Allowing users to login with multiple authentication providers brings great benefits but also results in some annoying edge cases. For example, what happens when they login with one provider, logout and then login with another? What happens when they try to login with one having already logged in with another?
Typically authentication systems have a User model which handles most of the authentication logic but having multiple logins forces you to correctly separate the concepts of an Identity and a User. An Identity is a particular authentication method which a user has used to identify themselves with your site whilst a User manages data which is directly related to your site itself.
So to start you will want to create both User and Identity models. We will also add some convenience methods for creating identities and users when the OmniAuth callback is invoked:
So a user can have multiple identities and each identity belongs to a single user.
Next we need to handle logging in and logging out. This is managing session data since a logged in user is simply a person who has some session data confirming that they have been logged in. The OmniAuth callback which a provider will redirect to upon authenticating a user is /auth/:provider/callback so lets setup a route and a controller to handle this. We should also setup some helper methods on our Application Controller for handling the current user:
# config/routes.rbYourAppName::Application.routes.drawdomatch'/auth/:provider/callback',to:'sessions#create'match'/logout',to:'sessions#destroy'end#app/controllers/sessions_controller.rbclassSessionsController<ApplicationControllerdefcreate# Login the User hereenddefdestroy# Logout the User hereendend#app/controllers/application_controller.rbclassApplicationController<ActionController::Baseprotect_from_forgeryprotecteddefcurrent_user@current_user||=User.find_by_id(session[:user_id])enddefsigned_in?!!current_userendhelper_method:current_user,:signed_in?defcurrent_user=(user)@current_user=usersession[:user_id]=user.nil??user:user.idendend
Now to login, all a user needs to do is go to /auth/provider and they will get redirected to Sessions Controller create method after authenticating. So there are a number of possibilities when they hit this action:
A user has never used your site before. They have no User model and no Identities either.
A user is logged out but they have logged into your site with a provider previously. They are now signing in with the same one again.
Just as above but they are now signing in with a different provider.
A user is logged in with a provider but they try to login with the same provider again.
A user is logged in but they try to login with a different provider.
The first two cases are just like a normal sign in process. The final 3 cases occur because we are allowing multiple providers and they can be tricky to handle.
Firstly, we need to grab authentication data given to us by the provider which is stored in request.env[omniauth.auth]. Then we need to check whether we have an identity which matches this data or create a new one.
How we proceed for here depends on whether the user is already logged in. If they aren’t logged in then either they are a brand new user (so we treat their request like a registration) or they already have an account (so we treat this like a login request).
If they are logged in then we treat their request like they are trying to link an identity with their account. Either they are trying to link an identity which they have already linked (in which case we should display an error message telling them that) or it is a brand new identity so we go ahead and link it.
So at this point our skeleton create method looks like this:
defcreateauth=request.env['omniauth.auth']# Find an identity here@identity=Identity.find_with_omniauth(auth)if@identity.nil?# If no identity was found, create a brand new one here@identity=Identity.create_with_omniauth(auth)endifsigned_in?if@identity.user==current_user# User is signed in so they are trying to link an identity with their# account. But we found the identity and the user associated with it # is the current user. So the identity is already associated with # this user. So let's display an error message.redirect_toroot_url,notice:"Already linked that account!"else# The identity is not associated with the current_user so lets # associate the identity@identity.user=current_user@identity.save()redirect_toroot_url,notice:"Successfully linked that account!"endelseif@identity.user.present?# The identity we found had a user associated with it so let's # just log them in hereself.current_user=@identity.userredirect_toroot_url,notice:"Signed in!"else# No user associated with the identity so we need to create a new oneredirect_tonew_user_url,notice:"Please finish registering"endendend
So at this point, there are a couple of further considerations. Firstly on the signed in/identity not associated with user branch, there are two reasons why an identity might not be associated with a user. It could be that the identity is brand new, having never been used to sign in before. However, it could be that it has been used and so is already associated with a different user, although not necessarily a different person. Given that this user knew the login credentials for that identity, I think it is probably sufficiently prudent to assume that they are, in fact, the same person who also created the previous user. However, by simply reassigning the user to which the identity is associated with to the current one, you not only leave a user model potentially dangling with no identities to sign in with but also prevent the user from merging their data from their previous account in with this one. Resolving this will be dependent entirely on how much data, and the nature of that data, you have stored for each user but for sufficiently simple applications, you could at this point check to see if the old user has any identities left and, if not, delete that user. If the person using your site is likely to lose any data from this process then you would either need to make this sufficiently clear to them before proceeding or provide them with a way to migrate that data over (or handle it automatically, if possible).
Secondly, on the not signed in/no user model branch, you may need more registration data from your user than can be provided by your authentication providers. At this point, as I have assumed above, you can redirect them to a new user form and redirect them to this point if they try to access any other part of the app without completing it. Then create the user and log them in again when they have. Otherwise, if no further data is necessary or mandatory, you can go ahead and create a blank user model in the create method and log them straight in.
Finally, a few lose ends. Here is the destroy method for logging users out:
You’ll also find that the OmniAuth callback url does not correctly verify the rails authenticity token and so will destroy any session data upon returning, thereby logging your current user out. This will prevent them from associating a new identity with their current account. You can get around this by adding skip_before_filter :verify_authenticity_token, only: :create to your sessions controller but I am unsure of the security implications of this.
helper:foo# => requires 'foo_helper' and includes FooHelperhelper'resources/foo'# => requires 'resources/foo_helper' and includes Resources::FooHelper# One linehelper{defhello()"Hello, world!"end}# Multi-linehelperdodeffoo(bar)"#{bar} is the very best"endendclassApplicationController<ActionController::Basehelper_method:current_user,:logged_in?defcurrent_user@current_user||=User.find_by_id(session[:user])enddeflogged_in?current_user!=nilendend
The answer depends on the Rails version.
Rails >= 3.1
Change the include_all_helpers config to false in any environment where you want to apply the configuration. If you want the config to apply to all environments, change it in application.rb.
# Include the gemrequire'gattica'# Loginga=Gattica.new({:email=>'email@gmail.com',:password=>'password'})# Get a list of accountsaccounts=ga.accounts# Choose the first accountga.profile_id=accounts.first.profile_id# Get the datadata=ga.get({:start_date=>'2011-01-01',:end_date=>'2011-04-01',:dimensions=>['month','year'],:metrics=>['visits','bounces'],})# Show the dataputsdata.inspect# Sorting by number of visits in descending order (most visits at the top)data=ga.get({:start_date=>'2011-01-01',:end_date=>'2011-04-01',:dimensions=>['month','year'],:metrics=>['visits'],:sort=>['-visits']})# Return visits and bounces for mobile traffic # (Google's default user segment gaid::-11)mobile_traffic=ga.get({:start_date=>'2011-01-01',:end_date=>'2011-02-01',:dimensions=>['month','year'],:metrics=>['visits','bounces'],:segment=>'gaid::-11'})# Filter by Firefox usersfirefox_users=ga.get({:start_date=>'2010-01-01',:end_date=>'2011-01-01',:dimensions=>['month','year'],:metrics=>['visits','bounces'],:filters=>['browser == Firefox']})# Filter where visits is >= 10000lots_of_visits=ga.get({:start_date=>'2010-01-01',:end_date=>'2011-02-01',:dimensions=>['month','year'],:metrics=>['visits','bounces'],:filters=>['visits >= 10000']})# Get the top 25 keywords that drove trafficdata=ga.get({:start_date=>'2011-01-01',:end_date=>'2011-04-01',:dimensions=>['keyword'],:metrics=>['visits'],:sort=>['-visits'],:max_results=>25})# Output our resultsdata.points.eachdo|data_point|kw=data_point.dimensions.detect{|dim|dim.key==:keyword}.valuevisits=data_point.metrics.detect{|metric|metric.key==:visits}.valueputs"#{visits} visits => '#{kw}'"end# =># 19667 visits => '(not set)'# 1677 visits => 'keyword 1'# 178 visits => 'keyword 2'# 165 visits => 'keyword 3'# 161 visits => 'keyword 4'# 112 visits => 'keyword 5'# 105 visits => 'seo company reviews'# ...
There is 4 ways to excute ruby method. Two of them can excute private method out of self class.
I’m pretty sure that you have heard lots about ruby, specially as being a dynamic language, you can create methods on the fly, add instance variables, define constants and invoke existing methods dynamically , and that’s what this post is all about :
As you know in ruby you can call a public instance method directly ,ex :
123
s="hi man"ps.length#=> 6ps.include?"hi"#=> true
One way to invoke a method dynamically in ruby is to send a message to the object :
Well as you can see, instantiating a method object is the fastest dynamic way in calling a method, also notice how slow using eval is.
Also when sending a message to an object , or when instantiating a method object , u can call private methods of that object :
12345678910111213141516171819202122
classFooprivatedefhiputs"hi man"endend# Normal method callingf=Foo.new#=> <Foo:0x10a0d51>f.hi#=>NoMethodError: private method `hi' called for #<Foo:0x10a0d51> # Sending a messagef.send:hi# hi man# Instantiating a method objectf.method(:hi).call# hi man# Using evaleval"f.hi"#=>NoMethodError: private method `hi' called for #<Foo:0x10a0d51> # Using instance_evalf.instance_eval{hi}# hi man
require'timeout'begincomplete_results=Timeout.timeout(1)dosleep(2)endrescueTimeout::Errorputs'Print me something please'end
sometime, the code inner with begin will catch exception
such as:
1234567891011121314151617
require'timeout'puts"#{Time.now}: Starting"beginTimeout.timeout(5)dobeginsleep10rescueException=>eputs"#{Time.now}: Caught an exception: #{e.inspect}"endsleep10endrescueTimeout::Error=>eputs"#{Time.now}: Timeout: #{e}"elseputs"#{Time.now}: Never timed out."end
so new a thread, as ruby 1.9 thread is native
1234567
begincomplete_results=Timeout.timeout(4)doThread.new{results=platform.search(artist,album_name)}.valueendrescueTimeout::Errorputs'Print me something please'end
implementation
1234567891011121314151617
# From lib/timeout.rbdeftimeout(sec,exception=Error)returnyieldifsec==nilorsec.zero?raiseThreadError,"timeout within critical session"ifThread.criticalbeginx=Thread.currenty=Thread.start{sleepsecx.raiseexception,"execution expired"ifx.alive?}yieldsec# return trueensurey.killifyandy.alive?endend
written some RSpec test for my rails 3.2 application and because I was annyoed by the Browser popping up ich tried to change from firefox to capybara-webkit. After this all tests still run, except one. The line that is failing is:
Sometimes we want to simulate browser behavior. The situation can be test or automation script.
install capybara-webkit
123
#capybara-webkit need qt#ubuntusudoaptitudeinstalllibqt4-dev
using capybara dsl
123456789101112131415161718192021222324
require'capybara'require'capybara/dsl'Capybara.default_driver=:webkitmoduleMyModuleincludeCapybara::DSLdeflogin!within("//form[@id='session']")dofill_in'Login',:with=>'user@example.com'fill_in'Password',:with=>'password'fill_in('First Name',:with=>'John')fill_in('Password',:with=>'Seekrit')fill_in('Description',:with=>'Really Long Text...')choose('A Radio Button')check('A Checkbox')uncheck('A Checkbox')attach_file('Image','/path/to/image.jpg')select('Option',:from=>'Select Box')endclick_link'Sign in'endend
Debugging
It can be useful to take a snapshot of the page as it currently is and take a
look at it:
1
save_and_open_page
You can also retrieve the current state of the DOM as a string using
page.html.
1
printpage.html
This is mostly useful for debugging. You should avoid testing against the
contents of page.html and use the more expressive finder methods instead.
Finally, in drivers that support it, you can save a screenshot:
1
page.save_screenshot('screenshot.png')
Calling remote servers
Normally Capybara expects to be testing an in-process Rack application, but you
can also use it to talk to a web server running anywhere on the internets, by
setting app_host:
Note: the default driver (:rack_test) does not support running
against a remote server. With drivers that support it, you can also visit any
URL directly:
1
visit('http://www.google.com')
By default Capybara will try to boot a rack application automatically. You
might want to switch off Capybara’s rack server if you are running against a
remote application:
1
Capybara.run_server=false
Using the sessions manually
For ultimate control, you can instantiate and use a
Session
manually.
Capybara does not try to guess what kind of selector you are going to give it,
and will always use CSS by default. If you want to use XPath, you’ll need to
do:
The block given to xpath must always return an XPath expression as a String, or
an XPath expression generated through the XPath gem. You can now use these
selectors like this: