I've created a learning application using Bort, which is a base app that includes Restful Authentication and RSpec. I've got it up and running and added a new object that requires users to be logged in before they can do anything(before_filter :login_required in the controller). [edit: I should also mention that the user has_many of th...
I'm using the current version of restful_authentication that is found on github and I'm having a bunch of strange session issues. The server seems to be somehow assigning sessions to users it shouldn't be. This only happens when crossing the logged out/logged in barrier. Here's an example. With no sessions active on the server, I log in...
In a project which uses restful_authentication with acts_as_state_machine and email activation, I get a double render error whenever a user does the activation action from the email link. I'm using the default def activate self.current_user = params[:activation_code].blank? ? false : User.find_by_activation_code(params[:activation_c...
What does RESTful Authentication mean and how does it work. I can't find a good overview on google. My only understanding is that you pass the session key (remeberal) in the URL, but this could be horribly wrong. Thanks for your input! ...
I'm building an iPhone application that talks to a Ruby on Rails backend. The Ruby on Rails application will also service web users. The restful_authentication plugin is an excellent way to provide quick and customizable user authentication. However, I would like users of the iPhone application to have an account created automatically by...
Hi all, What is the best approach to implementing authorisation/authentication for a Windows Forms app talking to an IIS-hosted RESTful WCF Service? The reason I ask is I am very confused, after sifting through different articles and posts expressing a different method and eventually hitting a ~650 page document on WCF Security Best Pr...
How can I read Authorization header information from a REST based WCF service? ...
This is related to this question. I'm writing a Flex app (a WindowedApplication) that uses REST. Everything's fine when I post with valid authentication, but if I happen to pass an invalid username or password to the REST API (a Twitter REST API, to be specific), an authentication dialog pops up. That's not a desirable user experience, ...
I have implemented authentication systems for webapps several times over the years, but before I do it once more, I thought I'd ask if there's a canned solution I should know about. Last time I checked, there was no built-in Rails authentication system and the standard solution was the restful-authentication plugin. Is that still the ca...
I need to maintain session information between REST calls to an Apache server. Not having ever developed on the Apache platform I hope to find a package / module that can help facilitate session information and application security. Please target you answers for a newbie. ...
Hi all, I have developed a 'REST-like' XML API that I wish to expose for consumption by third-party web applications. I'm now looking to implement a security model for the exchange of data between a third-party application and the 'REST-like' XML API. I would appreciate suggestions for a suitable asymmetric encryption model. Thanks. ...
This question crossed my mind after I read this post: “Common REST Mistakes: Sessions are irrelevant” If sessions are indeed discouraged in a RESTful application. How would you handle licenses in such application. I'm specifically referring to concurrent licenses model and not named licenses. i.e. the customer buys X licenses which mea...
Hi guys. I am designing a web api. I need to let the user authenticate themselves. I am a little hesistant to let the user pass in their username/password in cleartext.. something like: api.mysite.com/auth.php?user=x&pass=y Another option i read about was Base64 encoding the username/password and then sending a HTTP request. So does tha...
I am moderately new to Rails so this may be a stupid question... I followed the basic steps noted on the github site for the plugin (mainly installed the plugin, ran the generator, modified environment.rb and created the UserObserver class in the models directory) The error I'm getting is saying it's coming from active_support/dependen...
i have a 2.2.3 app which i upgraded to 2.3.2 it's a multi-site (using subdomain) that creates one top level session for all sites. this is how i change the domain in production.rb: ActionController::Base.session_options[:domain] = "xxx.com" # in rails 2.2.2, this is what i used to do: # ActionController::Base.session_options[:session...
After cloning the latest stable versions of rails (2.3.2), rspec (1.2.2), cucumber (0.2.0.4...came out 2009-03-24), rspec-rails (1.2.2), restful-authentication (fixed formatted_user_path and a few other problems), webrat, rubyist-aasm (and a few others) into a clean rails application, and following (what I believe are) all the ins...
I recently installed the technoweenie / restful-authentication plugin (which works as promised), but while going through the *users_controller#created*, I found a reference to a method call on the user model @user.register! Does anyone know where the method is defined? I've pretty much search all of the generated code, and still don'...
My clean install of the Restful-Authentication plugin fails with the following message. undefined method `acts_as_state_machine' for #Class:0x46edaf8 Any ideas on how I can resolve this? Note: The *act_as_state_machine* plugin is installed Note: The restful-authentication plugin was installed with the following command script/gen...
I'm using restful_authentication in my app. I'm creating a set of default users using a rake task, but every time I run the task an activation email is sent out because of the observer associated with my user model. I'm setting the activation fields when I create the users, so no activation is necessary. Anyone know of an easy way to...
Hi, i installed restful_authentication and its working, the login page allows me to login but i have another controller called admin and want to embed a login view inside the admin controller. Actually the url to the login view is : localhost:3000/login (it worked and i needed so that users can log in). I need : localhost:3000/admin/logi...