Hey there, im a little bit confused about handling invalid user authentication request, at login controller. So, i already have modified login view, but cant figure out where to put the exception handling block. It should work like this: you login - if its incorrect you will see warning message at /login .
Any ideas ?
What strategy have you chosen ? In my custom Strategy, I call the class method 'authenticate' on my User class:
class User
def self.authenticate(login, password)
u = User.first(:conditions => ['email = ?', login]) # find a user with this login
if u && u.authenticated?
return u
else
nil
end
end
end
Also, you might want to look at the source code of merb-auth-more/mixins/salted_user which is a module that is automatically mixed into your User class.
you would put your exception handling action in the exceptions controller
# handle NotAuthorized exceptions (403)
def not_authorized
render :format => :html
end
and to customise the view you would create a template in app/views/exceptions/not_authorized.html.haml
Related
Thru the Shopify API I can create webhooks great. I've created ones that point to RequestBin just fine, the data that is sent to RequestBin is perfect. But when I turn it towards my own controllers nothing happens. I have a binding.pry in my controller to catch anything that comes in, and nothing ever comes in. Not sure why??
Here is me creating the hook with the ShopifyAPI gem:
webhook = ShopifyAPI::Webhook.create(:topic => "carts/update",
:format => "json",:address => "https://dyno-shipping-trimakas.c9users.io
/webhook/cart_callback/")
And then here it is verified when I list the webhooks:
{"id"=>226014599,
"address"=>
"https://dyno-shipping-trimakas.c9users.io/webhook/cart_callback/",
"topic"=>"carts/create",
"created_at"=>"2016-02-24T17:20:02-05:00",
"updated_at"=>"2016-02-24T17:20:02-05:00",
"format"=>"json",
"fields"=>[],
"metafield_namespaces"=>[]}
This is my controller:
class WebHookController < ApplicationController
skip_before_action :verify_authenticity_token, only: [:cart_callback]
def cart_callback
binding.pry
x = params
pp x
end
end
Then finally this is my route:
scope '/webhook', :controller => :webhook do
post :cart_callback
end
Not sure where I went astray??
I am trying to insert a captcha in to my application's registration form. I need place a controller helper method to check whether the captcha is valid. I'm using OmniAuth-identity for my simple authentication, which does not provide a controller method. The user's registration form posts directly to the OmniAuth handler and so can't able to check the this helper method that is
if verify_recaptcha(:model => #post, :message => "Oh! It's error with reCAPTCHA!") && #post.save
# ...
else
# ...
end
Can anyone please help me on this how to place a controller helper method using OmniAuth-identity?
The readme gives a hint on hooking up Omniauth-Identity lifecycle events to controller actions. Here's an example adapted to fit what your asking for:
# application.rb
use OmniAuth::Builder do
provider :identity,
:fields => [:email],
:on_login => UsersController.action(:login)
end
this pr will be helpful.
for example:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :identity, on_validation: lambda {|env| Captcha.valid_captcha?(env)}
end
I'd like a controller method to respond by disabling/denying layout if the request happens to be an ajax request (i.e., request.xhr? == true).
The following doesn't seem to work -- it returns the layout nonetheless
class FooController < Ramaze::Controller
layout :default
def bar
if request.xhr?
layout nil
"return something here" #just return this string without the layout
else
... #return with full layout
end
end
You can bypass view and layout rendering by calling respond! like this :
respond!(body, status, 'Content-Type' => 'whatever/foo')
Where body is your (json ?) body, status the HTTP response code.
You can then provide a hash with returned headers.
However, you might be interested in provides that can handle requests differently if they end, for instance, with '.json'. See http://ramaze.net/documentation/file.views.html#View_Mapping for more info on this.
I'm attempting to upload an image via ajax using paperclip.
I'm using the qqfileuploader for the ajax stuff and it doesn't seem to have an option where I can define the parameter name for the post request.
The parameters sent from the ajax post are
qqfile=filename.jpg
so in my model, I have aliased qqfile to photo
alias_attribute :qqfile, :photo
has_attached_file :photo
attr_accessible :title, :photo
when I upload a file via ajax, I get the following errors
Parameters: {"qqfile"=>"Penguins.jpg"}
WARNING: Can't verify CSRF token authenticity
Creating scope :page. Overwriting existing method User.page.
User Load (1.2ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT 1
Creating scope :page. Overwriting existing method RoleUser.page.
Creating scope :page. Overwriting existing method Role.page.
Role Load (1.4ms) SELECT `roles`.* FROM `roles` INNER JOIN `role_users` ON `roles`.`id` = `role_users`.`role_id` WHERE `role_users`.`user_id` = 1
SQL (0.7ms) BEGIN
Creating scope :page. Overwriting existing method Task.page.
[paperclip] Duplicate URL for photo with /system/:attachment/:id/:style/:filename. This will clash with attachment defined in Recipe class
I'm not sure if the CSRF token will be an issue, there is a token on the page, so maybe I just need to be sending that, I assume I can get it is a variable with javascript?
But what is the deal with the duplicate url??? Am I not aliasing correctly? Can I not alias a paperclip object for some reason?
my controller is also very simple
def create
#recipe = Recipe.new(params[:recipe])
#recipe.author_id=current_user.id
if #recipe.save
return render :json => #recipe
else
return render :text => 'an error occured saving the recipe'
end
end
Rails generates a security token for POST events based on the user's session. If that token is missing or doesn't match what's expected, the session will be reset. See this:
http://guides.rubyonrails.org/security.html#csrf-countermeasures
As for the duplicate URL, are you sure your URL pattern is specific enough? It looks to me that if you upload a file with the same name for the same model instance you'd have a problem. It would help to see your controller code.
I'm trying to run some code on a controller in Volt, but only on certain pages. I've looked through the docs, but I'm not really sure how to get access to a given page's URL. Is there perhaps some hidden variable or something in the page model, like so?:
module Main
class MyController < Volt::ModelController
model :page
def index
end
def template_page
if page.url == "/foo/bar" # obviously, this doesn't actually work
# run some code
end
end
end
end
If you are using bindings in your URL, for example
client '/examples/{{ category }}/{{ example }}', controller: 'examples', action: 'template'
you can access those in the controller via the params collection:
params._category
params._example
In other cases you URL should be static anyway.
Sorry for the late reply. I added docs for the url method which is available from controllers:
http://docs.voltframework.com/en/docs/url.html