Rails: Access to current_user from within a model in Ruby on Rails
I need to implement fine-grained access control in a Ruby on Rails app. The permissions for individual users are saved in a database table and I thought that it would be best to let the respective resource (i.e. the instance of a model) decide whether a certain user is allowed to read from or write to it. Making this decision in the controller each time certainly wouldn’t be very DRY. The problem
Is devise's token_authenticatable secure?
token_authenticatable is vulnerable to timing attacks, which are very well explained in this blog post. These attacks were the reason token_authenticatable was removed from Devise 3.1. See the plataformatec blog post for more info. To have the most secure token authentication mechanism, the token: Must be sent via HTTPS. Must be random, of cryptographic strength. Must be securely compared. Must no
Stubbing authentication in request spec
When writing a request spec, how do you set sessions and/or stub controller methods? I'm trying to stub out authentication in my integration tests - rspec/requests Here's an example of a test require File.dirname(__FILE__) + '/../spec_helper' require File.dirname(__FILE__) + '/authentication_helpers' describe "Messages" do include AuthenticationHelpers describe "GET admin/messages" do before(:each
Rails, Devise authentication, CSRF issue
I'm doing a singe-page application using Rails. When signing in and out Devise controllers are invoked using ajax. The problem I'm getting is that when I 1) sign in 2) sign out then signing in again doesn't work. I think it's related to CSRF token which gets reset when I sign out (though it shouldn't afaik) and since it's single page, the old CSRF token is being sent in xhr request thus resetting
How to redirect to previous page in Ruby On Rails?
I have a page that lists all of the projects that has sortable headers and pagination. path: /projects?order=asc&page=3&sort=code I choose to edit one of the projects path: projects/436/edit When I click save on that page, it calls the projects controller / update method. After I update the code I want to redirect to the path that I was on before I clicked edit a specific project. In other words,
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
How to setup a RoR application with SSO on Azure AD
How to authenticate Titanium client
