Rails - Jul 2007 - using plugin ssl_requirement: generate SSL link

Hi,
I am using
ssl_requirement(http://dev.rubyonrails.org/svn/rails/plugins/ssl_requirement/README)
to set up SSL access requirement on actions in my controller.

In my webapp''s home page, I provide a login panel for users to login.

I don''t want my home page(the index action) to be accessed through SSL,
but I do want the login information submitted from the homepage''s login
panel to be SSL.

But if I don''t make my home page require SSL, user''s login
info is
submited first through non-ssl request(non-securely), then the server
redirects the browser to submit the information through SSL.

Is there a way for me to generate the SSL-enabled link for login based
on my ssl_requirement configuration on login from the controller?
maybe override the link generation helper?

Thanks.
Yaxm.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

El Jul 13, 2007, a las 10:32 AM, Yaxm Yaxm escribió:
>
> Hi,
> I am using
> ssl_requirement(http://dev.rubyonrails.org/svn/rails/plugins/ 
> ssl_requirement/README)
> to set up SSL access requirement on actions in my controller.
>
> In my webapp''s home page, I provide a login panel for users to
login.
>
> I don''t want my home page(the index action) to be accessed through
> SSL,
> but I do want the login information submitted from the homepage''s
> login
> panel to be SSL.
>
> But if I don''t make my home page require SSL, user''s
login info is
> submited first through non-ssl request(non-securely), then the server
> redirects the browser to submit the information through SSL.
>
> Is there a way for me to generate the SSL-enabled link for login based
> on my ssl_requirement configuration on login from the controller?
> maybe override the link generation helper?
Yes, use the secure_actions plugin, which based on ssl_requirement:

   http://agilewebdevelopment.com/plugins/secure_actions

With that plugin you can configure SSL per action, and is integrated  
with URL generation.

There''s a couple of things to note about it. There''s no API to
configure an entire controller as secure. I solved that with this  
class method:

   # A controller makes this call to declare all their actions run  
behind SSL.
   # The call must be put at the bottom of the code, so that the  
public methods
   # are known and returned by public_instance_methods.
   def self.this_controller_only_responds_to_https
     include SecureActions
     require_ssl *self.public_instance_methods(false).map(&:to_sym)
   end

The other thing is that the plugin as of revision 14 expects explicit  
controllers and actions in your calls to url_for (via link_to or  
whatever). It looks up the pair in a table to figure out whether it  
needs to select "https" as protocol. The attached patch fixes that.

-- fxn


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

El Jul 13, 2007, a las 1:23 PM, Xavier Noria escribió:
> There''s a couple of things to note about it.
I forgot a third detail.

Secure actions are declared with the class method require_ssl in  
controllers, so you need to load a controller to let the plugin know  
his secure actions, if any.

OK, you know automatic class loading is triggered by const_missing in  
Rails. Now let''s suppose /public/index has a link to /account/login,  
when you start the server even in production mode the link in the  
home won''t be secure until someone hits AccountController. And that  
argument extends to all the links in the site. The protocol in their  
generation needs to have the corresponding controller class loaded.

That''s why I force class preloading in environment.rb (or  
production.rb if you prefer that file), like this towards the bottom  
of the file:

   if RAILS_ENV == ''production''
     USE_SSL = true
     # Trigger controller class loading to execute SSL-related
     # declarations, this way we have the correct links right away.
     require ''application''
     ActionController::Routing.possible_controllers.each do |c|
       # known to work without directories
       "#{c.camelize}Controller".constantize
     end
   end

-- fxn


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I tried to force class loading at the end of my environemnt.rb file.

I got a nasty error: “A copy of AuthenticatedSystem has been removed 
from the module tree but is still active!”  whenever I try to access a 
2nd page after I boot up webrick.

AuthenticatedSystem is from plugin acts_as_authenticated

Here''s a blog post on the same error:
http://blog.railsconsulting.com/2007/2/25/streamlined-plugin-argumenterror

If I remove the class loading part from my env.rb file, things are fine.


Is there another way to force the class loading?

Thanks.
Yaxm.



Xavier Noria wrote:
> El Jul 13, 2007, a las 1:23 PM, Xavier Noria 
>escribi�:
> There''s a couple of things to note about it.
> 
> I forgot a third detail.
> 
> Secure actions are declared with the class method require_ssl in
> controllers, so you need to load a controller to let the plugin know
> his secure actions, if any.
> 
> OK, you know automatic class loading is triggered by const_missing in
> Rails. Now let''s suppose /public/index has a link to
/account/login,
> when you start the server even in production mode the link in the
> home won''t be secure until someone hits AccountController. And
that
> argument extends to all the links in the site. The protocol in their
> generation needs to have the corresponding controller class loaded.
> 
> That''s why I force class preloading in environment.rb (or
> production.rb if you prefer that file), like this towards the bottom
> of the file:
> 
>    if RAILS_ENV == ''production''
>      USE_SSL = true
>      # Trigger controller class loading to execute SSL-related
>      # declarations, this way we have the correct links right away.
>      require ''application''
>      ActionController::Routing.possible_controllers.each do |c|
>        # known to work without directories
>        "#{c.camelize}Controller".constantize
>      end
>    end
> 
> -- fxn
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I found out that I can''t use "require" but need to use 
"require_dependence" in my environment.rb file

require_dependency ''application''
ActionController::Routing.possible_controllers.each do |c|
  # known to work without directories
  "#{c.camelize}Controller".constantize
end



Yaxm Yaxm wrote:
> I tried to force class loading at the end of my environemnt.rb file.
> 
> I got a nasty error: “A copy of AuthenticatedSystem has been removed 
> from the module tree but is still active!”  whenever I try to access a 
> 2nd page after I boot up webrick.
> 
> AuthenticatedSystem is from plugin acts_as_authenticated
> 
> Here''s a blog post on the same error:
> http://blog.railsconsulting.com/2007/2/25/streamlined-plugin-argumenterror
> 
> If I remove the class loading part from my env.rb file, things are fine.
> 
> 
> Is there another way to force the class loading?
> 
> Thanks.
> Yaxm.
> 
> 
> 
> Xavier Noria wrote:
>> El Jul 13, 2007, a las 1:23 PM, Xavier Noria 
>>escribi�:
>> There''s a couple of things to note about it.
>> 
>> I forgot a third detail.
>> 
>> Secure actions are declared with the class method require_ssl in
>> controllers, so you need to load a controller to let the plugin know
>> his secure actions, if any.
>> 
>> OK, you know automatic class loading is triggered by const_missing in
>> Rails. Now let''s suppose /public/index has a link to
/account/login,
>> when you start the server even in production mode the link in the
>> home won''t be secure until someone hits AccountController. And
that
>> argument extends to all the links in the site. The protocol in their
>> generation needs to have the corresponding controller class loaded.
>> 
>> That''s why I force class preloading in environment.rb (or
>> production.rb if you prefer that file), like this towards the bottom
>> of the file:
>> 
>>    if RAILS_ENV == ''production''
>>      USE_SSL = true
>>      # Trigger controller class loading to execute SSL-related
>>      # declarations, this way we have the correct links right away.
>>      require ''application''
>>      ActionController::Routing.possible_controllers.each do |c|
>>        # known to work without directories
>>        "#{c.camelize}Controller".constantize
>>      end
>>    end
>> 
>> -- fxn
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Feb 13, 2008, at 7:29 , Yaxm Yaxm wrote:
> I found out that I can''t use "require" but need to use
> "require_dependence" in my environment.rb file
>
> require_dependency ''application''
> ActionController::Routing.possible_controllers.each do |c|
>  # known to work without directories
>  "#{c.camelize}Controller".constantize
> end
That''s strange, what happended if you used "require"? Where
do you
have that code? Which version of Rails is that?

-- fxn


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I use rails 1.2.6.

I am using acts_as_authenticated plugin.

I place the constanize codes at the bottom of my environment.rb file.

this error only happens when I use ''require'' instead of 
''require_dependency''

ArgumentError (A copy of AuthenticatedSystem has been removed from the 
module tree but is still active!):
   
/usr/lib/ruby/gems/1.8/gems/activesupport-1.4.4/lib/active_support/dependencies.rb:237:in
`load_missing_constant''
   
/usr/lib/ruby/gems/1.8/gems/activesupport-1.4.4/lib/active_support/dependencies.rb:452:in
`const_missing''



Xavier Noria wrote:
> On Feb 13, 2008, at 7:29 , Yaxm Yaxm wrote:
> 
>> I found out that I can''t use "require" but need to
use
>> "require_dependence" in my environment.rb file
>>
>> require_dependency ''application''
>> ActionController::Routing.possible_controllers.each do |c|
>>  # known to work without directories
>>  "#{c.camelize}Controller".constantize
>> end
> 
> That''s strange, what happended if you used "require"?
Where do you
> have that code? Which version of Rails is that?
> 
> -- fxn
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---