auth false
end
I'm pretty sure that this is a bug in Authlogic. The problem is this method:
Authlogic::Session::HttpAuth::InstanceMethods#allow_http_basic_auth?
which returns true when HTTP Basic is being used, even elsewhere in your application.

How to authenticate one Ruby on Rails app to another, using RESTful_authentication gem?

Anybody have any ideas? The situation is like this: I have a primary rails app and an auxiliary one. The auxiliary app is used to transform a web service request into a RESTful PUT to the main app. The resource the auxiliary app is attempting to add to requires authentication. Any ideas would be much appreciated! Thanks SO!
ActiveResource is used for this purpose:
class MyModel < ActiveResource::Base
self.site = OTHER_APP_URL
self.user = OTHER_APP_USER
self.password = OTHER_APP_PASSWORD
# Rest of the code here
end
Read up on how to talk to RESTful API from ActiveResource here: http://api.rubyonrails.org/classes/ActiveResource/Base.html
I think I may have found my own answer by polling some of my IM contacts. The most logical approach is to use the Curb ruby gem. From the aforementioned API, one simply enables the cookie jar, restfully authenticates and then includes the cookie in subsequent HTTP actions requiring authentication ;)
(Will post some code when I get this implemented..)
Would still appreciate comments and or alternatives though!

Resources