kobaltzPRO

Joined 7/18/2015
# Name
kobaltz PRO said 2 months ago:

See if this episode helps out. It uses devise and the knock gem for JWT authentication.

https://www.driftingruby.com/episodes/rails-api-authentication-with-jwt

kobaltz PRO said about 2 months ago:

It looks like the cURL request may be malformed as it is setting the parameter's key as the full hash and the [FILTERED] part is the value.

amarillo11 said about 2 months ago:

Is the curl request in the notes malformed? I am only changing the values of the email and password like so:
curl -H 'Content-Type: application/json' -X POST -d '{"email":"[email protected]","password":"1234"}' http://localhost:3000/authenticate

Thank you for the very prompt reply!

kobaltz PRO said about 2 months ago:

That looks right. I just downloaded and unzipped the app and ran the show notes cURL statement as well as yours. Here's the logs.

In each case, you can see where the parameters are properly getting parsed. Here's my curl version

curl --version
curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20 zlib/1.2.11 nghttp2/1.24.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:08 -0400
   (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
  ↳ /Users/kobaltz/.rvm/gems/ruby-2.4.3/gems/activerecord-5.2.0/lib/active_record/log_subscriber.rb:98
Processing by SessionsController#create as */*
  Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
  ↳ app/services/authenticate_user.rb:17
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
  ↳ app/services/authenticate_user.rb:17
Completed 200 OK in 110ms (Views: 0.2ms | ActiveRecord: 0.7ms)


Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:22 -0400
Processing by SessionsController#create as */*
  Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
  ↳ app/services/authenticate_user.rb:17
Completed 401 Unauthorized in 1ms (Views: 0.1ms | ActiveRecord: 0.1ms)```

amarillo11 said about 2 months ago:

Curl version:
curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL

Ruby version:
ruby 2.4.4p296 (2018-03-28 revision 63013) [x64-mingw32]

Line 17 of authenticate_user has the safe navigation operator which could potentially be causing issues, but I just checked and that was added in ruby 2.3.

Perhaps this is just an issue with development on windows, but I haven't had issues with curl in the past.

kobaltz PRO said about 2 months ago:

I believe you're correct. The Windows implementation of cURL may be a bit different and/or how the command prompt handles the syntax.

https://www.driftingruby.com/episodes/ruby-on-rails-development-with-microsoft-windows-10
https://www.driftingruby.com/episodes/intro-to-docker-on-windows

Check out these episodes. I'd highly recommend one of these methods if you're going to be developing on a Windows machine. Alternatively, you could also do a VirtualBox Ubuntu VM or something similar.

amarillo11 said about 2 months ago:

It ended up being an issue with how quotes are interpreted for windows cmd. I was able to get it working by replacing all the single quotes with double quotes and then escaping the double quotes for the arguments like so:
curl -H "Content-Type:application/json" -X POST -d "{\"email\": \"[email protected]\", \"password\": \"1234\"}" http://localhost:3000/authenticate

Thanks again. I will spin up an ubuntu server vm later but I didn't feel like dealing with the setup tonight.

One other thing, I think it would be good to mention your episode #123 Encrypted Credentials in Rails 5.2 as the setup in this is required, at least for generating the credentials.yml.enc and master.key.

kobaltz PRO said about 2 months ago:

That looks right. I just downloaded and unzipped the app and ran the show notes cURL statement as well as yours. Here's the logs.

In each case, you can see where the parameters are properly getting parsed. Here's my curl version

curl --version
curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20 zlib/1.2.11 nghttp2/1.24.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:08 -0400
   (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
  ↳ /Users/kobaltz/.rvm/gems/ruby-2.4.3/gems/activerecord-5.2.0/lib/active_record/log_subscriber.rb:98
Processing by SessionsController#create as */*
  Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
  ↳ app/services/authenticate_user.rb:17
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
  ↳ app/services/authenticate_user.rb:17
Completed 200 OK in 110ms (Views: 0.2ms | ActiveRecord: 0.7ms)


Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:22 -0400
Processing by SessionsController#create as */*
  Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
  ↳ app/services/authenticate_user.rb:17
Completed 401 Unauthorized in 1ms (Views: 0.1ms | ActiveRecord: 0.1ms)```

amarillo11 said about 2 months ago:

Curl version:
curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL

Ruby version:
ruby 2.4.4p296 (2018-03-28 revision 63013) [x64-mingw32]

Line 17 of authenticate_user has the safe navigation operator which could potentially be causing issues, but I just checked and that was added in ruby 2.3.

Perhaps this is just an issue with development on windows, but I haven't had issues with curl in the past.

kobaltz PRO said about 2 months ago:

I believe you're correct. The Windows implementation of cURL may be a bit different and/or how the command prompt handles the syntax.

https://www.driftingruby.com/episodes/ruby-on-rails-development-with-microsoft-windows-10
https://www.driftingruby.com/episodes/intro-to-docker-on-windows

Check out these episodes. I'd highly recommend one of these methods if you're going to be developing on a Windows machine. Alternatively, you could also do a VirtualBox Ubuntu VM or something similar.

amarillo11 said about 2 months ago:

It ended up being an issue with how quotes are interpreted for windows cmd. I was able to get it working by replacing all the single quotes with double quotes and then escaping the double quotes for the arguments like so:
curl -H "Content-Type:application/json" -X POST -d "{\"email\": \"[email protected]\", \"password\": \"1234\"}" http://localhost:3000/authenticate

Thanks again. I will spin up an ubuntu server vm later but I didn't feel like dealing with the setup tonight.

One other thing, I think it would be good to mention your episode #123 Encrypted Credentials in Rails 5.2 as the setup in this is required, at least for generating the credentials.yml.enc and master.key.

kobaltz PRO said about 2 months ago:

I believe you're correct. The Windows implementation of cURL may be a bit different and/or how the command prompt handles the syntax.

https://www.driftingruby.com/episodes/ruby-on-rails-development-with-microsoft-windows-10
https://www.driftingruby.com/episodes/intro-to-docker-on-windows

Check out these episodes. I'd highly recommend one of these methods if you're going to be developing on a Windows machine. Alternatively, you could also do a VirtualBox Ubuntu VM or something similar.

amarillo11 said about 2 months ago:

It ended up being an issue with how quotes are interpreted for windows cmd. I was able to get it working by replacing all the single quotes with double quotes and then escaping the double quotes for the arguments like so:
curl -H "Content-Type:application/json" -X POST -d "{\"email\": \"[email protected]\", \"password\": \"1234\"}" http://localhost:3000/authenticate

Thanks again. I will spin up an ubuntu server vm later but I didn't feel like dealing with the setup tonight.

One other thing, I think it would be good to mention your episode #123 Encrypted Credentials in Rails 5.2 as the setup in this is required, at least for generating the credentials.yml.enc and master.key.

kobaltz PRO said about 2 months ago:

Can you post relevant code and also check to see if you have any JS errors in the Developer Tool Console of the browser? This should all work regardless of using simple_form .

[email protected] PRO said about 2 months ago:

<%#= f.hidden_field :campcategory %>

<%= f.input :extended_profile, id: 'user_extended_profile' %>
    <%= content_tag :div, class: 'js-dependent-fields', data: { 'checkbox-id': 'user_extended_profile', 'checkbox-value': 'true'} do %>
        <%= f.input :city %>
        <%= f.input :state %>
        <%= f.input :zipcode %>
    <% end %>

Database Fields:
Createcampaign(id: integer, campcategory: integer, categoryname: string, camptitle: string, campdescription: string, decisionmaker: string, city: string, state: string, zipcode: string, country: string, created_at: datetime, updated_at: datetime, category_id: integer, image: string, user_id: integer, admin: boolean, cached_votes_up: integer, cached_votes_down: integer, cached_votes_score: integer, county: string, campaigntype: integer, reason: string, organizername: string, organizerid: integer, protestlocation: string, gatheringrules: string, restricteditems: string, parking: string, startdate: date, enddate: date*, extended_profile: boolean) *

controller function:
```
def create

@users = User.all

@createcampaign = Createcampaign.new(createcampaign_params)
   @citystate = ZipCodes.identify(params[:zipcode])
  logger.log(@citystate)
#respond_to do |format|
  if @createcampaign.save
    @createcampaign = Createcampaign.where(:user_id => current_user.id).last

    #redirect_to event_build_path(event_id: @event.id, id: Wicked::FIRST_STEP)
     redirect_to campaignstep_path(createcampaign_id: @createcampaign.id, id: :interest), notice: 'Createcampaign was successfully created.'
    #format.html { redirect_to after_createcampaign_path, notice: 'Createcampaign was successfully created.' }
    #render :render_wizard
    #format.json { render :show, status: :created, location: @createcampaign }
  else
    render :new 
    #format.html { render :new }
    #format.json { render json: @createcampaign.errors, status: :unprocessable_entity }
  #end
end

kobaltz PRO said about 2 months ago:

Have you tried doing something like

    $(document).on('turbolinks:load', function() {
      DependentFields.bind()
    });

instead of the

$(document).ready(function() {
DependentFields.bind()
});

kobaltz PRO said about 2 months ago:

Have you tried doing something like

    $(document).on('turbolinks:load', function() {
      DependentFields.bind()
    });

instead of the

$(document).ready(function() {
DependentFields.bind()
});

kobaltz PRO said about 2 months ago:

it is a personal preference. Ive been using it for years without problems so I have not had a reason to change.

kobaltz PRO said about 1 month ago:

You could set this in your config to something like Rails.env.development? || Rails.env.production? or !Rails.env.test? to bypass it on the tests.

[email protected] PRO said about 1 month ago:

Thanks Dave!

I just added require 'invisible_captcha' and InvisibleCaptcha.time_stamp_enabled = false in my spec/rails_helper.rb and all is good again with the world.

Thanks for the quick response!

kobaltz PRO said 5 days ago:

I think that this would be a great episode. In your example, would the token be used in addition to their username and password for multifactor auth? Or, are you thinking that the user would not have a username and password and they would simply authenticate with the token?

Keep in mind that with security around authentication, ticking off more of these in the list below strengthens the auth wall.

  1. something you know (username and password)
  2. something you have (registered cell phone with app for token)
  3. something you are (fingerprint, facial, etc. i.e., Touch ID to unlock phone)

I would highly advise against using just a token to authenticate without needing the username and password if that was the direction you were referring to.

kobaltz PRO said 5 days ago:

You could do it, but you'd likely be overwriting a lot of the devise gem. If this were the direction, I probably wouldn't use devise as it's including so much that wouldn't be applicable in this case. I'd still use the OTP gem as it would be able to handle generating and validating the token.