• to the beginning
    home
  • rss syndication
    entries
  • rss syndication
    comments
  • to the bottom
    down
#ekynoxe
development / design / photography
Archives for the month of: November, 2009

Orange snapshot: mms to share photos on twitter

November 19, 09 //
3

snapshot-mob
snapshot
In a flash…

Sometimes you are requested to do a quick job at work, that “should not last longer than 2/3 days”.
We’ve all been there, all done it and in my case in R&D with Orange, seen too many times the “project” end up in a drawer somewhere.

However, this time, I have been assigned on that “little project” called snapshot, for which the goal was simple: our team racing designer was creating the graphical design and I was translating that into XHTML/CSS as well as XHTML-MP templates for mobiles as quickly as I could

As you’d expect from super quick things like these (mind you I was already assigned 100% on two other high profile projects before that came on), we had to cut corners. For example, there is no support for older browsers like IE6 for the moment. No time to work on that unfortunately, but it should not be too difficult to adapt the templates and CSS and found yet again a hacky way around double margins, wrong positioning and lack of png support.

Integration was quick with the dev team, although not super smooth, but for once it was going to make it as a product! It’s now all on http://snapshot.orange.co.uk and it’s official

Some features might be added sooner or later to the site, but hopefully it will be kept simple!

From initial feedback, it seems the most wanted feature is the ability to rotate the pictures, and it will be done soon!

So for one of the very few R&D projects I worked on that actually made it to the market and I can showcase, it’s celebration day!

Api token access with authlogic and login

November 4, 09 //
2

Creating an API for one project at work, one odbrhw tasks was to implement a token based authentication for some resources, but the client specifically requested not to have to handle cookies.
Also, it was requested for the user to still have to login with it’s own login and password, rather than with a permanent token, like a permanent API key.
The solution I implemented used the excellent authlogic capabilities with the single_access_token, although used slighlty differently from it’s original purpose.

Rather than keeping the single access token generated at user registration untouched, like a standard API key, I enforced it’s regeneration at both login and logout. Returned in the login response, that token then has to be provided by the client for every request that needs authentication, effectively playing the same role as a cookie.

With this solution, the client looses the ability to stay logged in by storing the credentials in the client’s machine, but as the project it’s been created for only required an API, there was no problem with that.
Implementing this solution simply puts a little big more work on the client to store and provide the token in the requests parameters, but I still found it an elegant solution to get around my problem.

The following code implements this solution in the Application and the User_Session controllers, showing the regeneration of the token in both login and logout actions with authlogic’s reset_single_access_token method.

app > controllers > user_sessions_controller

 class UserSessionsController < ApplicationController

  def create
    @user_session = UserSession.new(params[:user_session])
    respond_to do |format|
      if @user_session.save
        current_user.reset_single_access_token!
        format.xml
      else
       format.xml {render :xml=>@user_session.errors, :status=>:unauthorized}
      end
    end
  end

  def destroy
    if(@user_session = UserSession.find)
      current_user.reset_single_access_token!
      @user_session.destroy
      respond_to do |format|
        format.xml {render :xml=>{:status=>'200 ok'},:status=> :ok}
      end
    else
      respond_to do |format|
         format.xml  {render :xml=>@user_session.errors, :status=> :not_found}
      end
    end
  end
end

app > models > user

class User < ActiveRecord::Base
  acts_as_authentic
end

app > views > users_sessions > create.xml.builder

xml.instruct! :xml, :version=>"1.0" 

xml.user{
    xml.user_id(current_user.id)
    xml.user_credentials(current_user.single_access_token)
}

app > controllers > users_controller

class UsersController < ApplicationController
  before_filter :check

  def create
  end

  def index
  end

  def update
  end

  def show
  end

end

db > migrate > create_users

class CreateUsers < ActiveRecord::Migration
  def self.up
    create_table :users do |t|
      t.string  :username
      t.string  :crypted_password
      t.string  :password_salt
      t.string  :persistence_token
      t.string  :single_access_token, :null => false

      t.timestamps
    end
  end

  def self.down
    drop_table :users
  end
end

  • Links

    • Wordpress
    • Development Blog
    • Plugins
    • Themes
    • Suggest Ideas
    • Support Forum

  • Tag Cloud

    Apache authlogic CSS design development DNS gentoo git gitosis mobile Orange ruby security UX work xdebug Zend

  • Categories

    • Apache
    • authlogic
    • conferences
    • CSS
    • design
    • git
    • mobile
    • Orange
    • ruby
    • Uncategorized
    • UX
    • work project
    • Zend
Wu Wei by Jeff Ngan.
back to the top