0

I've got a cross-website integration to handle. Basically I'm passing a param into the rails application and if it evaluates correctly ... then I'd like to log a user in.

Can this be done without the users password?

something like simply evaluating the password as true?

carl crott
  • 753
  • 1
  • 9
  • 21
  • you need to login a user into your app or do authorized action within your app? – ted Apr 13 '13 at 19:08
  • I need to log in a user. So you're suggesting going around restful auth? – carl crott Apr 13 '13 at 20:36
  • just cannot get what you want to do. If you want to login user without a password you can simply login him\her depending on your authentification system e.g. if you're using 'devise' gem: `sign_in @some_user`. Or you want to use other authorization method with some specific secret key? – ted Apr 13 '13 at 20:41

1 Answers1

1

This is called "token authentication" and is supported by Devise, or can be relatively easily ginned up on your own. You want to generate a non-guessable secret token (your param), and then use that in lieu of a username. The devise wiki has links to a couple of examples:

https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example

If you want a lighter-weight solution, you can also simply generate an auth token (using something like bcrypt) and then do something like:

@user = User.find_by_auth_token(params[:auth_token])

if @user is nil, then return a 403.

mikeryz
  • 527
  • 3
  • 8