I have a rails project that's using both Spree and Refinery together. In order to have uniform authentication, the Spree.user_class has been set to Refinery's User class. I'm now looking to have another user_class through Spree for customers, one that won't have authentication into Refinery.
Is this even possible or would I be wasting time even looking?
Just in case anyone was wondering - the answer is no. The solution I'm going with is to just keep using Refinery's User class, assign roles and ensure that - in the case that a customer stumbles across /refinery - customers are just routed with Spree authentication.
Related
Based on Django REST framework: Check user is in group , I have succesfully restricted my custom views to certain groups.
Yet, I need to restrict dj_rest_auth.views.RegisterView to a certain group.
How can I make it?
I thought of trying to set a wrapper class over RegisterView, and link my wrapper class in urls.py, but what methods should I override?
Thank you SO much!
Well, it seems dj-rest-auth is ready for this need:
#settings.py
REST_AUTH_REGISTER_PERMISSION_CLASSES = ("rest_framework.permissions.IsAuthenticated","api.permissions.HasLoginPermission")
Keep in mind there's a bug in dj-rest-auth<1.1.12 that prevents those string to work.
I am not a superb developer, so I guess the problem I did run into is just to big for me.
I have a project where I have different subdomains for the current language. When I login a user it is logged only for the current subdomain. So when I login at "en.Aproject.com", and then go to "de.Aproject.com", the user will not be logged in. They don't share the session. I already tried to modify the 'domain' => null, in app/sessions.php. But when I change the value here the Login doesn't work at all. Then everytime a new Session-row is created in the DB and Laravel seems not to recognize them.
Is the current domain saved somehow in the session identifier? Is it possible to use one session for different domains? I found some stuff about OAuth and Single sign-on but I can not handle it by myself.
I was thinking about (when logging in and the credentials are correct) calling a script via Ajax, which should log in the user for all needed domains. But I would have to do the same for logging out.. And I will probably have a lot of domains. The project will have one base page and several subprojects (all with the different languages). Like this
mainproject.com
en.mainproject.com
de.mainproject.com
...
Aproject.com
en.Aproject.com
de.Aproject.com
...
Bproject.com
en.Bproject.com
de.Bproject.com
...
So it would just feel wrong to log in the user to like 20 different pages and create 20 sessions... It would feel better to just use one session for all of them.
Okay, I hope you understand the problem and someone already had the same problem and found a solution. Thanks!!!!!!!! greets. gerti
Background info.. I am using Laravel 4.2
Now I just tried something, maybe it helps someone. Actually point 2 is weird to me (see below)
I display these 3 things:
Session::getId()
Auth::getName()
var_dump(Session::all())
I display them on "de.Aproject.com". Here I am logged in.
And i display them on "en.Aproject.com"... Where I am still logged out (which I want to fix :D )
The value of Session::getId() is different on both sides. Thats the problem I guess, they should share the same.
The value of Auth::getName() is the same on both sides (login_82e5d2c56bdd0811318f0cf078b78bfc). Which I don't understand. Why does the second page have this value when i am not logged in?
The value of Session::all() is ["login_82e5d2c56bdd0811318f0cf078b78bfc"] => string(17) "test#test.de" on the first site, on the second its empty. Thats correct.
Since the default Laravel authentication system uses cookies to manage the session, you actually need to login the user on each subdomain you're going to use. To avoid that, you can use another session driver like database.
Can anyone save some of my hair? :)
I'm trying to create an asp.net WEB API interface for an older CSLA (1.x/2.x era) project. I am testing by hard coding the login on every request in various ways (once in the startup code, as an authorization request filter, inside the individual route request etc etc). All the ways I tried work exactly once perfectly and then I get the infamous:
'Default principal object cannot be set twice.'
exception in BusinessPrincipal.vb (yeah I know it's very old, but it's released software, I can't upgrade CSLA)
I know that there is an issue where you need to set HttpContext.Current.User = Thread.CurrentPrincipal; due to some internal workings of the web API and I do that already, that has not resolved the issue.
I'd like to know if anyone has implemented a web api front end and how they handled this issue or any pointers as to what could be the solution.
Worst case scenario if I could at least just login once and keep that same principal without losing it I could implement a second layer of security, that woudld be acceptable, barring anything else is there some way to just login once and not lose that principal?
That BusinessPrincipal class would be in your code base, not in CSLA itself. The Csla.Security namespace does include a BusinessPrincipalBase that is probably the base class for your BusinessPrincipal.
Classes in that namespace are here in GitHub
It is true that you can only call AppDomain.SetPrincipalPolicy one time, but you should be able to set the Thread.CurrentPrincipal and HttpContext.Current.User multiple times.
So in my ruby app I'm using devise and I'd like to have for the admins the ability to log as another user to assist them when they call for support.
But I've no idea how I should do it.
what u are trying to do is to impersonate another user. i havent used this but u can check it out https://github.com/engineyard/user_impersonate
You can try using the Pretender gem.
Pretender is flexible and lightweight - less than 60 lines of code.
Works with many authentication systems including Devise, Authlogic, and Sorcery.
devise_masquerade is well worth a look if you're using Devise.
It does everything you might expect and is quite customizable. It even handles having different model classes for users and admins (e.g. User and AdminUser).
I asked this question last week but only got 8 views.
A part of the application I'm working on requires creating a ton of user-to-user requests and validating they all get processed correctly in the application. This requires countless hours of QA work and could be automated with a simple script like
users_api = Koala::Facebook::TestUsers.new(config)
users = test_users.create_network(10, true, "email,user_likes,publish_actions")
users.permutations(2) do |u1, u2|
graph = Koala::Facebook::API.new(u1['access_token'])
requests_types.each do |req|
graph # .user_to_user_request(u2, req) Oh noes I can't do this part
end
end
Everything I've seen points to the fact that it's impossible to create user-to-user requests in a script, even for test users. Is there any other (automated) way to do this?
Edit
What I'm trying to find is a way to create user-to-user requests. The validation would still be manual by the QA team. The problem we're facing is that they need to create 90 requests and make sure they didn't skip a single one, then validate the data.
Solution to this is tricky one. You probably have two solutions, depending on what you need.
First one is to manually provide access tokens for tests. That would require creating several fictional users or gathering access tokens from friends via Api Explorer. This is of course very inconvenient, but probably needed for second idea so I'm mentioning it. The question is how much users will you need to test? In most situations 3-4 users should be enough to provide test case.
Second idea will require actually running tests suite once using first idea and recording results using gems like webmock or fakeweb. This will allow you to remember what API response will serve and using it in later tests without need to regenerate tokens. This should also speed up your tests significantly as will avoid waiting for each request from FB API.