Skip to main content

Securing rails activerecord with password cannot be any easier.



Lets say we have a user table that contains password and we would like to secure this from external access.

I assume you already have a controller. So lets go ahead and create our model.


1. Run the following command

rails g model User name email password_digest password_confirmation reputation


2. Run its serializer.

rails g serializer User name email password_digest password_confirmation reputation

3. Next, lets modify our User ActiveRecord by adding a new field called 'has_secure_password', as shown in diagram below :-



This is basically part of bcrypt (a.k.a blowfish encryption) implementation.

Here are the specification

a) In our database, we need a field called 'password_digest'
b) In our ActiveRecord, we need to specify 'has_secure_password'

4. Next, we just need to run rake.

rake db:migrate

This ensure we have created the necessary table structure for our database.


5. We need to wire this up in our controller. Lets say we have a controller called Home and our code might look like something below :-




6. Let's go and see our model in action using rails console. From the command line, type rails console. We will create a new user by using the following command

u = User.new()
u.name = 'jeremy'
u.email = 'jeremy@expert.com'
u.password = 'test'
u.save()

If you look at the output, you will see our field 'password_digest' is automatically populated with hashed characters. From here, i wanted to highlight that the proper way to authenticate is via u.authenticate('abc') => false.  If we try u.authenticate('test') => true  !success.


Now, lets make a get request to our home controller. From the browser link, type http://localhost:3000/home/index. It will returns the following json response to you. Notice that password is null.






 






Comments

Popular posts from this blog

Android Programmatically apply style to your view

Applying style to your view (button in this case) dynamically is pretty easy. All you have to do is place the following in your layout folder (res/layout)
Let's call this file : buttonstyle.xml
<?xml version="1.0" encoding="utf-8"?> <selector xmlns:android="http://schemas.android.com/apk/res/android"> <item android:state_pressed="true" > <shape> <solid android:color="#449def" /> <stroke android:width="1dp" android:color="#2f6699" /> <corners android:radius="3dp" /> <padding android:left="10dp" android:top="10dp" android:right="10dp" android:bottom="10dp" /> </shape> </item> <item> <shape> <gradient android:startColor="#449def" a…

DataTable does not have AsEnumerable

I have problem locating my AsEnumerable extension method in my DataTabe (System.Data). Thank god for this post by Angel
(http://blogs.msdn.com/angelsb/archive/2007/02/23/does-not-contain-a-definition-for.aspx)

I was able to find this method once i have added reference to the following assembly.

C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll

Try to do a dummy Build and you should be able to get it.

OpenCover code coverage for .Net Core

I know there are many post out there getting code coverage for .dotnetcore. I'm using opencover to address this needs.

In case, you do no want to use opencover and wanted to stick with vs2015 code coverage, you can try to copy Microsoft.VisualStudio.CodeCoverage.Shim.dll from C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\Dynamic Code Coverage Tools\coreclr\ and drop it into your project "bin\Debug\netcoreapp1.0" folder.  Please note : you need to be on VS2015 Enterprise to do this. 

To get started, I guess we need to add OpenCover and ReportGenerator for our test projects, as shown in diagram below :-



When nuget packge gets restored, we will have some binaries downloaded to our machine and we going to use this to generate some statistics. I think the biggest issue is to getting those command lines work.

In dotnetcore, we run test project using "dotnet test" (assuming you are in the test project folder - if not please go there)  So we add this …