Stack Overflow
Stack Overflow

Questions tagged [rails-authorization]

22 questions
12
votes
2 answers

Next-Auth with Provider.Credentials: How to implement when API is already returning a JWT Token?

I have a NextJS page where I try to implement Next-Auth. I use credentials to login to my Rails API. My API is returning (already) a JWT-Token. (so NextAuth must not create it) How to implement the Provider.Credentials for [...nextauth].js in that…
Jan
  • 12,992
  • 9
  • 53
  • 89
7
votes
2 answers

Authorization in Rails 3.1 : CanCan, CanTango, declarative_authorization?

I have looked at declarative_authorization, CanCan, and CanTango. They all are good in adding authorization to the application but I was wondering how does one add authorization to specific instance of a model i.e. a person can have a manage access…
Raj Lalwani
  • 391
  • 1
  • 6
  • 14
7
votes
4 answers

Rails4 authorization strategies

When it comes to Authorization/Authentication devise + cancan are usually my gems of choice. After the release of Rails4's strong parameters I've been looking into using the cancan_strong_parameters gem. I can't shake the feeling that this approach…
8bithero
  • 1,474
  • 1
  • 18
  • 23
4
votes
2 answers

Rails - Using twitter oAuth for logging in users

I use Twitter oAuth to allow users to signup for my site. I have the user's access_token, access_secret from their signup stored. When the user wants to return to the site and login to their account, how do I authenticate them using twitter…
truthSeekr
  • 1,603
  • 4
  • 25
  • 44
2
votes
1 answer

How to implement permanent login with devise

I am implementing devise user authentication on a Rails 4 App and was wondering how do I stop the App from logging the User out after a certain amount of time. I want a user not to be signed out unless they click the sign out button, I believe this…
Destin M
  • 149
  • 1
  • 10
1
vote
0 answers

Allow member routes to have authorization equivalent to read action cancancan

module Abilities class ProjectsAbility < Ability def abilities can :manage, Project, user_id: user.id if user.is?(:super_admin) can :read, Project end if user.is?(:district_admin) can [:read,…
mohsin_jamshaid
  • 36
  • 4
1
vote
0 answers

Rails APP user auth with WordPress Cassava CAS Server

Using Cassava CAS Server Plugin in WP to authenticate users from Rails app. On Rails side: gem 'devise_cas_authenticatable' On validation…
Dimcha
  • 79
  • 5
1
vote
0 answers

OmniAuth open_id logout not working as expected

I'm using 'omniauth' and 'omniauth-openid' gem for my rails applications. Log in works as expected, it creates a new session after call back from openId provider. The problem is with logout. In my controller, i'm having this code to destroy…
Lollypop
  • 251
  • 1
  • 5
  • 14
1
vote
1 answer

How to understand authenticated?(:activation, params[:id]) in rails 4?

I am reading Michael Hartl's rails tutorial and i couldn't understand this line at chapter 10 authenticated?(:activation, params[:id]) According to the author this line is used to compare the activation_digest and the token This implicates that…
gqli
  • 985
  • 3
  • 11
  • 34
1
vote
0 answers

Invalid Authenticity Token during login form submission

I understand about the error: ActionController::InvalidAuthenticityToken After a year or so, I am back to my old rails project which is using Rails 2.3.8. Everything was fine. Server started but when I submit the login form, the error appeared. The…
sjain
  • 23,126
  • 28
  • 107
  • 185
1
vote
0 answers

With CanCan, limit what roles an admin can assign to self or others through AdminAbility

I'm trying to setup a admin role system, where many admins have different roles. I'm starting with two roles, :super_admin and :office_admin. I want the :office_admin the ability to manage other :office_admins, but not the :super_admins. I've…
dropson
  • 1,111
  • 2
  • 12
  • 23
1
vote
2 answers

Rails Authorization Plugin Error

I'm trying to get the permit method to work using the rails-authorization-plugin and authlogic, and I keep running into this error: When I try: class ApplicationController < ActionController::Base ... before_filter permit 'admin' ... I get…
neezer
  • 19,720
  • 33
  • 121
  • 220
0
votes
0 answers

cookie set by rails app does not work on javascript apps

Trying to figure out why a cookie that was created by postman does not work in rails request. Here is the structure: Rest API - web.abc.com/api website - web.abc.com (Ruby on rails. no JS framework) Webapp - web.abc.com/admin (ReactJS app) So now,…
sam
  • 5
  • 1
  • 6
0
votes
4 answers

'column "id" does not exist' error while trying to associate a Role with a User using rails-authorization

I'm exploring Rails for the first time and trying to add some fairly straightforward role-based security to my test app. Some Googling seemed to indicate rails-authorization is the way to go for this. I followed the README and everything seemed to…
Hank Gay
  • 70,339
  • 36
  • 160
  • 222
0
votes
1 answer

devise ldap auth with group restrict rails 5 and devise 4.3

i have a problems to restirct access from a member of a group. My application are a Rails 5 app with devise and devise_ldap_authenticatable gems installed. this my ldap.yml authorizations: &AUTHORIZATIONS allow_unauthenticated_bind:…
Andrea Manca
  • 11
  • 1
1
2