I am trying to make a login screen in Ruby Shoes. I am using the ask method to get the username and password but I want the password to show as asterisks. I have to use the secret method but I can't figure out the right syntax..
button "Login" do
username = ask("Enter Username: ")
password = ask("Enter Password: ") :secret => true
end
Should it be done this way?
password = ask("Enter Password: "), secret: true
I tried this too. It doesn't seem to work
Thanks!
Try it this way
button "Login" do
username = ask("Enter Username: ")
password = ask("Enter Password: ", :secret => true)
end
Related
I am using Rails 7.0.3.1.
I am using devise token auth for authentication and want to implement the reset password flow. When i send a postman request to localhost:3001/admin/auth/password, i get the email on my server logs, but i cant see it in my mailbox.
These are my settings in development.rb
config.action_mailer.default_url_options = { :host => 'localhost:3001', protocol: 'http'}
config.action_mailer.delivery_method = :smtp
config.raise_delivery_errors = true
config.action_mailer.smtp_settings = {
address: 'smtp.gmail.com',
port: 587,
domain: 'gmail.com',
user_name: <email>,
password: <password>,
authentication: 'plain',
enable_starttls_auto: true,
open_timeout: 5,
read_timeout: 5 }
I would like to set my token only once per user, do you know how to check if my token is already set ?
Here is my Controller :
def connexion
code = request.params[:code]
#decoded_code = URI.decode(code)
#id_connection = request.params[:id_connection]
#token = HTTParty.post('https://test-sandbox/auth/token/access',
body: {
client_id: XXXXXX,
client_secret: "YYYYYYYYYYYYYYYYY",
code: #decoded_code
}
)
end
If I go back to my page and re-set the token I have the following error : You have already got an access_token for this user
You can use ||= operator to set token, if it is not set than it will try to get token
#token ||= HTTParty.post('https://test-sandbox/auth/token/access',
body: {
client_id: XXXXXX,
client_secret: "YYYYYYYYYYYYYYYYY",
code: #decoded_code
}
)
From article: https://github.com/gimite/google-drive-ruby/blob/master/doc/authorization.md
Code:
credentials = ... same as above ...
credentials.code = authorization_code
credentials.fetch_access_token!
Then
If you want to restore a session afterwards, you can store credentials.refresh_token after credentials.fetch_access_token!
But after credentials.fetch_access_token!
credentials.refresh_token is nil
How i can get refresh_token?
Or save credentials to database for next time?
Need add additional_parameters:
require "googleauth"
credentials = Google::Auth::UserRefreshCredentials.new(
client_id: "YOUR CLIENT ID",
client_secret: "YOUR CLIENT SECRET",
scope: [
"https://www.googleapis.com/auth/drive",
"https://spreadsheets.google.com/feeds/",
],
redirect_uri: "http://example.com/redirect",
:additional_parameters => {
"access_type"=>"offline",
"include_granted_scopes"=>"true",
"prompt" => "consent"
}
)
auth_url = credentials.authorization_uri
credentials.code = authorization_code
credentials.fetch_access_token!
then get:
refresh_token = credentials.refresh_token
and then refresh_token can be stored in database and used later:
credentials.refresh_token = refresh_token
credentials.fetch_access_token!
session = GoogleDrive::Session.from_credentials(credentials)
I am trying to get user to login using flask-login.
Login code:
def signin(self, email, password):
user = None
userLoggedIn = False
private_key = self.get_private_key(email, password)
if private_key:
public_key = self.get_public_key(email, private_key)
if public_key:
user = userManager.findUser(email)
if user:
userManager.changeUserPassword(email, password)
userManager.changeCloudAccessKeys(email, public_key, private_key)
else:
user = userManager.addUser(email, password, public_key, private_key, True)
userLoggedIn = True
if userLoggedIn:
login_user(user, remember=False)
userId = user.get_id()
identity_changed.send(current_app._get_current_object(),identity=Identity(userId))
return True
return False
Logout code:
def signout(self):
from flask import session
logout_user()
session.clear()
identity_changed.send(current_app._get_current_object(),identity=AnonymousIdentity())
self.remove_logged_user()
And I decorate the views with #login_required,so that user can do things only when they are logged in:
#app.route("/do_things",methods=["GET"])
#login_required
def do_things():
pass
In Chrome,everything worked well.If user didn't log in,then the views decorated by #login_required will not be accessed.
But in Firefox,after I logged out,I can still "do things".I check the Firefox cookie and find out that there is a "remember_token" in cookie session:
Response cookie:
session:1q2w3e4r...
httponly:true
path"/"
Request cookie:
remember_token:""username#gmail.com|8c5873f3748b8f5d18e9bd10cd5e9ee678a9a0a9e0a406fccce982825a7a57f167025341d102ee59cbecbfc20f5dae597ca66e92e5e4926f9aa64c6c244788b1""
session:1q2w3e4r...
I find out that Firefox saved my user email in remember_token and included it into the http requset.So that the views in flask still think I have logged in .
How can I clear the user information in Firefox after I do log out in flask?
You can remove the remember_token cookie by setting the cookie of the response with a expires date in the past, like the code below
logout_user()
session.clear()
yesterday = datetime.datetime.now() + datetime.timedelta(days=-1)
out = jsonify(success=True, message="success")
out.set_cookie('remember_token', '', expires=yesterday)
I want to test interactive authentication with watir. I need to open browser once on selenium server, enter without user interaction his login/password (stored on server, user doesn't enter them, he just has to enter verification code), new text field with 'enter verification code' label appears, then system sends verification code to user and closes browser(here i need somehow to save session). User receives verification code and sends it to server, server opens new browser(restores somehow saved session) and enters verification code received from user.
I could keep browser open and just enter verification code in appeared text field but if user won't send me verification code that he received, browser will remain open, not good solution.
So, I tried something like this:
params = { login: 'userexample.com', password: '123456' }
adapter = Adapters::Test.new(params)
adapter.sign_in #opens browser, fills credentials fields, clicks 'get verification code', 'enter verification code' field appears
cookies = adapter.browser.cookies.to_a #save browser state
url = adapter.browser.url
adapter.browser.close
adapter = Adapters::Test.new(params)
adapter.browser.goto url
adapter.browser.cookies.clear
cookies.each do |saved_cookie|
adapter.browser.cookies.add(saved_cookie[:name], saved_cookie[:value])
end
adapter.browser.refresh #I should be on the same page with appeared 'enter verification code' field, but nothing happens after refresh, I am still on the main page with only login/password fields.
How can I save browser state, close it and then reopen with the same session?
def prepare_for_sign_in
browser.goto login_url
browser.text_field(:name => "login").set("admin")
browser.text_field(:name => "password").set("admin")
browser.a(:class => "enter").click
until browser.div(:text => /Welcome/).present? do
if browser.div(:class => 'error').text.include?("incorrect username or password")
raise InvalidCredentials.new("Invalid login or password.")
end
end
# here you need to sleep few secs or use similar conditional wait
Watir::Wait.until { browser.cookies.to_a.first[:name] == "JSESSIONID" }
params["interactive_data"] = {
"cookies" => JSON.parse(browser.cookies.to_a.to_json),
"proceed_url" => browser.url
}
end
def sign_in
restore_cookies(params["interactive_data"]["proceed_url"])
browser.text_field(:name => "sms").set('123456')
browser.a(:text => "Proceed").click
end
def restore_cookies(url)
browser.goto url
browser.cookies.clear
params["interactive_data"]["cookies"].each do |cookie|
browser.cookies.add(
cookie["name"],
cookie["value"],
{
domain: cookie["domain"],
path: cookie["path"],
expires: cookie["expires"],
secure: cookie["secure"]
}
)
end
browser.goto url
browser.refresh
end
There is some more source code, but I can not share all of it, but logic is similar