ffrcm API access with authlogic/devise
65 views
Skip to first unread message
Patrick Mulder
May 15, 2012, 5:58:05 AM5/15/12
to fat-free...@googlegroups.com
Hello,
I am bit confused in understanding the API access in ffcrm and
whether/how this is supported by authlogic. It would be helpful to
hear your thoughts.
The use case I am having in mind is to have a contact form from a
landingpage (= client) automatically post leads into your fatfreecrm
by using API calls. A bit similar to what is described in the plugin
web-to-lead ( https://github.com/michaeldv/crm_web_to_lead )
But I am not yet seeing the requirements for the authentication
process, or whether we should look into token_authenticatable as
Devise provides with a router configuration:
devise :token_authenticatable
A bit of background is described here:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/
Does ffcrm currently support use cases for API access with authlogic?
Should we look into this for the devise branch?
The general status for the Devise branch: The admin authentication is
still open, as well as the AJAX update of passwords and some last
specs issues. I will continue working on this as time allows.
Thanks for your interest and feedback.
br,
patrick
I am bit confused in understanding the API access in ffcrm and
whether/how this is supported by authlogic. It would be helpful to
hear your thoughts.
The use case I am having in mind is to have a contact form from a
landingpage (= client) automatically post leads into your fatfreecrm
by using API calls. A bit similar to what is described in the plugin
web-to-lead ( https://github.com/michaeldv/crm_web_to_lead )
But I am not yet seeing the requirements for the authentication
process, or whether we should look into token_authenticatable as
Devise provides with a router configuration:
devise :token_authenticatable
A bit of background is described here:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/
Does ffcrm currently support use cases for API access with authlogic?
Should we look into this for the devise branch?
The general status for the Devise branch: The admin authentication is
still open, as well as the AJAX update of passwords and some last
specs issues. I will continue working on this as time allows.
Thanks for your interest and feedback.
br,
patrick
Steve Kenworthy
May 17, 2012, 10:31:08 PM5/17/12
to fat-free...@googlegroups.com
Thanks for raising this question Patrick
Off the top of my head, API access isn't particularly baked in at the moment. It is possible to write a quick 'require_application' method to give token based access to a controller action but we haven't got much further than that. See https://github.com/crossroads/ffcrm_meta_search/blob/master/lib/ffcrm_meta_search/controllers.rb#L94 for an example, with the caveat that its one function solving access to one action and that's not a sustainable approach. It also grants the authenticated application full-access to all data - not a great thing! (note the example above uses https://github.com/crossroads/ffcrm_authlogic_api which we'd like to move away from.
With devise and cancan work progressing so well, I would expect that better API support would be much easier using the token_authenticatable mechanisms of devise and the permission Abilities of cancan... ideally, we'd move away from authlogic and the hacks above.
Regards,
Steve
--
You received this message because you are subscribed to the Google Groups "Fat Free CRM Developers" group.
To post to this group, send email to fat-free...@googlegroups.com.
To unsubscribe from this group, send email to fat-free-crm-d...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/fat-free-crm-dev?hl=en.
Patrick Mulder
May 19, 2012, 5:44:46 AM5/19/12
to fat-free...@googlegroups.com
Hi Steve,
thanks for the feedback and for the pointers. I still have to check
however if I understand what the use cases of the plugin below were,
and how it translates to our current setup. Just a small note, that I
also found some nice overview on how token authentication can be
handled with devise in the devise wiki:
https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
It shows how to allow requests like:
HTTP GET to http://crm.example.com/campaigns.json?auth_token=<put
your token here>
By the way, the cancan branch shows:
1446 examples, 13 failures, 17 pending
There are 5 failing specs related to:
./spec/models/polymorphic/version_spec.rb
Ok, I'll give an update on ideas for using devise as I have time in
the next days.
Patrick
thanks for the feedback and for the pointers. I still have to check
however if I understand what the use cases of the plugin below were,
and how it translates to our current setup. Just a small note, that I
also found some nice overview on how token authentication can be
handled with devise in the devise wiki:
https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
It shows how to allow requests like:
HTTP GET to http://crm.example.com/campaigns.json?auth_token=<put
your token here>
By the way, the cancan branch shows:
1446 examples, 13 failures, 17 pending
There are 5 failing specs related to:
./spec/models/polymorphic/version_spec.rb
Ok, I'll give an update on ideas for using devise as I have time in
the next days.
Patrick
Reply all
Reply to author
Forward
0 new messages