Authentication with Sorcery

161 views
Skip to first unread message

Maedi

unread,
Apr 30, 2013, 7:52:47 PM4/30/13
to batm...@googlegroups.com
I know there's authentication code in the Classifieds app, however this is using OAuth:
https://github.com/Shopify/batman-classifieds/blob/master/app/controllers/sessions_controller.rb

I'd really appreciate help with the more common scenario of a login screen (SessionsController) which then sends login info to Rails. So far I'm having a hard time connecting the 2.

For example, how do we call a custom REST action from the server without calling something like ".load" on a Batman model? This would help me (I think) in getting my client-side authentication to work.

Maedi

unread,
May 1, 2013, 10:34:16 AM5/1/13
to batm...@googlegroups.com
All I can think to do is the following in my SessionsController:

class MyApp.SessionsController extends Batman.Controller

  create
: (params) ->
    user
= new MyApp.User()
    user
.url = '/sessions/create'
    user
.load {email: 'm...@example.com', password: 'foobar'}, (error, result) =>
     
throw error if error

But this sends the password via a GET request, secure?

GET "/sessions/create.json?email=me%40example.com&password=[FILTERED]

The Rails console says [FILTERED] but Firebug shows the password.

Walter Lee Davis

unread,
May 1, 2013, 10:41:19 AM5/1/13
to batm...@googlegroups.com


On May 1, 2013, at 7:34 AM, Maedi <ma...@sourdough.com> wrote:

All I can think to do is the following in my SessionsController:

class MyApp.SessionsController extends Batman.Controller

  create
: (params) ->
    user
= new MyApp.User()
    user
.url = '/sessions/create'
    user
.load {email: 'm...@example.com', password: 'foobar'}, (error, result) =>
     
throw error if error

But this sends the password via a GET request, secure?

GET "/sessions/create.json?email=me%40example.com&password=[FILTERED]

The Rails console says [FILTERED] but Firebug shows the password.


All passwords are sent more or less in the clear. That's why there's ssl. Even a post is sent in a retrievable form. 

Walter


On Wednesday, 1 May 2013 09:52:47 UTC+10, Maedi wrote:
I know there's authentication code in the Classifieds app, however this is using OAuth:
https://github.com/Shopify/batman-classifieds/blob/master/app/controllers/sessions_controller.rb

I'd really appreciate help with the more common scenario of a login screen (SessionsController) which then sends login info to Rails. So far I'm having a hard time connecting the 2.

For example, how do we call a custom REST action from the server without calling something like ".load" on a Batman model? This would help me (I think) in getting my client-side authentication to work.

--
You received this message because you are subscribed to the Google Groups "batman.js" group.
To unsubscribe from this group and stop receiving emails from it, send an email to batmanjs+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Maedi

unread,
May 1, 2013, 10:50:28 AM5/1/13
to batm...@googlegroups.com
Yeah will have to add SSL. Is this the best method for the kind of authentication I'm trying to achieve?

patrick bradley

unread,
Jun 27, 2013, 11:52:30 PM6/27/13
to batm...@googlegroups.com
In general, with these one page apps, I allow the sign_in/sign_up routes to be passed through to the regular rails controller. So I have a "one page app" once a user is signed in but there will be a full browser refresh when they sign_in/sign_up/sign_out. I haven't ran into any problems with it so far. That's my two cents. :)

Maedi Prichard

unread,
Jun 28, 2013, 12:24:55 AM6/28/13
to batm...@googlegroups.com
Cool, thanks. In my use case I need the signup process to be AJAXy but like this approach too.


On Fri, Jun 28, 2013 at 1:52 PM, patrick bradley <patrickb...@gmail.com> wrote:
In general, with these one page apps, I allow the sign_in/sign_up routes to be passed through to the regular rails controller. So I have a "one page app" once a user is signed in but there will be a full browser refresh when they sign_in/sign_up/sign_out. I haven't ran into any problems with it so far. That's my two cents. :)

--
You received this message because you are subscribed to the Google Groups "batman.js" group.
To unsubscribe from this group and stop receiving emails from it, send an email to batmanjs+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Maedi

patrick bradley

unread,
Jun 28, 2013, 12:33:59 AM6/28/13
to batm...@googlegroups.com
So, even though I handle the sign_in/up stuff with regular rails, i still need to have the "currentUser" loaded in the Batman app in order to do anything user-specific. The issue I'm dealing with right now is figuring out how/where/when to load in the currentUser so that I can guarantee it is always available in every controller. How are you handling that?

Maedi Prichard

unread,
Jun 28, 2013, 12:44:30 AM6/28/13
to batm...@googlegroups.com
Inside the "window.MyApp = class MyApp extends Batman.App" class. This is a great place to store global variables by simply going "@set('var')" and then accessing elsewhere with "MyApp.get('var')".

patrick bradley

unread,
Jun 28, 2013, 12:49:02 AM6/28/13
to batm...@googlegroups.com
That's where I'm storing it. I was following some example where they got the currentUser using that
@on 'run',->
method.  The problem is that sometimes my views render before the currentUser is returned. I haven't been able to work around that yet.

Maedi Prichard

unread,
Jun 28, 2013, 12:52:03 AM6/28/13
to batm...@googlegroups.com
Try @observe

They're changing up the Views API right to make it synchronous so maybe this will help your issue.


--
You received this message because you are subscribed to the Google Groups "batman.js" group.
To unsubscribe from this group and stop receiving emails from it, send an email to batmanjs+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Maedi
Reply all
Reply to author
Forward
0 new messages