Hi All... Apologies in advance if this isn''t the right group (but I
couldn''t find a rails specific one) anyway -
I think I am having a problem passing data around in my MVC.
I have a view that looks has this in the middle:
<code>
<%= form_tag :controller => "login", :action
=>
"login" %>
<tr>
<td>DOMAIN\Username:</td>
<td><%= text_field(:login, :username)
%></td>
</tr>
<tr>
<td>Password:</td>
<td><%= password_field(:login, :password)
%></td>
</tr>
<tr align =
"left">
<td /><td><input
type="submit"
value="Submit"></td>
</tr>
<%= end_form_tag %>
</code>
and here is my login_controller.rb
<code>
class LoginController < ApplicationController
before_filter :authorize, :except => [:login, :logout]
def login
if request.get?
session[:username] = nil
else
#get the username and password from the array
username = params[:login][:username]
password = params[:login][:password]
# Split username on domain and alias
split_username = params[:user][:name].split(''\\'',2)
if split_username.length != 2
flash[:notice] = "You did not enter a properly formatted domain
and username"
redirect_to :action => ''login''
else
# Authenticate username and password
domain = split_username[0]
username = split_username[1]
password = params[:user][:password]
if authenticate domain, username, password
# User has been authenticated
session[:username] = username
else
flash[:notice] = "Incorrect username or password"
redirect_to :action => ''login''
end
end
end
end
def logout
session[:username] = nil
end
require ''dl/win32''
LOGON32_LOGON_NETWORK = 3
LOGON32_PROVIDER_DEFAULT = 0
BOOL_SUCCESS = 1
AdvApi32 = DL.dlopen("advapi32")
Kernel32 = DL.dlopen("kernel32")
def authorize
redirect_to( :controller => ''login'', :action =>
''login'' ) unless
logged_in?
end
def logged_in?
session[:username] != nil
end
def authenticate(domain, username, password)
# Load the DLL functions
logon_user = AdvApi32[''LogonUser'',
''ISSSIIp'']
close_handle = Kernel32[''CloseHandle'',
''IL'']
# Normalize username and domain
username = username.strip.downcase
domain = domain.strip.downcase
# Authenticate user
ptoken = "\0" * 4
r,rs = logon_user.call(username, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ptoken)
success = (r == BOOL_SUCCESS)
# Close impersonation token
token = ptoken.unpack(''L'')[0]
close_handle.call(token)
session[:username] = username
return success
end
end
</code>
At the top of my application.rb I have:
<code>
class ApplicationController < ActionController::Base
protected
def authorize
#changed from cookie to session
unless session[:username]
@session[:return_to] = @request.request_uri
redirect_to :controller => "login"
return false
end
end
end
</code>
So the filtering works fine, when I try to access a protected page, it
goes to my login.rhtml.
but when I login, It craps out on me with this:
<code>
NoMethodError in LoginController#login
You have a nil object when you didn''t expect it!
You might have expected an instance of Array.
The error occured while evaluating nil.[]
RAILS_ROOT: ./script/../config/..
Application Trace | Framework Trace | Full Trace
#{RAILS_ROOT}/app/controllers/login_controller.rb:12:in `login''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:941:in
`perform_action_without_filters''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:368:in
`perform_action_without_benchmark''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
`perform_action_without_rescue''
c:/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
`perform_action_without_rescue''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/rescue.rb:82:in
`perform_action''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:408:in
`process_without_filters''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:377:in
`process_without_session_management_support''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/session_management.rb:117:in
`process''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/dispatcher.rb:38:in
`dispatch''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:115:in
`handle_dispatch''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:81:in
`service''
c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:104:in `service''
c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:65:in `run''
c:/ruby/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
c:/ruby/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
c:/ruby/lib/ruby/1.8/webrick/server.rb:95:in `start''
c:/ruby/lib/ruby/1.8/webrick/server.rb:92:in `start''
c:/ruby/lib/ruby/1.8/webrick/server.rb:23:in `start''
c:/ruby/lib/ruby/1.8/webrick/server.rb:82:in `start''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:67:in
`dispatch''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/servers/webrick.rb:59
c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
`require''
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
`require''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/server.rb:30
c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
`require''
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
`require''
script/server:3
#{RAILS_ROOT}/app/controllers/login_controller.rb:12:in `login''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:941:in
`perform_action_without_filters''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:368:in
`perform_action_without_benchmark''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
`perform_action_without_rescue''
c:/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
`perform_action_without_rescue''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/rescue.rb:82:in
`perform_action''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:408:in
`process_without_filters''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:377:in
`process_without_session_management_support''
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/session_management.rb:117:in
`process''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/dispatcher.rb:38:in
`dispatch''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:115:in
`handle_dispatch''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:81:in
`service''
c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:104:in `service''
c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:65:in `run''
c:/ruby/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
c:/ruby/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
c:/ruby/lib/ruby/1.8/webrick/server.rb:95:in `start''
c:/ruby/lib/ruby/1.8/webrick/server.rb:92:in `start''
c:/ruby/lib/ruby/1.8/webrick/server.rb:23:in `start''
c:/ruby/lib/ruby/1.8/webrick/server.rb:82:in `start''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:67:in
`dispatch''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/servers/webrick.rb:59
c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
`require''
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
`require''
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/server.rb:30
c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
`require''
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
`require''
script/server:3
Request
Parameters: {"login"=>{"username"=>"test",
"password"=>"test"}}
Show session dump
---
:username:
secret_page:
:page: "2"
:sort: created_on
:sort_direction: asc
flash: !map:ActionController::Flash::FlashHash {}
:return_to: /secret_page
Response
Headers: {"cookie"=>[],
"Cache-Control"=>"no-cache"}
</code>
I swear I think everything is correct, but it isn''t working. I
don''t
have any rails guru''s around, so I thought that I''d risk
getting
roasted and post it here.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
aerospike wrote:> Hi All... Apologies in advance if this isn''t the right group (but I > couldn''t find a rails specific one) anyway -This is a rails specific list/group :-)>[snip]> #get the username and password from the array > username = params[:login][:username] > password = params[:login][:password] > # Split username on domain and alias> split_username = params[:user][:name].split(''\\'',2) [snip]> Parameters: {"login"=>{"username"=>"test", "password"=>"test"}}params[:user] is nil, so trying to access paramsp[:user]{:name] is causing your error (I''m guessing you meant to type split_username = username.split(''\\'',2) Fred -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
I don''t even know where to begin with this one.... Make sure your form
fields match what you''re trying to read in. I see you using this in
your
params list:
Read your error message and it basically tells you what you did wrong:
------------------------------------------------------------------------------
NoMethodError in LoginController#login
You have a nil object when you didn''t expect it!
You might have expected an instance of Array.
The error occured while evaluating nil.[]
RAILS_ROOT: ./script/../config/..
Application Trace | Framework Trace | Full Trace
#{RAILS_ROOT}/app/controllers/login_controller.rb:12:in `login''
------------------------------------------------------------------------------
Line 12 is
split_username = params[:user][:name].split(''\\'',2)
Look at your parameters coming in:
Parameters: {"login"=>{"username"=>"test",
"password"=>"test"}}
So you have params[:login] and params[:password]
But you''re splitting the domain like this:
split_username = params[:user][:name].split(''\\'',2)
I think you want
split_username = params[:login].split("\")
params[:user][:name] doesn''t exist.. so it''s nil
Hope that helps.
On 9/22/06, aerospike <fred.lee-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:>
>
> Hi All... Apologies in advance if this isn''t the right group (but
I
> couldn''t find a rails specific one) anyway -
>
> I think I am having a problem passing data around in my MVC.
>
> I have a view that looks has this in the middle:
>
> <code>
> <%= form_tag :controller => "login",
:action =>
> "login" %>
> <tr>
> <td>DOMAIN\Username:</td>
> <td><%= text_field(:login, :username)
> %></td>
> </tr>
> <tr>
> <td>Password:</td>
> <td><%= password_field(:login,
:password)
> %></td>
> </tr>
> <tr align =
"left">
> <td /><td><input
type="submit"
> value="Submit"></td>
> </tr>
> <%= end_form_tag %>
> </code>
>
> and here is my login_controller.rb
>
> <code>
> class LoginController < ApplicationController
> before_filter :authorize, :except => [:login, :logout]
>
> def login
> if request.get?
> session[:username] = nil
> else
> #get the username and password from the array
> username = params[:login][:username]
> password = params[:login][:password]
> # Split username on domain and alias
> split_username =
params[:user][:name].split(''\\'',2)
> if split_username.length != 2
> flash[:notice] = "You did not enter a properly formatted
domain
> and username"
> redirect_to :action => ''login''
> else
> # Authenticate username and password
> domain = split_username[0]
> username = split_username[1]
> password = params[:user][:password]
> if authenticate domain, username, password
> # User has been authenticated
> session[:username] = username
> else
> flash[:notice] = "Incorrect username or password"
> redirect_to :action => ''login''
> end
> end
> end
> end
>
> def logout
> session[:username] = nil
> end
>
> require ''dl/win32''
> LOGON32_LOGON_NETWORK = 3
> LOGON32_PROVIDER_DEFAULT = 0
> BOOL_SUCCESS = 1
> AdvApi32 = DL.dlopen("advapi32")
> Kernel32 = DL.dlopen("kernel32")
>
> def authorize
> redirect_to( :controller => ''login'', :action =>
''login'' ) unless
> logged_in?
> end
>
> def logged_in?
> session[:username] != nil
> end
>
> def authenticate(domain, username, password)
> # Load the DLL functions
> logon_user = AdvApi32[''LogonUser'',
''ISSSIIp'']
> close_handle = Kernel32[''CloseHandle'',
''IL'']
>
> # Normalize username and domain
> username = username.strip.downcase
> domain = domain.strip.downcase
>
> # Authenticate user
> ptoken = "\0" * 4
> r,rs = logon_user.call(username, domain, password,
> LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ptoken)
> success = (r == BOOL_SUCCESS)
>
> # Close impersonation token
> token = ptoken.unpack(''L'')[0]
> close_handle.call(token)
>
> session[:username] = username
> return success
> end
> end
> </code>
>
> At the top of my application.rb I have:
>
> <code>
> class ApplicationController < ActionController::Base
> protected
> def authorize
> #changed from cookie to session
> unless session[:username]
> @session[:return_to] = @request.request_uri
> redirect_to :controller => "login"
> return false
> end
> end
> end
> </code>
>
> So the filtering works fine, when I try to access a protected page, it
> goes to my login.rhtml.
>
> but when I login, It craps out on me with this:
>
> <code>
>
> NoMethodError in LoginController#login
>
> You have a nil object when you didn''t expect it!
> You might have expected an instance of Array.
> The error occured while evaluating nil.[]
>
> RAILS_ROOT: ./script/../config/..
> Application Trace | Framework Trace | Full Trace
>
> #{RAILS_ROOT}/app/controllers/login_controller.rb:12:in `login''
>
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/base.rb:941:in
> `perform_action_without_filters''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/filters.rb:368:in
> `perform_action_without_benchmark''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
> c:/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/rescue.rb:82:in
> `perform_action''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/base.rb:408:in
> `process_without_filters''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/filters.rb:377:in
> `process_without_session_management_support''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/session_management.rb:117:in
> `process''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/dispatcher.rb:38:in
> `dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:115:in
> `handle_dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:81:in
> `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:104:in `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:65:in `run''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:95:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:92:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:23:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:82:in `start''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:67:in
> `dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6
> /lib/commands/servers/webrick.rb:59
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1
> /lib/active_support/dependencies.rb:147:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/server.rb:30
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1
> /lib/active_support/dependencies.rb:147:in
> `require''
> script/server:3
>
> #{RAILS_ROOT}/app/controllers/login_controller.rb:12:in `login''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/base.rb:941:in
> `perform_action_without_filters''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/filters.rb:368:in
> `perform_action_without_benchmark''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
> c:/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/rescue.rb:82:in
> `perform_action''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/base.rb:408:in
> `process_without_filters''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/filters.rb:377:in
> `process_without_session_management_support''
> c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5
> /lib/action_controller/session_management.rb:117:in
> `process''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/dispatcher.rb:38:in
> `dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:115:in
> `handle_dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:81:in
> `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:104:in `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:65:in `run''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:95:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:92:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:23:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:82:in `start''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:67:in
> `dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6
> /lib/commands/servers/webrick.rb:59
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1
> /lib/active_support/dependencies.rb:147:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/server.rb:30
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1
> /lib/active_support/dependencies.rb:147:in
> `require''
> script/server:3
>
> Request
>
> Parameters:
{"login"=>{"username"=>"test",
"password"=>"test"}}
>
> Show session dump
>
> ---
> :username:
> secret_page:
> :page: "2"
> :sort: created_on
> :sort_direction: asc
> flash: !map:ActionController::Flash::FlashHash {}
>
> :return_to: /secret_page
>
> Response
> Headers: {"cookie"=>[],
"Cache-Control"=>"no-cache"}
>
> </code>
>
> I swear I think everything is correct, but it isn''t working. I
don''t
> have any rails guru''s around, so I thought that I''d risk
getting
> roasted and post it here.
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
I''m writing my first production rails app. It needs to use
authentication, and I''m wondering if my code is good/secure?
If anyone would like to tell me what they think, it''d be great.
Thanks,
jason
[code]
class ApplicationController < ActionController::Base
before_filter :authorize
def authorize
if @session[:user_id].nil?
flash[:notice] = "Please log in to continue"
redirect_to :controller => "account", :action =>
"login"
else
@logged_in_user = User.find(@session[:user_id])
end
end
end
class AccountController < ApplicationController
skip_before_filter :authorize
def login
if @request.post?
if possible_user = User.authenticate(@params[:login][:username],
@params[:login][:password])
@session[:user_id] = possible_user.id
@session[:location] = possible_user.role.location_id
@session[:role_id] = possible_user.role.id
redirect_to(:controller => "application", :action =>
"index")
else
flash[:notice] = "Invalid username and/or password"
logger.info("INVALID LOGIN ATTEMPT -- Username: " +
@params[:login][:username])
end
end
end
def logout
reset_session
redirect_to(:controller => "account", :action =>
"login")
end
end
class User < ActiveRecord::Base
has_one :role
def self.authenticate(username, password)
this_user = find_by_username_and_password(username,
encrypt(password), :include => ''role'')
if this_user.nil? || this_user.role.nil?
#Put log entry here, IF you can even do it in the
model. Or do it in the controller
nil #Return Nil if no role is found for the user, or
no user found for credentials
else
this_user #Return the user object for users with roles
end
end
def self.encrypt(password)
[ password encryption code here.... ]
end
end
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
instead of these 2 lines in your login_controller.rb
username = params[:login][:username]
password = params[:login][:password]
use this instead:
username = session[:login][:username]
password = session[:login][:password]
try it and let me know how it works.
- B
aerospike wrote:> Hi All... Apologies in advance if this isn''t the right group (but
I
> couldn''t find a rails specific one) anyway -
>
> I think I am having a problem passing data around in my MVC.
>
> I have a view that looks has this in the middle:
>
> <code>
> <%= form_tag :controller => "login",
:action =>
> "login" %>
> <tr>
> <td>DOMAIN\Username:</td>
> <td><%= text_field(:login, :username)
> %></td>
> </tr>
> <tr>
> <td>Password:</td>
> <td><%= password_field(:login,
:password)
> %></td>
> </tr>
> <tr align =
"left">
> <td /><td><input
type="submit"
> value="Submit"></td>
> </tr>
> <%= end_form_tag %>
> </code>
>
> and here is my login_controller.rb
>
> <code>
> class LoginController < ApplicationController
> before_filter :authorize, :except => [:login, :logout]
>
> def login
> if request.get?
> session[:username] = nil
> else
> #get the username and password from the array
> username = params[:login][:username]
> password = params[:login][:password]
> # Split username on domain and alias
> split_username =
params[:user][:name].split(''\\'',2)
> if split_username.length != 2
> flash[:notice] = "You did not enter a properly formatted
domain
> and username"
> redirect_to :action => ''login''
> else
> # Authenticate username and password
> domain = split_username[0]
> username = split_username[1]
> password = params[:user][:password]
> if authenticate domain, username, password
> # User has been authenticated
> session[:username] = username
> else
> flash[:notice] = "Incorrect username or password"
> redirect_to :action => ''login''
> end
> end
> end
> end
>
> def logout
> session[:username] = nil
> end
>
> require ''dl/win32''
> LOGON32_LOGON_NETWORK = 3
> LOGON32_PROVIDER_DEFAULT = 0
> BOOL_SUCCESS = 1
> AdvApi32 = DL.dlopen("advapi32")
> Kernel32 = DL.dlopen("kernel32")
>
> def authorize
> redirect_to( :controller => ''login'', :action =>
''login'' ) unless
> logged_in?
> end
>
> def logged_in?
> session[:username] != nil
> end
>
> def authenticate(domain, username, password)
> # Load the DLL functions
> logon_user = AdvApi32[''LogonUser'',
''ISSSIIp'']
> close_handle = Kernel32[''CloseHandle'',
''IL'']
>
> # Normalize username and domain
> username = username.strip.downcase
> domain = domain.strip.downcase
>
> # Authenticate user
> ptoken = "\0" * 4
> r,rs = logon_user.call(username, domain, password,
> LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ptoken)
> success = (r == BOOL_SUCCESS)
>
> # Close impersonation token
> token = ptoken.unpack(''L'')[0]
> close_handle.call(token)
>
> session[:username] = username
> return success
> end
> end
> </code>
>
> At the top of my application.rb I have:
>
> <code>
> class ApplicationController < ActionController::Base
> protected
> def authorize
> #changed from cookie to session
> unless session[:username]
> @session[:return_to] = @request.request_uri
> redirect_to :controller => "login"
> return false
> end
> end
> end
> </code>
>
> So the filtering works fine, when I try to access a protected page, it
> goes to my login.rhtml.
>
> but when I login, It craps out on me with this:
>
> <code>
>
> NoMethodError in LoginController#login
>
> You have a nil object when you didn''t expect it!
> You might have expected an instance of Array.
> The error occured while evaluating nil.[]
>
> RAILS_ROOT: ./script/../config/..
> Application Trace | Framework Trace | Full Trace
>
> #{RAILS_ROOT}/app/controllers/login_controller.rb:12:in `login''
>
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:941:in
> `perform_action_without_filters''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:368:in
> `perform_action_without_benchmark''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
> c:/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/rescue.rb:82:in
> `perform_action''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:408:in
> `process_without_filters''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:377:in
> `process_without_session_management_support''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/session_management.rb:117:in
> `process''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/dispatcher.rb:38:in
> `dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:115:in
> `handle_dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:81:in
> `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:104:in `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:65:in `run''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:95:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:92:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:23:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:82:in `start''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:67:in
> `dispatch''
>
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/servers/webrick.rb:59
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
>
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/server.rb:30
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
>
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
> `require''
> script/server:3
>
> #{RAILS_ROOT}/app/controllers/login_controller.rb:12:in `login''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:941:in
> `perform_action_without_filters''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:368:in
> `perform_action_without_benchmark''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
> c:/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/benchmarking.rb:69:in
> `perform_action_without_rescue''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/rescue.rb:82:in
> `perform_action''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/base.rb:408:in
> `process_without_filters''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/filters.rb:377:in
> `process_without_session_management_support''
>
c:/ruby/lib/ruby/gems/1.8/gems/actionpack-1.12.5/lib/action_controller/session_management.rb:117:in
> `process''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/dispatcher.rb:38:in
> `dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:115:in
> `handle_dispatch''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:81:in
> `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:104:in `service''
> c:/ruby/lib/ruby/1.8/webrick/httpserver.rb:65:in `run''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:95:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:92:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:23:in `start''
> c:/ruby/lib/ruby/1.8/webrick/server.rb:82:in `start''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/webrick_server.rb:67:in
> `dispatch''
>
c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/servers/webrick.rb:59
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
>
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
> `require''
> c:/ruby/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/server.rb:30
> c:/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in
> `require''
>
c:/ruby/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in
> `require''
> script/server:3
>
> Request
>
> Parameters:
{"login"=>{"username"=>"test",
"password"=>"test"}}
>
> Show session dump
>
> ---
> :username:
> secret_page:
> :page: "2"
> :sort: created_on
> :sort_direction: asc
> flash: !map:ActionController::Flash::FlashHash {}
>
> :return_to: /secret_page
>
> Response
> Headers: {"cookie"=>[],
"Cache-Control"=>"no-cache"}
>
> </code>
>
> I swear I think everything is correct, but it isn''t working. I
don''t
> have any rails guru''s around, so I thought that I''d risk
getting
> roasted and post it here.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---