Recent Comments

We use foreman with passenger (standalone) as our web server (in dev). Only problem is that you have to manually stop passenger after stopping foreman.

I get same error. I even tried running the query from the console and I get nil.

User.find_by_auth_token("774d073fc2c48a8f18582c8efd1f0621")
  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."auth_token" = '774d073fc2c48a8f18582c8efd1f0621' LIMIT 1
 => nil 

I try find_by_email or find_by_first_name and it works. Only when running find_by_auth_token it returns nil.

Since thin's default timeout is 30 seconds, it is better to use this:

faye_server = Faye::RackAdapter.new(:mount => '/faye', :timeout => 25)

Great episode, Ryan, Thanks a lot> I tried it on a Windows machine with some minore modifications(added some specific gem dependencies) and everything worked as needed. Then I copy-pasted the same project on a Linux (Ubuntu 10.04) PC, changed the dependencies in Gemfile for gem 'libnotify', :group => [:test, :development], and the guard fails after running the bundle and 'guard' commandes:
@@
serge@serge-laptop:~/Development/Ruby/Rails3/auth_rememberme_with_tests$ guard
Guard is now watching at '/home/serge/Development/Ruby/Rails3/auth_rememberme_with_tests'
Guard::RSpec is running, with RSpec 2!
Running all specs
/home/serge/.rvm/gems/ruby-1.9.2-head/gems/activesupport-3.1.0/lib/active_support/dependencies.rb:234:in load': /home/serge/Development/Ruby/Rails3/auth_rememberme_with_tests/spec/models/users_spec.rb:1: syntax error, unexpected tIDENTIFIER, expecting $end (SyntaxError)
describe "send_pas..."
... ^
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/activesupport-3.1.0/lib/active_support/dependencies.rb:234:inblock in load'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/activesupport-3.1.0/lib/active_support/dependencies.rb:225:in load_dependency'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/activesupport-3.1.0/lib/active_support/dependencies.rb:234:inload'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419:in block in load_spec_files'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419:inmap'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419:in load_spec_files'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/rspec-core-2.6.4/lib/rspec/core/command_line.rb:18:inrun'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:80:in run_in_process'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:69:inrun'
from /home/serge/.rvm/gems/ruby-1.9.2-head/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:11:in `block in autorun'
@@@
Any idea on that?
I'm on Rails 3.1. and use Ruby 1.9.2 p0 version.
Thanks a lot.

Hi Noam - liking your work mate, keep it up. I see you merged my pull-request =)

Thanks very much for covering Sorcery, Ryan.
I can't express how awesome it is to have a RailsCasts episode dedicated to a gem I've spent close to 9 months on...

Hopefully the community spotlight will help push the gem forward, which is much needed as work is crazy right now...

I like the logo... :)

Any thoughts on Sorcery vs Authlogic. Seems to be very much the same ideas of basic core authentication logic, but gets out of your way on the business side of the implementation.

Authlogic hasn't been updated in a while, but has some nicities like built in validations for emails etc...

Very true Rupert - and yes, I guess most of us think of Devise as "old faithful". I also agree on your points regarding the smaller API.

In time, I think it should come into its own. Till then, I'll be sticking with auth from scratch vs. Devise for production apps - I'll definitely be hacking around with Sorcery though =)

If I have a production site in a separate folder (www.somesite.com/appFolder/), then I'm not able to get the tokenInput to work correctly. Instead of:

tokenInput("/tags.json", ...

I need to say something like:

tokenInput("/appFolder/tags.json", ...

Is there a DRY way to do this so I do not have to manually edit the code on the production site every time? Thanks.

Thanks for another great episode. I'm really interested in the submodule: externals to allow fb and twitter login.

I believe I'm going to replace my login system with this.

Yes, I was able to get this working in 3.1, coffescript style:

jQuery ->
  $("#patient_tag_tokens").tokenInput("/tags.json", {
    crossDomain: false,
    prePopulate: $("#patient_tag_tokens").data("pre"),
    theme: "facebook",
    preventDuplicates: true
  });

Any gem is infinitely flexible in the sense you can always monkey patch your own way of doing things on top of the gem code. The difference in flexibility between gems is in the ease of which they can be customised, not the extent.

Devise just isn't intended for massive customisation. It fulfils the most common use case for authentication systems. This is great because it means you don't have to code very much if this suits you. It is also sufficiently easy to change that you know if you need something more complex down the road, you won't have to rip it out in favour of a different system. However, I don't think you should be using it with the intention of doing all that customisation.

However, if you already know to begin with that you will need to replace the Devise views and controllers (and to be honest, I haven't yet found a situation where this isn't true), then you will have a much easier time with Sorcery.

Sorcery also has the advantage of having a very small public API meaning it is much easier and faster to learn than Devise.

Devise has much better documentation, much better guides on using it with associated gems such as CanCan and a larger community so better support. It is also older and so is more dependable.

That's the whole point though - devise isn't all that flexible when you want to get it to do things 'your way' - personally I ended up having to override most of Devise's own controllers. It all depends on what you really want out of your authentication system in the end, so YMMV of course.

@Ryan - thanks for another fantastic cast, will be sure to try it out tonight!

Thanks for another great screencast, but i don't see any advantages over old good Devise, which is definitely more flexible

Thanks for this cast! Using it in my new app, but one question - how can I sign users in on signup instead of having them have to sign up and then sign in?

The hartl book talks about this, but he sets the authentication system up a bit differently and I'm having trouble translating it to this application!

Anyone knows how to keep the redis process alive? I'm using Deamon Controller for a sphinx server, but have to say that I'm running into a lot of small problems (eg. using Capistrano to deploy the code).

I'm not deploying to Heroku right now (we're in Europe), so still need to figure this out myself. :)

Okay, this is specifically for controller tests. Add this line to your authenticated tests:

request.cookies[:auth_token] = @admin.auth_token

I spent a long time messing with posting the sessions create action, stubs, etc, but finally realized it all just comes down to a cookie.

I am also having a lot of trouble testing this (I am using rspec). I've been working all day on it, and if I figure it out I'll post it.

Just tried the pry-remote plugin with pow, and so far it works great.

I created a file in vendor/assets/javascripts and put the manifest command in there:

vendor.js:

//= require_tree .

Then back in app/assets/javascripts/application.js:

 //= require vendor

Hope this helps others.

Why did admin namespace not inherit from ApplicationController which inherits from BaseController ? Is the inheritance it limited to a namespace ?

You could find it at https://github.com/jezdez/textmate-missingdrawer which in the show notes in episode 265

Looks like the pry-remote plugin may have been officially released now, try it and tell me if it's ok: https://github.com/mon-ouie/pry-remote

cool cool! I get it's a temp hack, sorry to sound so eager. Really excited about it I guess. =) And yes, it does work for the time being.

Regarding my RSpec "issue", I guess it's more of a situation that everyone who runs any sort of autotest suite runs into.. the moment you insert a debug hook in the code, the automated tests kick in because you save the file, and they fire the hook.

I really do enjoy using Pry! thank you. =)

This was posted a while ago, I know, but you should look at the update action in your password_resets controller and make sure that it isn't redirecting to the index.

According to the FactoryGirl documentation a lot of the syntax in this episode is outdated. Here is some of it rewritten following this.

FactoryGirl.define do

  sequence :username do |n| "foo#{n}" end
  sequence :email do |n| "foo#{n}@example.com" end

  factory :user, :class => User do
    username "foo"
    password "foobar"
    password_confirmation {|u| u.password}
    email "foo@example.com"
  end
end  

It's hackish because it is a hack :) it's just a quick solution provided by a contributor to a specific issue -- remote sessions will be officially supported in a future version, but for now, this hack is ok, right? :)

I'm sorry i can't help you with your testing issue as i don't use RSpec :(

goodluck and i hope you like pry :)

Hi John. It does work. Feels a bit hackish thou.

Also one thing I notice is that when using guard with rspec whenever I add a "binding.pry" line, the specs of course pause on that line. Would there be a way to avoid this? Well I guess I can always use...

binding.pry unless Rails.env.test? 

So what's the downside? You mentioned that you prefer rolling your own authentication from scratch -- is this any less secure/effective/flexible/etc... ? Advantages/disadvantages?

Thanks

Hi, read the solution given in the following issue: https://github.com/pry/pry/issues/237

Let me know how you get on!

Yeah would be nice to run with Pow if possible. Any clues?

I am using nested_forms plugin and everything works great. The only thing is how to add a number to each form generated dynamically. For example
1: first field
2: second field
3: third field

and so on. Any easy way?

Any idea how to enable partial matching? Make it work like; "select * from posts where title like 'query%'"

Disregard this... the reject_if was set to reject if the attribute :content was empty but my attribute was called :text. Fixed it!

On windows there is an exe installer. On mac and linux the install prosses is well documented here and here go to wiki on the last one

I'm having an issue of the answers not saving. They params seem to pass:
"questions_attributes"=>{"0"=>{"required"=>"0"
"kind"=>"option_select"
"answers_attributes"=>{"1315562216665"=>{"text"=>"asdf"
"_destroy"=>"false"}
"1315562221010"=>{"text"=>"asdfasdfasdf"
"_destroy"=>"false"}
"1315562222968"=>{"text"=>"asdfff"
"_destroy"=>"false"}
"1315562215593"=>{"text"=>"asdf"
"_destroy"=>"false"}
"1315562219528"=>{"text"=>"asdfasdf"
"_destroy"=>"false"}
"1315562218369"=>{"text"=>"asdf"
"_destroy"=>"false"}}
"id"=>"8"
"_destroy"=>"false"
"content"=>"How long have you been a Christian?"}

But it doesn't end up saving.

<!-- _question_fields.html.erb -->
<div class="fields">
    <%= link_to_remove_fields image_tag('remove.png'), f, "remove_question" %>
        <span class="required_cb"><%= f.check_box :required %> <%= f.label :required, "Required" %></span>
    <%= f.text_area :content, :rows => 3, :class => "question" %>

        <div class="question_type">
                <%= f.radio_button :kind, :heading, :class => "no_answers" %> <%= f.label :kind_heading, "Heading" %>
                <%= f.radio_button :kind, :single_line, :class => "no_answers" %> <%= f.label :kind_single_line, "Single Line" %>
                <%= f.radio_button :kind, :textarea, :class => "no_answers"  %> <%= f.label :kind_textarea, "Textarea" %>
                <%= f.radio_button :kind, :checkbox, :class => "has_answers"  %> <%= f.label :kind_checkbox, "Checkbox" %>
                <%= f.radio_button :kind, :radio_button, :class => "has_answers"  %> <%= f.label :kind_radio_button, "Radio Buttons" %>
                <%= f.radio_button :kind, :option_select, :class => "has_answers"  %> <%= f.label :kind_option_select, "Option Select" %>
        </div>
        
        <div class="answer_options" style="display: none;">
          <%= f.fields_for :answers do |builder| %>
            <%= render 'answer_fields', :f => builder %>
          <% end %>
          <p><%= link_to_add_fields "Add Answer", f, :answers %></p>
        </div>
</div>

<!-- _answers_fields.html.erb -->
<p class="fields">
  <%= f.text_field :text %> <%= link_to_remove_fields "remove", f %>
</p>

  def new
    @trip = Trip.new
    3.times do
      question = @trip.questions.build
      4.times { question.answers.build }
    end
  end

Models (answer.rb, question.rb, and trip.rb (in place of survey.rb)) are identical to the show notes.

Any ideas on what I'm missing? Thanks!

Thanks for the bundler open tip. I have always wondered a quick way to open up my gems.

You can easily have the best of both worlds -- I rather like Foreman's log presentation for the various processes, so I actually run Guard at the end of a Procfile, and use an environment variable to limit groups if I wish:

guard: bundle exec guard start $([ -n "$GUARDS" ] && echo "-g $GUARDS")

This way you could also employ guard-process as you mention for things that should restart when code is changed.

If you use your Procfile for production -- either on Heroku or to generate upstart/init files at deploy -- you'll want a separate Procfile for including Guard in development. I'm too lazy to type foreman -f config/dev/Procfile all the time so I wrap that in a rake dev task.

Thanks!

There are number of ways to fix the thing. But this is the cleanest I found so far.

The problem of I18n approach is that it doesn't highlight password input.

Just to follow up...turns out that currently, the rails asset server is mounted regardless of the "fallback" setting, apparently to allow for cases just like this. There is some discussion about it at

https://github.com/rails/rails/pull/2886

It looks likely this behavior will change in the future, but not yet sure how.

The original JS in this example seems to be more readable to me.

Is there a way to use Pry with Foreman?

though i forgot, rails takes care of the forms validity with the authenticity token, however its probably still safer to have a time check in the update action.

I love this solution but as a total rails noob, I don't know how to test for it, it would be great to have some explanation or, even better, an episode on it.

Thank you for the link, I was encountering this issue too.

At just about the time you asked this, the plugin author implemented the propertyToSearch configuration option for this :-)

Great episode as always Ryan. I'm dying to know -- do you ever use rspec controller tests instead of or in addition to request specs? If so, do you have any rules of thumb for when you would go to controller specs?

How can i restrict use of SecureAuthentication to html requests only? I want use HTTP basic authentication for json requests. Thanks

Not so fun for Windows using MySQL2. Version compiled for Windows breaks in 3.1 and latest version seems to have problems compiling as it is looking for a Makefile, which Windows does not use.

Had problems with this too. Thanks.