If writing your own authentication, does authenticate() go in the application_controller? - ruby-on-rails

I'd like to write my own authentication instead of using one of the plugins.
Should my authenticate method go in the application_controller?
My idea is to place it there and then in each of the controllers use a before_filter
before_filter :authenticate
So my authenticate method would just check if the user_id is present in the session. If it's not there, the user would be redirected to an error page. If it is there, they would be allowed to see whatever url they wanted to visit.
Does this sound right?

Well, that's one way to setup the restful_authentication plugin. So yes, your homebrew solution could use
before_filter :authenticate
as well.

Related

Using token from Simple authentication Token in controller

I am using Simple Authentication token for my APIs in Rails.
As given in the documentation: https://github.com/gonzalo-bulnes/simple_token_authentication:
In my User model, I have added the following line:
acts_as_token_authenticatable
Whenever I login or logout, I am able to get and change the athentication tokens as expected.
What I don't understand is, what is the use of the below line.
acts_as_token_authentication_handler_for User
I have a controller called ProfilesController in which I have added this line. Whether or not I add this line in the controller makes no difference. I am able to call methods in the similar way as I use without adding it.
Can you please explain me what this does?
That is because that gem says this behaviour of incorrect or no credentials is configurable.
What happens when a request is provided with no credentials or
incorrect credentials is highly configurable
For denying access you have to set the fallback
If you have devise set it to fallback: :devise or fallback: :exception in your app/controllers/application_controller.rb

Where does the unauthenticated redirect happen in Devise authenticate_user?

I am trying to add a URL parameter to my /sign_in route using the Devise gem in Rails 4. I have before_filter :authenticate_user! in my application_controller.rb.
I am wondering where exactly the redirect happens if the user is unauthenticated. I need to add a parameter at this point so I can make some customizations to the resulting view. I have tried overriding the authenticate_user! method and adding my own redirect_to if the user is not signed in but then I get a too many redirects error since, as I said, this method is in a before_filter and is firing more than once.
Does anyone know where I can access this redirect URL?

In devise, how do you redirect the user back to a non-app url where they came from

Situation: I am building a Rails app that will serve as a central authentication system for a couple of in-house applications. The app will SSO into these other applications.
So, the path of the user will be https://site-a.com, which will redirect to https://site-b.com (this is the one running Rails w/ Devise and Pundit). The user will authenticate there.
I need to take that user back to https://site-a.com.
Everything I've seen with Devise is that it can redirect, but only to routes within the application.
Please be gentle.
Devise can redirect the user to anywhere after they signs in.
The straightforward way to do that is override the after_sign_in_path_for method in controllers:
class ApplicationController < ActionController::Base
def after_sign_in_path_for(resource)
"http://site-a.com/"
end
end
For more information about after_sign_in_path_for, please see How To: redirect to a specific page on successful sign in.
If you have not yet have a clear idea about how to build a SSO system with Devise, you might want to take a look on this article: Multiple Applications with Devise, Omniauth and Single Sign On.

How to show error messages in rails devise plugin for unauthorized page requests?

I am working in a Ruby on Rails project which has implemented authentication mechanism using Devise plugin. I am new to this plugin as well as Ruby. So having a difficulty in fixing a problem in authentications. The problem is, according to current implementation, if a user tries to go access a page in the application without signing in, it redirects the user to Sign In page by saying that he or she should be signed in or signed up before accessing that page. That's correct. That is the implementation that I need. But what happens is, even if a user directly go to the Login page, this error message is shown. That is not required. Because if a user directly accessing Login page, no point of giving an error message.
Any help will be appreciated.
Thank You.
You call devise authenticate_user! where you shouldn't and you do not use require_no_authentication
You must make sure this before filter is called in your sessions controller
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
these are taken care of in devise's default controllers (e.g, Devise::SessionsController), are you using them?

Rails 3 gdata site wide youtube client

i want to uses youtube's api within rails.
I need a client which is able to access youtubes api application wide.
therefore i wrote the following application controller
require 'gdata'
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :auth
def auth
#client = GData::Client::YouTube.new
#client.clientlogin('usermail', 'password')
#client
end
end
i am able to use the client now in my controllers which extend ApplicationController.
thats working fine.
but its pretty slow.
is there a way to do the authentication once and using it application wide instead of suing the before_filter which is getting called every single time before i call a method?
best,
philip
This is a web page. Webpages are state-less. Thus you cannot preserve any state. Thus you cannot preserve your login across requests. Thus you have to auth every request.
An alternative would be to only run the before filter on certain controller actions. Right now it runs on every action, which my be not necessary.
Try:
before_filter :auth, :only=> my_action_name
(P.S. That might be the wrong syntax -- I'm confused 'cause rails changes so much -- just look it up)

Resources