11155
(-- --)
April 25, 2012, 7:34am
1
I am newbie to rail. Trying to develop social networking site so working
with railspace application. Everything is working fine but I stuck in
the problem when i am giving the authorization tocken to the user to
remember him/her.
My Error and controller code is below
Error:-
private method `gsub' called for 4:Fixnum
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/1.8/cgi.rb:342:in `escape'
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cgi_ext/cookie.rb:73:in
`to_s'
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cgi_ext/cookie.rb:73:in
`collect'
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cgi_ext/cookie.rb:73:in
`to_s'
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cookies.rb:80:in
`set_cookie'
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cookies.rb:65:in
` ='
app/controllers/user_controller.rb:27:in `login'
user_controller
if request.get?
@user = User.new(:remember_me => cookies[:remember_me] || "0")
elsif param_posted?(:user)
@user = User.new(params[:user])
user = User.find_by_screen_name_and_password(@user.screen_name ,
@user.password )
if user
user.login!(session)
if @user.remember_me == "1"
cookies[:remember_me] = { :value => "1",
:expires => 10.years.from_now }
user.authorization_token = user.id
user.save!
cookies[:authorization_token] = {
:value => user.authorization_token,
:expires => 10.years.from_now }
else
cookies.delete(:remember_me)
cookies.delete(:authorization_token)
end
flash[:notice] = "User #{user.screen_name} logged in!"
redirect_to_forwarding_url
else
@user.clear_password !
flash[:notice] = "Invalid screen name/password combination"
end
end
end
Please do the needful. I don't have much time, I need to deliver this
project in my college.
Thanks
Amir
11155
(-- --)
April 25, 2012, 9:06am
2
Can you pls provide your controller with line number?
11155
(-- --)
April 25, 2012, 10:15am
3
Please find my login code below.
def login
if request.get?
@user = User.new(:remember_me => cookies[:remember_me] || "0")
elsif param_posted?(:user)
@user = User.new(params[:user])
user = User.find_by_screen_name_and_password(@user.screen_name ,
@user.password )
if user
user.login!(session)
if @user.remember_me == "1"
cookies[:remember_me] = { :value => "1",
:expires => 10.years.from_now }
user.authorization_token = user.id
user.save!
cookies[:authorization_token] = { (line no. 27)
:value => user.authorization_token, (line no. 28)
:expires => 10.years.from_now } (line no. 29)
else
cookies.delete(:remember_me)
cookies.delete(:authorization_token)
end
flash[:notice] = "User #{user.screen_name} logged in!"
redirect_to_forwarding_url
else
@user.clear_password !
flash[:notice] = "Invalid screen name/password combination"
end
end
end
What is the path and file name that code is in? Check very carefully
that you post the correct name, do not just type what you /think/ it
is.
Colin
Please find my login code below.
cookies[:authorization_token] = { (line no. 27)
:value => user.authorization_token, (line no. 28)
:expires => 10.years.from_now } (line no. 29)
Cookie values should be strings, not integers. Also since you've set
authoization_token to just be the user id, this allows any user to log
into as any other user just be modifying the value of this cookie and
guessing a user_id
Fred
Why is it I only know the answers to the easy questions I wonder.
Colin
11155
(-- --)
April 25, 2012, 12:22pm
7
I got the point.
Thank you so much Colin.
Now code is working fine. Problem was that I was not using the hashing
algorithm for authorization_token. It was taking the user.id as an
authorization_token.
As I apply the hashing algorithm to it. Hashing generates authorization
token as a string.
Problem Solved
Thanks Colin
Have a colorful day.
Regards
Amir
Ok, even though I only manage to answer the easy questions I get the
credit for the more difficult ones. Excellent
You might like to thank Fred too since it was he that provided the answer.
Colin
11155
(-- --)
April 25, 2012, 1:04pm
9
Thank you Fred.
Excellent work.
Your ideas my effort makes the code workable
Hope I will get the help in further problems as I am new to rails.
Thanks
Amir