Comments on: Api token access with authlogic and login http://blog.ekynoxe.com/2009/11/04/api-token-access-with-authlogic-and-login/ development / design / photography / (and a bit of triathlon) Thu, 02 Feb 2012 07:08:25 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Matt http://blog.ekynoxe.com/2009/11/04/api-token-access-with-authlogic-and-login/comment-page-1/#comment-2547 Matt Thu, 16 Jun 2011 12:25:04 +0000 http://blog.ekynoxe.com/?p=111#comment-2547 Hi Chris, appologies for the delay in coming back to you. I have now updated the code above with things to add in the application controller. basically, I created a helper method in there and registered it with the helper_method call at the top of my application controller. The code is below, and assumes you've got a named login route. The syntax highlighted version is up there in the post. I hope this helps! helper_method :check def check if current_user==nil respond_to do |format| format.html {redirect_to login_path} #assuming you have a named login route format.xml {render :xml=>'<?xml version="1.0" encoding="UTF-8"?><response><status>401</status><error>unauthorized</error></response>',:status=>:unauthorized} end end end Hi Chris, appologies for the delay in coming back to you.
I have now updated the code above with things to add in the application controller.

basically, I created a helper method in there and registered it with the helper_method call at the top of my application controller.

The code is below, and assumes you’ve got a named login route. The syntax highlighted version is up there in the post.

I hope this helps!

helper_method :check

def check
if current_user==nil
respond_to do |format|
format.html {redirect_to login_path} #assuming you have a named login route
format.xml {render :xml=>’< ?xml version="1.0" encoding="UTF-8"?>401unauthorized‘,:status=>:unauthorized}
end
end
end

]]> By: Matt http://blog.ekynoxe.com/2009/11/04/api-token-access-with-authlogic-and-login/comment-page-1/#comment-2401 Matt Tue, 24 May 2011 14:38:39 +0000 http://blog.ekynoxe.com/?p=111#comment-2401 Hi Chris, Sorry I didn't see your comment comming for some reason. I think you may have spotted something I forgot to add. It's been a while now, and I'll have to dig up the code again to find that out, but as far as I remember from the top of my head, it was indeed a method in the application controller. I'll find that out for you. Matt Hi Chris,

Sorry I didn’t see your comment comming for some reason.
I think you may have spotted something I forgot to add.

It’s been a while now, and I’ll have to dig up the code again to find that out, but as far as I remember from the top of my head, it was indeed a method in the application controller.

I’ll find that out for you.
Matt

]]> By: Chris Kimpton http://blog.ekynoxe.com/2009/11/04/api-token-access-with-authlogic-and-login/comment-page-1/#comment-2341 Chris Kimpton Sun, 08 May 2011 19:39:49 +0000 http://blog.ekynoxe.com/?p=111#comment-2341 Hi, Thanks for the great article (although I am coming to it late). One query, what is: before_filter :check Is that an AppController method to ensure the user is logged in? Thanks, Chris Hi,

Thanks for the great article (although I am coming to it late).

One query, what is:

before_filter :check

Is that an AppController method to ensure the user is logged in?

Thanks,
Chris

]]> By: Matt http://blog.ekynoxe.com/2009/11/04/api-token-access-with-authlogic-and-login/comment-page-1/#comment-214 Matt Mon, 05 Apr 2010 16:48:48 +0000 http://blog.ekynoxe.com/?p=111#comment-214 Hi Paul, I agree with you, this solution is no where near universal and has its problems as you pointed out. However, it has been working fine for me with two clients (a web client and an XML API client) logged in at the same, as both use different authentication methods. The XML API uses the single_access_token, while in my application, I use the excellent authlogic, which I think uses the persistence_token of the user model. As both are different in the DB, this works well. Also, admitting that both solutions would use the same single_access_token, resetting it only for one format would lead to strange results, and an inconsistent behavior for the user. Now, if you want to access a website both on a web desktop and lets say on a web mobile, for sure, there will be a problem with my solution, but my guess is this will not happen often. Hi Paul,

I agree with you, this solution is no where near universal and has its problems as you pointed out.

However, it has been working fine for me with two clients (a web client and an XML API client) logged in at the same, as both use different authentication methods.

The XML API uses the single_access_token, while in my application, I use the excellent authlogic, which I think uses the persistence_token of the user model. As both are different in the DB, this works well.

Also, admitting that both solutions would use the same single_access_token, resetting it only for one format would lead to strange results, and an inconsistent behavior for the user.

Now, if you want to access a website both on a web desktop and lets say on a web mobile, for sure, there will be a problem with my solution, but my guess is this will not happen often.

]]> By: Paul http://blog.ekynoxe.com/2009/11/04/api-token-access-with-authlogic-and-login/comment-page-1/#comment-213 Paul Mon, 05 Apr 2010 15:19:01 +0000 http://blog.ekynoxe.com/?p=111#comment-213 Hi, I see that in your solution there is one tricks, when user first authenticated through client and then through Web, then they cannot works in parallel, because you reset single token, maybe better, reset it only for format xml. But also you cannot logged in parallel through two clients. Otherwise maybe better use toke of session not user's model. Paul Hi,

I see that in your solution there is one tricks, when user first authenticated through client and then through Web, then they cannot works in parallel, because you reset single token, maybe better, reset it only for format xml.

But also you cannot logged in parallel through two clients. Otherwise maybe better use toke of session not user’s model.

Paul

]]>