kobaltzPRO
| # | Name |
|---|
See if this episode helps out. It uses devise and the knock gem for JWT authentication.
https://www.driftingruby.com/episodes/rails-api-authentication-with-jwt
Is the curl request in the notes malformed? I am only changing the values of the email and password like so:
curl -H 'Content-Type: application/json' -X POST -d '{"email":"[email protected]","password":"1234"}' http://localhost:3000/authenticate
Thank you for the very prompt reply!
That looks right. I just downloaded and unzipped the app and ran the show notes cURL statement as well as yours. Here's the logs.
In each case, you can see where the parameters are properly getting parsed. Here's my curl version
curl --version curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20 zlib/1.2.11 nghttp2/1.24.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:08 -0400
(0.1ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
↳ /Users/kobaltz/.rvm/gems/ruby-2.4.3/gems/activerecord-5.2.0/lib/active_record/log_subscriber.rb:98
Processing by SessionsController#create as */*
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
↳ app/services/authenticate_user.rb:17
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
↳ app/services/authenticate_user.rb:17
Completed 200 OK in 110ms (Views: 0.2ms | ActiveRecord: 0.7ms)
Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:22 -0400
Processing by SessionsController#create as */*
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
↳ app/services/authenticate_user.rb:17
Completed 401 Unauthorized in 1ms (Views: 0.1ms | ActiveRecord: 0.1ms)```
Curl version:
curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
Ruby version:
ruby 2.4.4p296 (2018-03-28 revision 63013) [x64-mingw32]
Line 17 of authenticate_user has the safe navigation operator which could potentially be causing issues, but I just checked and that was added in ruby 2.3.
Perhaps this is just an issue with development on windows, but I haven't had issues with curl in the past.
I believe you're correct. The Windows implementation of cURL may be a bit different and/or how the command prompt handles the syntax.
https://www.driftingruby.com/episodes/ruby-on-rails-development-with-microsoft-windows-10
https://www.driftingruby.com/episodes/intro-to-docker-on-windows
Check out these episodes. I'd highly recommend one of these methods if you're going to be developing on a Windows machine. Alternatively, you could also do a VirtualBox Ubuntu VM or something similar.
It ended up being an issue with how quotes are interpreted for windows cmd. I was able to get it working by replacing all the single quotes with double quotes and then escaping the double quotes for the arguments like so:
curl -H "Content-Type:application/json" -X POST -d "{\"email\": \"[email protected]\", \"password\": \"1234\"}" http://localhost:3000/authenticate
Thanks again. I will spin up an ubuntu server vm later but I didn't feel like dealing with the setup tonight.
One other thing, I think it would be good to mention your episode #123 Encrypted Credentials in Rails 5.2 as the setup in this is required, at least for generating the credentials.yml.enc and master.key.
That looks right. I just downloaded and unzipped the app and ran the show notes cURL statement as well as yours. Here's the logs.
In each case, you can see where the parameters are properly getting parsed. Here's my curl version
curl --version curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20 zlib/1.2.11 nghttp2/1.24.0 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:08 -0400
(0.1ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
↳ /Users/kobaltz/.rvm/gems/ruby-2.4.3/gems/activerecord-5.2.0/lib/active_record/log_subscriber.rb:98
Processing by SessionsController#create as */*
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
↳ app/services/authenticate_user.rb:17
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
↳ app/services/authenticate_user.rb:17
Completed 200 OK in 110ms (Views: 0.2ms | ActiveRecord: 0.7ms)
Started POST "/authenticate" for 127.0.0.1 at 2018-08-05 22:50:22 -0400
Processing by SessionsController#create as */*
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
↳ app/services/authenticate_user.rb:17
Completed 401 Unauthorized in 1ms (Views: 0.1ms | ActiveRecord: 0.1ms)```
Curl version:
curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
Ruby version:
ruby 2.4.4p296 (2018-03-28 revision 63013) [x64-mingw32]
Line 17 of authenticate_user has the safe navigation operator which could potentially be causing issues, but I just checked and that was added in ruby 2.3.
Perhaps this is just an issue with development on windows, but I haven't had issues with curl in the past.
I believe you're correct. The Windows implementation of cURL may be a bit different and/or how the command prompt handles the syntax.
https://www.driftingruby.com/episodes/ruby-on-rails-development-with-microsoft-windows-10
https://www.driftingruby.com/episodes/intro-to-docker-on-windows
Check out these episodes. I'd highly recommend one of these methods if you're going to be developing on a Windows machine. Alternatively, you could also do a VirtualBox Ubuntu VM or something similar.
It ended up being an issue with how quotes are interpreted for windows cmd. I was able to get it working by replacing all the single quotes with double quotes and then escaping the double quotes for the arguments like so:
curl -H "Content-Type:application/json" -X POST -d "{\"email\": \"[email protected]\", \"password\": \"1234\"}" http://localhost:3000/authenticate
Thanks again. I will spin up an ubuntu server vm later but I didn't feel like dealing with the setup tonight.
One other thing, I think it would be good to mention your episode #123 Encrypted Credentials in Rails 5.2 as the setup in this is required, at least for generating the credentials.yml.enc and master.key.
I believe you're correct. The Windows implementation of cURL may be a bit different and/or how the command prompt handles the syntax.
https://www.driftingruby.com/episodes/ruby-on-rails-development-with-microsoft-windows-10
https://www.driftingruby.com/episodes/intro-to-docker-on-windows
Check out these episodes. I'd highly recommend one of these methods if you're going to be developing on a Windows machine. Alternatively, you could also do a VirtualBox Ubuntu VM or something similar.
It ended up being an issue with how quotes are interpreted for windows cmd. I was able to get it working by replacing all the single quotes with double quotes and then escaping the double quotes for the arguments like so:
curl -H "Content-Type:application/json" -X POST -d "{\"email\": \"[email protected]\", \"password\": \"1234\"}" http://localhost:3000/authenticate
Thanks again. I will spin up an ubuntu server vm later but I didn't feel like dealing with the setup tonight.
One other thing, I think it would be good to mention your episode #123 Encrypted Credentials in Rails 5.2 as the setup in this is required, at least for generating the credentials.yml.enc and master.key.
<%#= f.hidden_field :campcategory %>
<%= f.input :extended_profile, id: 'user_extended_profile' %> <%= content_tag :div, class: 'js-dependent-fields', data: { 'checkbox-id': 'user_extended_profile', 'checkbox-value': 'true'} do %> <%= f.input :city %> <%= f.input :state %> <%= f.input :zipcode %> <% end %>
Database Fields:
Createcampaign(id: integer, campcategory: integer, categoryname: string, camptitle: string, campdescription: string, decisionmaker: string, city: string, state: string, zipcode: string, country: string, created_at: datetime, updated_at: datetime, category_id: integer, image: string, user_id: integer, admin: boolean, cached_votes_up: integer, cached_votes_down: integer, cached_votes_score: integer, county: string, campaigntype: integer, reason: string, organizername: string, organizerid: integer, protestlocation: string, gatheringrules: string, restricteditems: string, parking: string, startdate: date, enddate: date*, extended_profile: boolean) *
controller function:
```
def create
@users = User.all @createcampaign = Createcampaign.new(createcampaign_params) @citystate = ZipCodes.identify(params[:zipcode]) logger.log(@citystate) #respond_to do |format| if @createcampaign.save @createcampaign = Createcampaign.where(:user_id => current_user.id).last #redirect_to event_build_path(event_id: @event.id, id: Wicked::FIRST_STEP) redirect_to campaignstep_path(createcampaign_id: @createcampaign.id, id: :interest), notice: 'Createcampaign was successfully created.' #format.html { redirect_to after_createcampaign_path, notice: 'Createcampaign was successfully created.' } #render :render_wizard #format.json { render :show, status: :created, location: @createcampaign } else render :new #format.html { render :new } #format.json { render json: @createcampaign.errors, status: :unprocessable_entity } #end end
Thanks Dave!
I just added require 'invisible_captcha' and InvisibleCaptcha.time_stamp_enabled = false in my spec/rails_helper.rb and all is good again with the world.
Thanks for the quick response!
I think that this would be a great episode. In your example, would the token be used in addition to their username and password for multifactor auth? Or, are you thinking that the user would not have a username and password and they would simply authenticate with the token?
Keep in mind that with security around authentication, ticking off more of these in the list below strengthens the auth wall.
- something you know (username and password)
- something you have (registered cell phone with app for token)
- something you are (fingerprint, facial, etc. i.e., Touch ID to unlock phone)
I would highly advise against using just a token to authenticate without needing the username and password if that was the direction you were referring to.
You could do it, but you'd likely be overwriting a lot of the devise gem. If this were the direction, I probably wouldn't use devise as it's including so much that wouldn't be applicable in this case. I'd still use the OTP gem as it would be able to handle generating and validating the token.