Search Results

Search found 799 results on 32 pages for 'authlogic oauth'.

Page 14/32 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • Controlling access to my API using SSH public key (not SSL)

    - by tharrison
    I have the challenge of implementing an API to be consumed by relatively non-technical clients -- pasting some sample code into their WordPress or homegrown PHP site is probably as much as we can ask. Asking them to install SSL on their servers ain't happening. So I am seeking a simple yet secure way to authenticate API clients. OAuth is the obvious solution, but I don't think it passes the "simple" test. Adding a client id and hashed secret as a parameter to the requests is closer -- it's not hard to do md5($secret . $client_id) or whatever the php would be. It seems to me that if client requests could use the same approach as SSH public keys (client gives us a key from their server(s) there should be some existing magic to make all of the subsequent transactions transparently work just as regular HTTP API requests. I am still working this out (obviously :-), so if I am being an idiot, it would be nice to know why. Thanks!

    Read the article

  • Authlogic_OpenID - "uninitialized constant Rack::OpenID"

    - by Micah Alcorn
    So I followed the railscast tutorial (http://railscasts.com/episodes/170-openid-with-authlogic) and used the old version of the plugin from Ryan's git file. I can now successfuly create/register a user using OpenID (Google), but I cannot log in with this user. When I submit the OpenID that has been registered, I get "uninitialized constant Rack::OpenID". Any ideas? Thanks!

    Read the article

  • Rails OpenID Authentication Plugin No Longer Installs Rake Tasks?

    - by Rich Apodaca
    I'm following the Railscasts tutorial on using OpenID with AuthLogic. This command: $ script/plugin install git://github.com/rails/open_id_authentication.git installs the plugin, but I don't see any OpenID Rake tasks (rake -T). In particular, I can no longer run the task: $ rake open_id_authentication:db:create With previous applications, the Rake tasks were installed without a problem, so what's changed with the plugin? Which version of the plugin do I need to get the behavior I'm looking for? Using Rails 2.3.5.

    Read the article

  • Creating stub objects that can be "claimed"

    - by Sean Johnson
    I'm working with a client on a rails project that wants to have a user model with 'stub' accounts that are created by an administrator, but that can later be claimed by the actual user, with authentication enabled on that user once the owner has claimed it. Was wondering if anyone has done this before, and what the best approach would be. We're currently using Authlogic to handle authentication.

    Read the article

  • SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

    - by Vikash
    I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed The dev log shows OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed): app/controllers/users_controller.rb:37:in `update' Please suggest..

    Read the article

  • Pros & Cons of separating the controllers using subfolders on an ruby on rails app based?

    - by user293179
    Hi, Need some help gathering thoughts on this issue. Our team is moving ahead with the idea that separating the authenticated and public sections of our app in two separate folders will allow us to be more organized and secured. I have seen this approach for Admin apps within the site but never for authentication. We are currently using Authlogic. What would be the disadvantage of this? Thanks for your help.

    Read the article

  • Tweepy + App Engine Example OAuth Help

    - by Wasauce
    Hi I am trying to follow the Tweepy App Engine OAuth Example app in my app but am running into trouble. Here is a link to the tweepy example code: http://github.com/joshthecoder/tweepy-examples Specifically look at: http://github.com/joshthecoder/tweepy-examples/blob/master/appengine/oauth_example/handlers.py Here is the relevant snippet of my code [Ignore the spacing problems]: try: authurl = auth.get_authorization_url() request_token = auth.request_token db_user.token_key = request_token.key db_user.token_secret = request_token.secret db_user.put() except tweepy.TweepError, e: # Failed to get a request token self.generate('error.html', { 'error': e, }) return self.generate('signup.html', { 'authurl': authurl, 'request_token': request_token, 'request_token.key': request_token.key, 'request_token.secret': request_token.secret, }) As you can see my code is very similar to the example. However, when I compare the version of the request_token.key and request_token.secret that are rendered on my signup page (this is for the request_token.key and request_token.secret found in the datastore. Any guidance on what I am doing wrong here? Thanks! Reference Links:

    Read the article

  • Syncing google calendar with custom calendar

    - by yogsma
    I am using google calendar API to sync google calendar with our custom calendar. Right now I am trying it with a crude way by asking user if he/she wants to sync their calendar with google or not. If they say "yes" , I show them login screen where they have to enter their google user id and password and the calendar will be synced. But now when I change the month , the screen gets refreshed and all login information is lost and that changed month doesn't show up the events from google calendar. What is a best way for authentication AuthSub, OAuth or the crude way I mentioned for testing locally? I really don't know if I can use OAuth locally.

    Read the article

  • net/http.rb:560:in `initialize': getaddrinfo: Name or service not known (SocketError)

    - by Sid
    ` @@timestamp = nil def generate_oauth_url @@timestamp = timestamp url = CONNECT_URL + REQUEST_TOKEN_PATH + "&oauth_callback=#{OAUTH_CALLBACK}&oauth_consumer_key=#{OAUTH_CONSUMER_KEY}&oauth_nonce=#{NONCE} &oauth_signature_method=#{OAUTH_SIGNATURE_METHOD}&oauth_timestamp=#{@@timestamp}&oauth_version=#{OAUTH_VERSION}" puts url url end def sign(url) Base64.encode64(HMAC::SHA1.digest((NONCE + url), OAUTH_CONSUMER_SECRET)).strip end def get_request_token url = generate_oauth_url signed_url = sign(url) request = Net::HTTP.new((CONNECT_URL + REQUEST_TOKEN_PATH),80) puts request.inspect headers = { "Authorization" => "Authorization: OAuth oauth_nonce = #{NONCE}, oauth_callback = #{OAUTH_CALLBACK}, oauth_signature_meth od = #{OAUTH_SIGNATURE_METHOD}, oauth_timestamp=#{@@timestamp}, oauth_consumer_key = #{OAUTH_CONSUMER_KEY}, oauth_signature = #{signed_url}, oauth_versio n = #{OAUTH_VERSION}" } request.post(url, nil,headers) end def timestamp Time.now.to_i end ` I am trying to do what oauth does in an attempt to understand how to use the Authorization headers. I am also getting the following error. I am trying to connect to the linkedin API. /usr/lib/ruby/1.8/net/http.rb:560:in 'initialize': getaddrinfo: Name or service not known (SocketError) I would really appreciate it if someone could nudge me in the right direction.

    Read the article

  • Twitter oauth_callback parameter being ignored!

    - by Astrofaes
    Hi guys, I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course). So my request URL looks like this: http://twitter.com/oauth/request_token?oauth_callback_url=http%3A%2F%2Fmydomain.com%2Ftwittercallback Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters. However, my response comes through as: oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful! Thanks, A.

    Read the article

  • Anyone got Twitter xAuth working with the Compact Framework yet?

    - by peSHIr
    This question is related to a number of other questions on oAuth on the Compact Framework (one, two) but seems slightly more specific to me, as it specifically involves getting Twitters xAuth API call (meant for non web applications to be able to do oAuth) working on the Compact Framework. Are SSL HTTP connections and the encryption methods needed for xAuth needed part of Compact Framework 3.5? Did anyone get the Twitter xAuth working on Windows Mobile already? If so, what libraries did you use for this? Any tips are welcome.

    Read the article

  • How do I authenticate a Twitter user and access the API without leaving my iPhone app?

    - by thebossman
    I'd like to allow users to send out Tweets from my iPhone app. That's all the functionality I need at the moment. From what I know of the Twitter API, there's a standard authentication mechanism, which allows the developer to include the user's name and password in the request string that the application sends to Twitter. This method will no longer be supported come June 30, 2010. Given the timeframe, the better other choice is oAuth. One of the caveats of oAuth is that it requires a UIWebView to pop up within the app to allow the user to enter his or her credentials or a PIN number. None of the Twitter apps on my phone do this, however: Tweetie, TweetDeck and Twitterific. I assume they're using the first authentication method, but it seems like Twitter wouldn't deprecate an API that would hurt the user experience across the board. There must be an alternative method--what am I missing?

    Read the article

  • Google OAuthGetRequestToken returns "signature_invalid"

    - by M Schenkel
    Trying for hours to get a request token using Google OAuthGetRequestToken but it always returns "signature_invalid". For a test I use the oAuth Playground to successfully request the token. Here are the results: Signature base string GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken&oauth_callback%3Dhttp%253A%252F%252Fgooglecodesamples.com%252Foauth_playground%252Findex.php%26oauth_consumer_key%3Dwww.embeddedanalytics.com%26oauth_nonce%3D56aa884162ed21815a0406725c79cf79%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1321417095%26oauth_version%3D1.0%26scope%3Dhttps%253A%252F%252Fwww.google.com%252Fanalytics%252Ffeeds%252F Request/Response GET /accounts/OAuthGetRequestToken?scope=https%3A%2F%2Fwww.google.com%2Fanalytics%2Ffeeds%2F HTTP/1.1 Host: www.google.com Accept: */* Authorization: OAuth oauth_version="1.0", oauth_nonce="56aa884162ed21815a0406725c79cf79", oauth_timestamp="1321417095", oauth_consumer_key="www.embeddedanalytics.com", oauth_callback="http%3A%2F%2Fgooglecodesamples.com%2Foauth_playground%2Findex.php", oauth_signature_method="RSA-SHA1", oauth_signature="qRtorIaSFaQdOXW1u6eMQlY9LT2j7ThG5kgkcD6rDcW4MIvzluslFgYRNTuRvnaruraNpItjojtgsrK9deYRKoHBGOlU27SsWy6jECxKczcSECl3cVAcjk7dvbywFMDkgi1ZhTZ5Q%2BFoD60HoVQUYnGUbOO0jPXI48LfkiA5ZN4%3D" HTTP/1.1 200 OK Content-Type: text/plain; charset=UTF-8 Date: Wed, 16 Nov 2011 04:18:15 GMT Expires: Wed, 16 Nov 2011 04:18:15 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 118 Server: GSE oauth_token=4%2FmO86qZzixayI2NoUc-hewC--D53R&oauth_token_secret=r0PReF9D83w1d6uP0nyQQm9c&oauth_callback_confirmed=true I am using Fiddler to trace my calls. It returns the Signature base string: GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken&oauth_callback%3Dhttp%253A%252F%252Fgooglecodesamples.com%252Foauth_playground%252Findex.php%26oauth_consumer_key%3Dwww.embeddedanalytics.com%26oauth_nonce%3Dl9Jydzjyzt2fJfM3ltY5yrxxYy2uh1U7%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1321417107%26oauth_version%3D1.0%26scope%3Dhttps%253A%252F%252Fwww.google.com%252Fanalytics%252Ffeeds%252F Aside from the oauth_timestamp and oauth_nonce (which should be different), the base string are pretty much identical. Anyone know what I am doing wrong? Update 11/20/2011 Thinking it might be something wrong with my RSA-SHA signing, I have since tried HMAC-SHA. It gives the same results. I thought it might be beneficial to include the Fiddler results (I added carriage returns to have it format better). GET https://www.google.com/accounts/OAuthGetRequestToken? scope=https%3A%2F%2Fwww.google.com%2Fanalytics%2Ffeeds%2F HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_version="1.0", oauth_nonce="7C4C900EAACC9C7B62E399A91B81D8DC", oauth_timestamp="1321845418", oauth_consumer_key="www.embeddedanalytics.com", oauth_signature_method="HMAC-SHA1", oauth_signature="ows%2BbFTNSR8jVZo53rGBB8%2BfwFM%3D" Host: www.google.com Accept: */* Accept-Encoding: identity Response HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=UTF-8 Date: Mon, 21 Nov 2011 03:16:57 GMT Expires: Mon, 21 Nov 2011 03:16:57 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 358 Server: GSE signature_invalid base_string:GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken &oauth_consumer_key%3Dwww.embeddedanalytics.com %26oauth_nonce%3D7C4C900EAACC9C7B62E399A91B81D8DC %26oauth_signature_method%3DHMAC-SHA1 %26oauth_timestamp%3D1321845418 %26oauth_version%3D1.0 %26scope%3Dhttps%253A%252F%252Fwww.google.com%252Fanalytics%252Ffeeds%252F

    Read the article

  • Twitter Authentication through Android's AccountManager classes.

    - by Robby Pond
    I am working on a twitter based app and am trying to incorporate Android's built-in Account support for Twitter. The following code works to popup the confirmation dialog for my app to access twitter but I am unsure of what to pass in as the authenticationType. Any help would be appreciated. I've googled all over the place and can't seem to find the correct answer. It goes in place of "oauth" below. AccountManager am = AccountManager.get(this); Account[] accts = am.getAccountsByType(TWITTER_ACCOUNT_TYPE); if(accts.length > 0) { Account acct = accts[0]; am.getAuthToken(acct, "oauth"/*what goes here*/, null, this, new AccountManagerCallback<Bundle>() { @Override public void run(AccountManagerFuture<Bundle> arg0) { try { Bundle b = arg0.getResult(); Log.e("TrendDroid", "THIS AUTHTOKEN: " + b.getString(AccountManager.KEY_AUTHTOKEN)); } catch (Exception e) { Log.e("TrendDroid", "EXCEPTION@AUTHTOKEN"); } }}, null); }

    Read the article

  • PHP code cannot see query string param on return in Facebook oAuth flow

    - by TMC
    I am doing some integration with Facebook Open Graph using their oAuth flow and having issues with parsing query string parameters they return. On my callback URL, they pass back an "access_token" parameter with a hash (#). so the callback would be: http://mydomain.com/callback.php#access_token=foobar123 where foobar123 is my access token I'm trying to parse out. However, no matter what I do, my PHP code cannot see if and I've done every debug trick I know (even using phpinfo() to go through everything). The URL is stated only as http://mydomain.com/callback.php. It's as if the rest of the URL isn't really there! This code returns nothing: $token = $_REQUEST['access_token']; Any help would be greatly appreciated... I'm obviously missing something simple.

    Read the article

  • How to handle User "confirmation" with Watir/Cucumber?

    - by Matt Darby
    I'm new to Watir and I've having a little trouble getting logged in in my tests. I use authlogic as my authentication method of choice. When a User registers, they are sent an email with a confirmation link. Clicking this link confirms their account and they can then login. The issue I'm having is how do I confirm the User when using Watir? I have so far: Given /I sign up/ do BROWSER.goto("http://localhost:3000/register") BROWSER.text_field(:id, "user_email").set("[email protected]") BROWSER.text_field(:id, "user_name").set("Foo Bar) BROWSER.text_field(:id, "user_password").set("foo bar") BROWSER.text_field(:id, "user_password_confirmation").set("foo bar") BROWSER.button(:id, "user_submit").click end Given /I am logged in via Watir/ do BROWSER.goto("http://localhost:3000/login") BROWSER.text_field(:id, "user_session_email").set("[email protected]) BROWSER.text_field(:id, "user_session_password").set("foo bar") BROWSER.button(:id, "user_session_submit").click end This correctly populates the fields and the User is saved. Now I try to confirm the User like so: Given /I am confirmed/ do User.last.confirmed! end Unfortunately this doesn't work. What am I missing?

    Read the article

  • Declarative authorization and the if_attribute not working...

    - by ro
    I've been having almost the same issues as Victor Martin (you can see the questions asked here). I've got declarative authorization working for just about everything that doesn't involve using conditionals. E.g. has_permission_on :users, :to => [:edit, :update, :destroy] do if_attribute :user => is { current_user } end Are there any common pitfalls with Declarative Authorization? I'm using authlogic and I'm suspicious the 'current_user' method in the application controller might be the source of the problem.

    Read the article

  • [iphone,twitter] Accessing the Twitter API through a proxy using NSURLConnectionsm, OAuth problem

    - by akaii
    I'm having no problems with sending an update directly via hxxps://api.twitter.com/, but the app (for the Iphone, I'm using NSURLConnections) I'm working is supposed to allow the user to select a preferred proxy (e.g. hxxps://twitter-proxy.appspot.com/api/ or hxxps://nest.onedd.net/api/), and I keep getting a 401 error (Failed to validate oauth signature and token) whenever I try to get an access token via these proxies. Even though I send my POST request to the proxy, I am still using the direct url for the api (https:// api.twitter.com/[rest api path]) in the base string. Despite the 401 error message above, the status code I'm actually getting from connection:didReceiveResponse: is 200, probably because it was able to successfully contact the proxy... Is there anything else that I need to consider when using a proxy to access the API? Should anything in the authorization header change, for example? Or the base string? I can manage to connect via Basic Auth without issue, but support for that will be dropped in a month. On a somewhat unrelated note... What are the possible causes of Twitter's error 403, and how do you distinguish between them? Is the only way to differentiate an error due to exceeding the status update limit for an hour (150 per hour) vs for a day (1000 per day) by checking the string reply returned in the response? Is there any way for me to simulate a status update limit error without going through the motions of actually sending 150/1000 tweets?

    Read the article

  • What are people's opinions vis-a-vis my choice of authorization plugins?

    - by brad
    I'm slowly but surely putting together my first rails app (first web-app of any kind in fact - I'm not really a programmer) and it's time to set up a user registration/login system. The nature of my app is such that each user will be completely separated from each other user (except for admin roles). When users log in they will have their own unique index page looking at only their data which they and no-one else can ever see or edit. However, I may later want to add a role for a user to be able to view and edit several other user's data (e.g. a group of users may want to allow their secretary to access and edit their data but their secretary would not need any data of their own). My plan is to use authlogic to create the login system and declarative authorization to control permissions but before I embark on this fairly major and crucial task I thought I would canvas a few opinions as to whether this combo was appropriate for the tasks I envisage or whether there would be a better/simpler/faster/cheaper/awesomer option.

    Read the article

  • need some help in Abraham twitteroauth class

    - by diEcho
    Hello All, i m learning how to use twitter from twitter developer link on Authenticating Requests with OAuth page i was debugging my code with given procedure on Sending the user to authorization section there is written that if you are using the callback flow, your oauth_callback should have received back your oauth_token (the same that you sent, your "request token") and a field called the oauth_verifier. You'll need that for the next step. Here's the response I received: oauth_token=8ldIZyxQeVrFZXFOZH5tAwj6vzJYuLQpl0WUEYtWc&oauth_verifier=pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY my original code is require_once('twitteroauth/twitteroauth.php'); require_once('config.php'); /* Build TwitterOAuth object with client credentials. */ $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET); /* Get temporary credentials. */ $request_token = $connection->getRequestToken(OAUTH_CALLBACK); /* Save temporary credentials to session. */ $_SESSION['oauth_token'] = $token = $request_token['oauth_token']; $_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret']; /* If last connection failed don't display authorization link. */ switch ($connection->http_code) { case 200: /* Build authorize URL and redirect user to Twitter. */ echo "<br/>Authorize URL:".$url = $connection->getAuthorizeURL($token); //header('Location: ' . $url); break; default: /* Show notification if something went wrong. */ echo 'Could not connect to Twitter. Refresh the page or try again later.'; } and i m getting Authorize URL: https://twitter.com/oauth/authenticate?oauth_token=BHqbrTjsPcyvaAsfDwfU149aAcZjtw45nhLBeG1c i m not getting above URL having oauth_verifier. please tell me from where do i see/debug that url??

    Read the article

  • First Call to a Controller, Constant is defined, Second call, "uninitialized constant Oauth"?

    - by viatropos
    I am trying to get the OAuth gem to work with Rails 3 and I'm running into this weird problem... (independent of the gem, I think I've run into this once before) I have a controller called "OauthTestController", and a model called "ConsumerToken". The model looks like this. require 'oauth/models/consumers/token' class ConsumerToken < ActiveRecord::Base include Oauth::Models::Consumers::Token end When I go to "/oauth_test/twitter", it loads the Oauth::Models::Consumers::Token module and I'm able to connect to twitter no problem. But the second time I try it (just refresh the /oauth_test/twitter url), it gives me this error: NameError (uninitialized constant Oauth): app/models/consumer_token.rb:4 app/models/twitter_token.rb:2 app/controllers/oauth_test_controller.rb:66:in `load_consumer' Why is that? It has something to do with load paths or being in development mode maybe?

    Read the article

  • Twitter O-Auth Callback url

    - by jtymann
    I am having a problem with Twitter's oauth authentication and using a callback url. I am coding in php and using the sample code referenced by the twitter wiki, http://github.com/abraham/twitteroauth I got that code, and tried a simple test and it worked nicely. However I want to programatically specify the callback url, and the example did not support that. So I quickly modified the getRequestToken() method to take in a parameter and now it looks like this: function getRequestToken($params = array()) { $r = $this->oAuthRequest($this->requestTokenURL(), $params); $token = $this->oAuthParseResponse($r); $this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']); return $token; } and my call looks like this $tok = $to->getRequestToken(array('oauth_callback' => 'http://127.0.0.1/twitter_prompt/index.php')); This is the only change I made, and the redirect works like a charm, however I am getting an error when I then try and use my newly granted access to try and make a call. I get a "Could not authenticate you" error. Also the application never actually gets added to the users authorized connections. Now I read the specs and I thought all I had to do was specify the parameter when getting the request token. Could someone a little more seasoned in oauth and twitter possibly give me a hand? Thank You

    Read the article

  • DotNetOpenAuth / WebSecurity Basic Info Exchange

    - by Jammer
    I've gotten a good number of OAuth logins working on my site now. My implementation is based on the WebSecurity classes with amends to the code to suit my needs (I pulled the WebSecurity source into mine). However I'm now facing a new set of problems. In my application I have opted to make the user email address the login identifier of choice. It's naturally unique and suits this use case. However, the OAuth "standards" strikes again. Some providers will return your email address as "username" (Google) some will return the display name (Facebook). As it stands I see to options given my particular scenario: Option 1 Pull even more framework source code into my solution until I can chase down where the OpenIdRelyingParty class is actually interacted with (via the DotNetOpenAuth.AspNet facade) and make addition information requests from the OpenID Providers. Option 2 When a user first logs in using an OpenID provider I can display a kind of "complete registration" form that requests missing info based on the provider selected.* Option 2 is the most immediate and probably the quickest to implement but also includes some code smells through having to do something different based on the provider selected. Option 1 will take longer but will ultimately make things more future proof. I will need to perform richer interactions down the line so this also has an edge in that regard. The more I get into the code it does seem that the WebSecurity class itself is actually very limiting as it hides lots of useful DotNetOpenAuth functionality in the name of making integration easier. Andrew (the author of DNOA) has said that the Attribute Exchange stuff happens in the OpenIdRelyingParty class but I cannot see from the DotNetOpenAuth.AspNet source code where this class is used so I'm unsure of what source would need to be pulled into my code in order to enable the functionality I need. Has anyone completely something similar?

    Read the article

  • Best Practices For Secure APIs?

    - by Ferrett Steinmetz
    Let's say I have a website that has a lot of information on our products. I'd like some of our customers (including us!) to be able to look up our products for various methods, including: 1) Pulling data from AJAX calls that return data in cool, JavaScripty-ways 2) Creating iPhone applications that use that data; 3) Having other web applications use that data for their own end. Normally, I'd just create an API and be done with it. However, this data is in fact mildly confidential - which is to say that we don't want our competitors to be able to look up all our products every morning and then automatically set their prices to undercut us. And we also want to be able to look at who might be abusing the system, so if someone's making ten million complex calls to our API a day and bogging down our server, we can cut them off. My next logical step would be then to create a developers' key to restrict access - which would work fine for web apps, but not so much for any AJAX calls. (As I see it, they'd need to provide the key in the JavaScript, which is in plaintext and easily seen, and hence there's actually no security at all. Particularly if we'd be using our own developers' keys on our site to make these AJAX calls.) So my question: after looking around at Oauth and OpenID for some time, I'm not sure there is a solution that would handle all three of the above. Is there some sort of canonical "best practices" for developers' keys, or can Oauth and OpenID handle AJAX calls easily in some fashion I have yet to grok, or am I missing something entirely?

    Read the article

  • Error when logging in with Machinist in Shoulda test

    - by user303747
    I am having some trouble getting the right usage of Machinist and Shoulda in my testing. Here is my test: context "on POST method rating" do p = Product.make u = nil setup do u = login_as post :vote, :rating => 3, :id => p end should "set rating for product to 3" do assert_equal p.get_user_vote(u), 3 end And here's my blueprints: Sham.login { Faker::Internet.user_name } Sham.name { Faker::Lorem.words} Sham.email { Faker::Internet.email} Sham.body { Faker::Lorem.paragraphs(2)} User.blueprint do login password "testpass" password_confirmation { password } email end Product.blueprint do name {Sham.name} user {User.make} end And my authentication test helper: def login_as(u = nil) u ||= User.make() @controller.stubs(:current_user).returns(u) u end The error I get is: /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/validations.rb:1090:in `save_without_dirty!': Validation failed: Login has already been taken, Email has already been taken (ActiveRecord::RecordInvalid) from /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/dirty.rb:87:in `save_without_transactions!' from /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/transactions.rb:200:in `save!' from /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb:136:in `transaction' from /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/transactions.rb:182:in `transaction' from /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/transactions.rb:200:in `save!' from /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/transactions.rb:208:in `rollback_active_record_state!' from /home/jason/moderndarwin/vendor/rails/activerecord/lib/active_record/transactions.rb:200:in `save!' from /usr/lib/ruby/gems/1.8/gems/machinist-1.0.6/lib/machinist/active_record.rb:55:in `make' from /home/jason/moderndarwin/test/blueprints.rb:37 from /usr/lib/ruby/gems/1.8/gems/machinist-1.0.6/lib/machinist.rb:77:in `generate_attribute_value' from /usr/lib/ruby/gems/1.8/gems/machinist-1.0.6/lib/machinist.rb:46:in `method_missing' from /home/jason/moderndarwin/test/blueprints.rb:37 from /usr/lib/ruby/gems/1.8/gems/machinist-1.0.6/lib/machinist.rb:20:in `instance_eval' from /usr/lib/ruby/gems/1.8/gems/machinist-1.0.6/lib/machinist.rb:20:in `run' from /usr/lib/ruby/gems/1.8/gems/machinist-1.0.6/lib/machinist/active_record.rb:53:in `make' from ./test/functional/products_controller_test.rb:25:in `__bind_1269805681_945912' from /home/jason/moderndarwin/vendor/gems/thoughtbot-shoulda-2.10.2/lib/shoulda/context.rb:293:in `call' from /home/jason/moderndarwin/vendor/gems/thoughtbot-shoulda-2.10.2/lib/shoulda/context.rb:293:in `merge_block' from /home/jason/moderndarwin/vendor/gems/thoughtbot-shoulda-2.10.2/lib/shoulda/context.rb:288:in `initialize' from /home/jason/moderndarwin/vendor/gems/thoughtbot-shoulda-2.10.2/lib/shoulda/context.rb:169:in `new' from /home/jason/moderndarwin/vendor/gems/thoughtbot-shoulda-2.10.2/lib/shoulda/context.rb:169:in `context' from ./test/functional/products_controller_test.rb:24 I can't figure out what it is I'm doing wrong... I have tested the login_as with my auth (Authlogic) in my user_controller testing. Any pointers in the right direction would be much appreciated!

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >