Databases
StackOverflow2013
Postsdbo
POrails storing password in a session
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POrails storing password in a session
    primarykey
    data
    text
    <p>I have a rails app that makes web api call , the rails app by itself doesn't have any database or userstore. Every api call needs to be sent username and password for each request.</p> <p>I would like to provide an authentication mechanism for the rails app. I am planning to do it this way :</p> <ol> <li>Show a login page </li> <li>Get the username and password</li> <li>Store the username and password</li> <li>Perform a manual authentication either via warden.authenticate or authlogic.something ( or may be even that is not required can just check if session has something stored )</li> <li>And then when user does something I pass the username and password that was stored earlier.</li> </ol> <p>Now my problem is where do I store the password ? If I use session I cannot use cookie store obviously , I can use <code>session_store = :active_record_store</code> but not sure if its safe , also I don't have any database as of now so why should I create one just for session ? Is there any other mechanism to store passwords within a session ? (safe way obviously )</p> <p>Earlier rails had :</p> <ul> <li>MemoryStore</li> <li>FileStore</li> </ul> <p>But now both seems to be removed. So any other solution ?</p> <p>Notes from answers :</p> <ol> <li>Storing encrypted passwords won't work since I need the raw password to be sent to server while making api calls.</li> <li>I have no control over the API , so I cannot change its authentication.</li> <li>There is no user profile maintenance on rails app. Everything managed by API calls.</li> </ol> <p>I finally thought to implement custom memory store but it seems to throw stackoverflow error. I got the code from <a href="https://rails.lighthouseapp.com/projects/8994/tickets/1876-uninitialized-constant-actioncontrollersessionmemorystore">https://rails.lighthouseapp.com/projects/8994/tickets/1876-uninitialized-constant-actioncontrollersessionmemorystore</a></p> <pre><code>require 'action_dispatch' module ActionDispatch module Session class CustomMemoryStore &lt; ActionDispatch::Session::AbstractStore GLOBAL_HASH_TABLE = {} #:nodoc: private def get_session(env, sid) sid ||= generate_sid session = GLOBAL_HASH_TABLE[sid] || {} session = AbstractStore::SessionHash.new(self, env).merge(session) [sid, session] end def set_session(env, sid, session_data) GLOBAL_HASH_TABLE[sid] = session_data return true end end end end Steptools3::Application.config.session_store :custom_memory_store, :key =&gt; '_some_xyz' </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USGaurav Shah
    1. USGaurav Shah
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POrails storing password in a session
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POrails storing password in a session
      1. USsparrovv
      1. VTFavorite
    3. VO
      singulars
      1. POrails storing password in a session
      1. USGaurav Shah
      1. VTBountyStart
    1. COYou can store an encrypted password in a cookie, or store the session on the server-side, in the DB.
      singulars
      1. POrails storing password in a session
      1. USDave Newton
    2. COIt is a bit unclear who needs to login, in which application. The railsapp (without the db?). And another app has an API? Is that webapi stuff under your control? To defer authorisation to an API you would generally use OAuth (to not have to keep the user/password): let the user login to the other application, and you will receive a token which will grant you temporary access.
      singulars
      1. POrails storing password in a session
      1. USnathanvda
    3. COthe user of my app enters username & password , the rails app makes call to the api , say "dosomething" , it calls as " user :asd , pass:qwe,task:dosomething" . there is as such no authentication between rails app and the api.. its just I have to pass user name & password on each request.
      singulars
      1. POrails storing password in a session
      1. USGaurav Shah
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload