Jump to content

The ultimate community for Ruby on Rails developers.


Photo

Sharing log in credentials across controllers?

login controllers share inherit

  • Please log in to reply
1 reply to this topic

#1 RensterUK

RensterUK

    Passenger

  • Members
  • 7 posts

Posted 21 March 2014 - 09:08 AM

All,

 

I fully acknowledge I may be trying to achieve things in a very cack-handed style here(!) - so am open to suggestions on a better way of doing things.

 

Currently, I have:

 

An authentication controller - basically just a view, with user/password prompts, and a submit

A VCS controller - a couple of list boxes, used to list contents on our VCS system, and what's held locally etc, and to synchronise from one to the other. This requires the credentials from the auth controller

A TMS controller - (yet to be added! - but it will be similar to the VCS controller in a way - connects to an in-house test management system, again using the same credentials as supplied by the auth controller, letting the user "do stuff" connecting what is held locally, to the TMS.

 

The intention is that the user will be able to switch back and forth between the VCS controller, and the TMS controller as they wish... without continually needing to resubmit login credentials all the time.

 

Can anyone advise how to structure things to make the supplied user/password available to the VCS and tm controllers? I guess one option is to store the text of the user/password as cookies, and let the VCS and TMS controllers  but this is not exactly secure!

 

If it helps, the login view for my auth controller looks like this (not rocket science this one!)

 

<%= form_for @user, :as => :user, :url => sign_in_path(@user) do |f| %>
    <p>
      <%= f.label 'username or email:' %><br />
      <%= f.text_field :username %>
    </p>
    <p>
      <%= f.label 'password:' %><br />
      <%= f.password_field :password %>
    </p>
    <p>
      <%= f.submit 'Sign In' %>&nbsp;&nbsp;&nbsp;
      <%= f.submit 'Clear Form', :type => 'reset' %>
    </p>
<% end %>
 
 
Am I correct in splitting this functionality across 3 controllers? Or perhaps it should be a single controller, with multiple views? I have a few ideas of things that COULD work - I'm just wondering what sort of thing would 1) work, and 2) be best practice :)
 
Thanks!


#2 Ohm

Ohm

    Driver

  • Moderators
  • 411 posts
  • LocationCopenhagen

Posted 02 April 2014 - 10:41 AM

For authentication of users I often rely on the devise gem.

 

If you want to do it yourself, I'd generate a session uuid when the user logs in, put it into the database, and keep that in the session-variable in Rails.

session[:user_uuid] = generate_uuid(user)

The in a before_filter in the controller I'd check whether or not the uuid was valid by checking whether or not it is present in the database.

 

Of course you'd do something with time as well, because a session should only be valid for some minutes. You could then either generate a new uuid for the user or renew it, by allowing additional minutes each time it's used.


Blog: http://ohm.sh | Twitter: @madsohm | Work: Lokalebasen.dk






Also tagged with one or more of these keywords: login, controllers, share, inherit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users