I'm attempting to upload an image via ajax using paperclip.
I'm using the qqfileuploader for the ajax stuff and it doesn't seem to have an option where I can define the parameter name for the post request.
The parameters sent from the ajax post are
qqfile=filename.jpg
so in my model, I have aliased qqfile to photo
alias_attribute :qqfile, :photo
has_attached_file :photo
attr_accessible :title, :photo
when I upload a file via ajax, I get the following errors
Parameters: {"qqfile"=>"Penguins.jpg"}
WARNING: Can't verify CSRF token authenticity
Creating scope :page. Overwriting existing method User.page.
User Load (1.2ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT 1
Creating scope :page. Overwriting existing method RoleUser.page.
Creating scope :page. Overwriting existing method Role.page.
Role Load (1.4ms) SELECT `roles`.* FROM `roles` INNER JOIN `role_users` ON `roles`.`id` = `role_users`.`role_id` WHERE `role_users`.`user_id` = 1
SQL (0.7ms) BEGIN
Creating scope :page. Overwriting existing method Task.page.
[paperclip] Duplicate URL for photo with /system/:attachment/:id/:style/:filename. This will clash with attachment defined in Recipe class
I'm not sure if the CSRF token will be an issue, there is a token on the page, so maybe I just need to be sending that, I assume I can get it is a variable with javascript?
But what is the deal with the duplicate url??? Am I not aliasing correctly? Can I not alias a paperclip object for some reason?
my controller is also very simple
def create
#recipe = Recipe.new(params[:recipe])
#recipe.author_id=current_user.id
if #recipe.save
return render :json => #recipe
else
return render :text => 'an error occured saving the recipe'
end
end
Rails generates a security token for POST events based on the user's session. If that token is missing or doesn't match what's expected, the session will be reset. See this:
http://guides.rubyonrails.org/security.html#csrf-countermeasures
As for the duplicate URL, are you sure your URL pattern is specific enough? It looks to me that if you upload a file with the same name for the same model instance you'd have a problem. It would help to see your controller code.
Related
I have a SessionController with a corresponding SessionView and within the templates directory I have a "session" folder with a "new.html.eex" file. When I navigate to the session_path "new" action I recieve an error:
HelloWeb.SessionView is not available
It looks like it is calling SessionView.render/2
In the session_controller I'm simply trying to render the new.html.eex, here's the new action:
def new(conn, _params) do
render conn, "new.html"
end
Phoenix should be rendering the "new" template but the error keeps coming up and I'm not sure why. Everything is spelled correctly and I have the routes correctly mapped in the "router.ex" file.
## Routes for sessions ##
get "/login", SessionController, :new
post "/login", SessionController, :create
delete "/logout", SessionController, :delete
However, a call to "login" yields the error
SessionView.render/2 is undefined (module HelloWeb.SessionView is not available).
What is going on that's causing Phoenix to not load the "new" template?
Update: Here is the session_view:
defmodule Gofish.SessionView do
use GofishWeb, :view
end
You need to create a session_view.ex on the lib/hello_web/views directory.
Its minimal content will be:
defmodule HelloWeb.SessionView do
use HelloWeb, :view
end
When posting a form with a csrf token, $this->input->post("csrf_token") is empty.
I could post a duplicate csrf_token using another field name. But that looks a bit unnecessary.
Is there (another) way to get it?
__
All is done using AJAX. So first of all, a token must be requested, and is provided using a json template, populating it this way:
$data["json"] = array(
"csrf_token" => $this->security->get_csrf_hash()
);
Using that token, a ajax POST request is done, sending user login, password. If ?debugis added to the request url, and the ENVIRONMENT is not production, the complete post request parameters are added to the json output. Like so:
if( !is_null($this->input->get("debug")) && ENVIRONMENT != 'production'){
$debug = TRUE;
$data["json"]["post"] = $this->input->post();
}
And I get:
"post": {
"un": "test",
"pw": "test"
}
Adding $data["json"]["old_token"] = $this->input->post("csrf_token");gives me "old_token": null
The Cross-site request forgery itself, works as expected: no token, wrong token or expired token gives an error. So Codigniter does receive the token as a supposed to. It seems to be removed from the post data.
After some poking around, I've found the answer. The security class removes the token from the POST array: unset($_POST[$this->_csrf_token_name]); (core/Security.php in csrf_verify() at line 234)
I won't change that line, to be sure the controller keeps functioning after updating Codeigniter.
I am trying to insert a captcha in to my application's registration form. I need place a controller helper method to check whether the captcha is valid. I'm using OmniAuth-identity for my simple authentication, which does not provide a controller method. The user's registration form posts directly to the OmniAuth handler and so can't able to check the this helper method that is
if verify_recaptcha(:model => #post, :message => "Oh! It's error with reCAPTCHA!") && #post.save
# ...
else
# ...
end
Can anyone please help me on this how to place a controller helper method using OmniAuth-identity?
The readme gives a hint on hooking up Omniauth-Identity lifecycle events to controller actions. Here's an example adapted to fit what your asking for:
# application.rb
use OmniAuth::Builder do
provider :identity,
:fields => [:email],
:on_login => UsersController.action(:login)
end
this pr will be helpful.
for example:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :identity, on_validation: lambda {|env| Captcha.valid_captcha?(env)}
end
I need to get the quantity of items from a form and pass that to CI's paypal_lib auto_form:
This is my controller:
function auto_form()
{
$this->paypal_lib->add_field('business', 'admin_1261513315_biz#pixelcraftwebdesign.com');
$this->paypal_lib->add_field('return', site_url('home/success'));
$this->paypal_lib->add_field('cancel_return', site_url('home/cancel'));
$this->paypal_lib->add_field('notify_url', site_url('home/ipn')); // <-- IPN url
$this->paypal_lib->add_field('custom', '1234567890'); // <-- Verify return
$this->paypal_lib->add_field('item_name', 'Paypal Test Transaction');
$this->paypal_lib->add_field('item_number', '001');
$this->paypal_lib->add_field('quantity', $quant);
$this->paypal_lib->add_field('amount', '1');
$this->paypal_lib->paypal_auto_form();
}
I have a library of my own that validates the input and redirects to auto_form on validation. I just need to pass the var $quant to the controller.
How can I achieve this?!
If you're redirecting directly to the auto_form controller method you can setup an argument there to pass your data in:
auto_form($quant)
Then, depending assuming you have no routes, rewriting, or querystrings 'on' (basically a stock CI setup) to interfere, and you are using the URL helper to redirect, you would do your redirect something like this:
redirect('/index.php/your_controller/auto_form/'. $quantity_from_form);
More on passing URI segments to your functions here.
Or if you're already using CI sessions in your application you can add the quantity value to a session variable for later retrieval inside of the auto_form controller method:
// Set After Your Form Passed Validation
$this->session->set_userdata('quant', $quantity_from_form);
// Retrieve Later in Controller Method After Redirect
$this->paypal_lib->add_field('quantity', $this->session->userdata('item'));
More on CI sessions here.
Hey there, im a little bit confused about handling invalid user authentication request, at login controller. So, i already have modified login view, but cant figure out where to put the exception handling block. It should work like this: you login - if its incorrect you will see warning message at /login .
Any ideas ?
What strategy have you chosen ? In my custom Strategy, I call the class method 'authenticate' on my User class:
class User
def self.authenticate(login, password)
u = User.first(:conditions => ['email = ?', login]) # find a user with this login
if u && u.authenticated?
return u
else
nil
end
end
end
Also, you might want to look at the source code of merb-auth-more/mixins/salted_user which is a module that is automatically mixed into your User class.
you would put your exception handling action in the exceptions controller
# handle NotAuthorized exceptions (403)
def not_authorized
render :format => :html
end
and to customise the view you would create a template in app/views/exceptions/not_authorized.html.haml