I set disable_perishable_token_maintenance(true) in my User model. If I want to create a user, I have to set perishable_token column default value to '' in my users database table. My question is: Is it safe to have empty perishable_token columns? What would you do to make things more secure? ...
Hi, I have a rails app with authlogic and LDAP, but my problem is i can see all the users password on the log file, is there something to fix to encrypt those passwords. For ldap i use :encryption simple_TLS Thanks for your help ...
Within Authlogic, is there a way that I can add conditions to the authentication method? I know by using the find_by_login_method I can specify another method to use, but when I use this I need to pass another parameter since the find_by_login_method method only passes the parameter that is deemed the 'login_field'. What I need to do i...
I have a Rails 2.3.x app that implements the act_as_authentic in User model and a UserSession model as per Authlogic Github example. I am implementing an API to allow access from iPhone. Will be using HTTP Basic authentication via https (will not implement single access token). Each API call requires a username/password for the access. ...
I want to understand the sequence of steps how it is verified that a user has permission to particular application page ('Acl', 'Auth', 'Security' components are used). For example, a visitor clicks a link on another site that directs him to my application. What is the sequence of steps that my application does to verify that this user h...
Can you suggest some working example of it? I tried Authlogic and Devise withous success. ...
Hey, please help me to understand something. In Authlogic example in UsersController it's always used @current_user, so for instance: def show @user = @current_user end (taken from http://github.com/binarylogic/authlogic_example/blob/master/app/controllers/users_controller.rb) Why is that? In my controllers I use just current_user...
I'm adding some columns to one of my database tables, and then populating those columns: def self.up add_column :contacts, :business_id, :integer add_column :contacts, :business_type, :string Contact.reset_column_information Contact.all.each do |contact| contact.update_attributes(:business_id => contact.client_id, :business...
I've been trying to build my first rails app and have gotten stuck on the issue of user authentication. I've found a number of tutorials for using various plug-ins to do this, but so far every single one of them is out-dated, and as a result, broken! From what I've read, I think Authlogic may be the best fit for me, and I've tried two ...
Hi, I'am looking for an easy authentication for my users mostly via facebook, but keeping OpenID and other OAuth alternatives as well. For the case if something will go very bad, I will ask my users to optionally provide their email address, which should be obtained via OpenID or OAuth if possible. The same thing is about their name. I ...
Just a day into hobo now I think it's great but got a small problem. User session are running with hobo, can't get current_user. I can login in to my site as normal without adding the line session[:user] = user.typed_id def create @user_session = UserSession.new(params[:user_session]) session[:user] = user.typed_id if...
I'm slowly but surely putting together my first rails app (first web-app of any kind in fact - I'm not really a programmer) and it's time to set up a user registration/login system. The nature of my app is such that each user will be completely separated from each other user (except for admin roles). When users log in they will have thei...
Hey, I implemented authentication with Authlogic and authorization with Acl9. Now I'm trying to avoid multiple hits to database to check if user is admin by keeping this in the session. What I thought is that this code should work: class ApplicationController < ActionController::Base ... helper_method :current_user_session, :curre...
Hi, I'm trying to run http://github.com/tardate/rails-authlogic-rpx-sample (only rails version was changed) but get error message http://gist.github.com/385696, when RPX returns information after successful authentication via Google Account. What is wrong here? And how I can fix it? The code was successfully tested with rails 2.3.3 by i...
Following this tutorial getting the following errors: NameError in Admin/dashboardsController#show uninitialized constant Admin::DashboardsController NameError in Admin sessionController#new uninitialized constant Admin::AdminHelper not sure how to correct this! ...
Hi, I want to use email for signing in, and to allow users to have similar names. One way to do this is to rename login/username field to something different. However, I would prefer to do it just by authlogic settings. I tried the following acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.valida...
Hello, i followed this tutorial fo setting Autlogic up properly. So, my site needs a form of level, like "Admin", "Moderator", "User", "Guest". So Admins can do everything, where Moderators may not can make site changes. And Users can't destroy, Update or Create. I've have googled a bit.. But nothing found, so i thought you guys might ...
I added the authlogic_facebook_connect plugin to my project and I'm now having problem running my cucumber test because of a NoMethodError. undefined method `set_facebook_session' for nil:NilClass (NoMethodError) In authlogic_facebook_connect/Session.rb the method "authenticating_with_facebook_connect?" is called as some sort of callb...
Hi, i have configured to use authlogic and declarative_authorization and configured authorization_rules.rb. All is fine but on attemp to access localhost/authorization_rules i see "You are not allowed to access this action.". I've added has_permission_on :authorization_rules, :to => [:index, :show] but nothing changed :( In logs i se...
Hi everyone! This is my first post on Stack Overflow. I am trying to build a system that authenticates three types of user with completely different site experiences: Customers, Employers, and Vendors. I'm thinking of using a polymorphic 'User' table (using AuthLogic) with username, password, and user_type (+ AuthLogic's other required...