InvalidAuthenticityToken

[Juan Pablo Genovese]

Hello,

how are you doing?
I'm kind of a newbie integrating Rails and Flex. I downloaded the
lastest pomodo_on_rails sources from GitHub and installed the plugins
to get it working.

However, everytime I want to create or authenticate a user, the app
throws this excetpion:

Processing SessionsController#create to fxml (for 127.0.0.1 at
2009-05-18 19:17:59) [POST]
Parameters: {"_session_id"=>"429d9bd981e87090e885ef211400441c",
"authenticity_token"=>"k4EmJBgVdT3KQiAoQlxkGmxLy/Hgk xHbiq0fJko2aU=",
"login"=>"quentin", "password"=>"pomodo"}

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
config/initializers/restfulx.rb:23:in `call'
config/initializers/restfulx.rb:23:in `call'

Rendered rescues/_trace (78.0ms)
Rendered rescues/_request_and_response (0.0ms)
Rendering rescues/layout (unprocessable_entity)

I can't find the issue, and I'm getting lost in the middle of new
concepts for me.
Can you please point me with a direction to follow?

Thanks a lot and congratulations for this awesome framework!!

Juan Pablo

[Dima Berastau]

Hi Juan,

You might want to pull from git://github.com/dima/pomodo_on_rails
(master branch) again. I was doing some tweaking on the app to bring
it up to speed with Rails 2.3 conventions. You seem to have caught it
right in the middle :)

You might need to clear your browser _pomodo_session cookie after you
try again/refresh in case it got left over.

Sign-up/log-in as well image uploads on sign-up and from within the
app should be functional.

Hope this helps,
Dima

[Juan Pablo Genovese]

Dima,

thank you very much.
That was the issue! :)

Now I've got the lastest sources and works like a charm.


However, if I execute the rake rx:flex:build task, I get the following
error:

Compiling C:/dev/projects/rails/temp/restfulx/pomodo_on_rails/app/flex/
Pomodo.mxml
Loading configuration file C:\dev\ides\Flex Builder 3\sdks
\3.2\frameworks\flex-config.xml
Loading configuration file C:\dev\projects\rails\temp\restfulx
\pomodo_on_rails\app\flex\Pomodo-config.xml
C:\dev\projects\rails\temp\restfulx\pomodo_on_rails\app\flex\pomodo
\components\main\VisualWorkSummary.mxml(41): Error:
Type was not found or was not a compile-time constant: HitData.

private function showProjectTotals(item:HitData):String {

The application was not compiled. Check console for errors. It is
possible that '(a)mxmlc' executable was not found or t
here are compilation errors.


Is this error happening because of the Flex SDK version that I have
(3.2) or is due to the "work in progress" you're doing?

Thanks a lot again!!

Juan Pablo

[Dima Berastau]

Hi Juan,

This error shows up because you probably have a "free" version of the
Flex SDK that doesn't include charting components. Pomodo on Rails
example app does have a chat in it. We've got to thank Adobe for this
stupidity. I am actually going to switch from Flex Charts for a better/
open-source alternative like Axiis or BirdEye.

Dima

[Juan Pablo Genovese]

Dima,

got it.

Thanks a lot for your kind support and fast response to my questions.

I hope I can learn enough to contribute someday to this awesome work
you have been doing.

Thanks again!!

Juan Pablo

[viatropos]

Hey Dima,

I'm getting the same error with Pomodo, I just downloaded it today:

Processing SprintsController#update to fxml (for 127.0.0.1 at
2009-06-23 16:20:51) [PUT]
Parameters: {"id"=>"355468522", "sprint"=>{"name"=>"Lance's Sprint",
"project_id"=>"490909803", "due_by"=>"2008-10-06T16:28:25-00:00",
"billed_hourly_rate"=>"1"}}
Account Columns (5.9ms) SHOW FIELDS FROM `accounts`
Account Load (0.5ms) SELECT * FROM `accounts` WHERE
(`accounts`.`id` = 472819258) LIMIT 1

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
config/initializers/restfulx.rb:19:in `call'
config/initializers/restfulx.rb:19:in `call'

Rendered rescues/_trace (50.6ms)
Rendered rescues/_request_and_response (2.0ms)
Rendering rescues/layout (unprocessable_entity)


Any ideas?

I'm using Rails 2.3.2 and ruby 1.8.7. Thanks for your help.

Lance

[Dima Berastau]

Hi Lance,

How about now? There's a number of initialization configuration files
you can play with here. session_store.rb, restfulx.rb and
session_store_flash.rb

They pretty much implement the middleware approach for Rails 2.3. I
tweaked session_key from "_pomodo_session" to "_session_id" and it
seems to work again.

Dima

[viatropos]

Hey,

It was just working for about an hour now the session is null... :p

I'm actually using CouchRest and restful_authentication and it was
working (modifying restful_authentication accordingly). Wish me luck.

[viatropos]

why is the session_id null?

[viatropos]

it seems that the flex_controller.rb is not consistently loaded first,
so sometimes it's null, sometimes it's not.

[viatropos]

private function login():void {
Rx.http(onLoginSuccess, onLoginFailure,
"application/x-www-form-urlencoded", "text")
.invoke("session.json?_session_id=" + Rx.sessionToken +
"&authenticity_token=" + Rx.authenticityToken,
{ login: userTI.text, password: passwordTI.text }, "POST",
true);
}

If you want to use JSON, that works.

[viatropos]

!!! If you type "localhost:3000" and press enter in the browser, the
_session_id and _authenticity_token are PERFECT!

If you run Flex and have it open the browser (debug or normal mode),
they are BOTH NULL.

I have no idea what's going on with that.

[Dima Berastau]

Hey Lance,

Both session_id and authenticity_token are passed to the Flex app as
flash parameters from the Rails app. If you are running the app in
debug/normal mode from Flex Builder they are not there (as you'd
expect) because Flex Builder has it's own HTML templates, which are
different from Rails.

Makes sense?
Dima

[viatropos]

Makes sense... Is there a way to make it so you can get the session_id
and auth token when in debug mode, like maybe having flex ask for it
somehow?

[tom]

viatropos,

can u light up the steps to get authentication running with restfulx?
thx

[viatropos]

Sure man, here's what I did:

1) Install everything
git clone git://github.com/dima/pomodo_on_rails.git
cd pomodo_on_rails
git submodule init
git submodule update
# install the latest rubyist-aasm as a plugin
script/plugin install git://github.com/rubyist/aasm.git
# install gmail plugin to use the mailer


2) Add "require 'aasm'" to the application_controller.rb

3)
config.gem "restfulx", :version => "1.2.2"
config.gem "couchrest"
# for Gmail
config.action_mailer.raise_delivery_errors = true
config.action_mailer.perform_deliveries = true
config.action_mailer.delivery_method = :smtp

4) Add this to the bottom of the "session_store.rb" file (not the
"session_store_flash.rb" file):

ActionController::Dispatcher.middleware.insert_before
(ActionController::Session::CookieStore, FlashSessionCookieMiddleware,
ActionController::Base.session_options[:key])

5) for the mailer: http://github.com/openrain/action_mailer_tls/tree/master

6) Only start the application from the browser, not Flex Builder


That 4th step I think did it. I'm also using everything with
CouchRest and json, so that may have changed things. I'll post up an
example of that in a few weeks.

Best,

Lance

On Jun 25, 9:19 am, tom <tomabr...@gmail.com> wrote:
> viatropos,
>
> can u light up the steps to get authentication running with restfulx?
> thx
>

[tom]

thx, so did u change anything in the html files to pass something into the swf?
thx tom

[viatropos]

Nope, I didn't have to change the html file. Check out the June
update on this guy's post:

http://thewebfellas.com/blog/2008/12/22/flash-uploaders-rails-cookie-based-sessions-and-csrf-rack-middleware-to-the-rescue

On Jun 25, 1:26 pm, tom <tomabr...@gmail.com> wrote:
> thx, so did u change anything in the html files to pass something into the
> swf?
> thx tom
>

[viatropos]

!!! If you go to your Flex Builder project settings (right click on
project, go to "Properties"), then to "Run/Debug Settings", click on
your project name in the white box, click "Edit" on the right, and
change the default URLs to just be "http://localhost:3000/".

That makes it so you can run in debug mode and still pass the session
token. It actually passes the "?debug=true" value to the
flex_controller.rb, so watch out for that. But it works, I'm getting
both the session and authenticity tokens from flex builder. Nice.

Cheers,
Lance

On Jun 25, 3:58 pm, viatropos <lancejpoll...@gmail.com> wrote:
> Nope, I didn't have to change the html file.  Check out the June
> update on this guy's post:
>

> http://thewebfellas.com/blog/2008/12/22/flash-uploaders-rails-cookie-...

[tom]

thx for ur tips!

[tom]

what exactly downlaods:

git submodule init
git submodule update

can u answer that?
i appreciate ur help/
thx tom

[tom]

mh, the more im trying get the code of my app similiar to the pomodo code the more lost i get:

i changed my url  in flex builder as u suggested, and yes i call flex-index with debug=true, which gives me only the hint:

Mysql::Error: Table 'contactbox_development.sessions' doesn't exist: SHOW FIELDS FROM `sessions`

>> since when do i need a session-table? did i miss something? i dont want to store session in the db, or is this mandatory with restfulx / restful_auth?


what i would like to see:  a real step-by-step explantion of how the login-procedure (is supposed) work(s)

thx tom

[tom]

ok, i applied all changes, inlcuding sessions stored in tables, but its still unclear to me what i need to pass into:
Rx.http(onLoginSuccess, onLoginFailure).invoke("session.fxml?_session_id=" and token
when im supposed to get them AFTER the login?
or am i seeing something wrong here?
thx