views:

501

answers:

1

Hello, I am trying to use the Rest-client gem to do a few small tasks for my app which uses Authlogic to authenticate users. From Rest-Client's API, I see that one can post data necessary for the log-in process like this:

require 'rest_client'
RestClient.post "http://127.0.0.1:3000/user_sessions", {:user_session => {:username => 'myusername', :password => 'mypassword'}}.to_json, :content_type => :json, :accept => :json

Looking at my development log, I see that the app has logged in me and redirected me correctly to the user's private page. However, when I then tried to 'reload' the private page,

RestClient.get 'http://127.0.0.1:3000/users/1'

I am brought back to the login page again, as if I hadn't logged in. So I was wondering if this has to do with something called the session or cookies?

I have used cURL to reproduce this scenario successfully, where I use the switch '-c cookie.txt' to save information about my having already logged in, and use the switch '-b cookie.txt' for each call to tell the remote server about my authenticated-ness. I can understand this concept of like a stamp on your wrist when going in a theme-park or a bar where they know you paid. But I find no mentioning of such a mechanism in RestClient. Any help would be great to solve this. I don't mind trying other http clients, either.

Regards

+5  A: 

If you use Authlogic, you could be using the Single Use Token instead of user/pass. The Single Use Token is specifically for API calls like what it sounds like you're doing here.

See: The rdocs here

Josh Lindsey
Thanks Josh! I will look into it now. Now, I am concerned about the word 'Single' in the API, does that mean I cannot use it again to log in? Or does it change each time I use it?
Nik
@Nik it just means that you have to provide it on each request. So instead of simulating a login and trying to pass the cookies around, you would just include the token. It doesn't change automatically. Think of it like an API key.
Josh Lindsey
That sounds great, exactly what I actually wanted. I do use Authlogic with Ryan Bates's railscast as tutorial, which doesn't cover SingleAccesstoken. My User.rb looks like this create_table "users", :force => true do |t| t.string "username" t.string "email" t.string "crypted_password" t.string "password_salt" t.string "persistence_token" t.datetime "created_at" t.datetime "updated_at" t.integer "person_id" t.string "perishable_token", :default => "", :null => false endHow can I get single access token functionality? Just a migration ?
Nik
`script/generate migration add_single_access_token_to_users single_access_token:string` Any new users created after this is run will automatically have tokens. If you need to update the old users, you could make a script or use script/console and call reset_single_access_token! on each one.
Josh Lindsey
Oh wow, that's it? I will try it now
Nik
And I don't need to turn the acts_as_authentic into a block in the User.rb like this?class Useracts_as_authenitc do |c|c.single_access_token = trueendend
Nik
I GOT IT! I wasn't able to until I added the single_access_allowed? method to the my ProjectsController. It now works! Thanks for your help all along Josh
Nik
Josh do you know of any GitHub repository or online tutorial that shows how to setup the single access token stuff with authlogic. From what I've seen so far in the Docs and the authlogic google group this feature does not work for all users (including me).
Colins