iHiD
/ sessions_controller.rb
Created
June 6, 2012 15:30
How to Build A Secure Website With Ruby On Rails 6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Authenticate user | |
| @user = #... | |
| # Destroy the existing session in case anyone is sharing it and | |
| # create a new session that you know to be unique to the user. | |
| reset_session | |
| # Store the user's id as normal | |
| session[:user_id] = @user.id |
iHiD
/ settings_controller.rb
Created
June 6, 2012 15:30
How to Build A Secure Website With Ruby On Rails 7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class SettingsController < ApplicationController | |
| def show | |
| @user = User.find(session[:user_id]) | |
| end | |
| def update | |
| @user = User.find(session[:user_id]) | |
| @user.update_attributes(params[:settings]) | |
| end |
iHiD
/ settings_routes.rb
Created
June 6, 2012 15:31
How to Build A Secure Website With Ruby On Rails 8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security::Application.routes.draw do | |
| match 'show_settings' => "settings#show" | |
| match 'update_settings' => "settings#update" | |
| end |
iHiD
/ settings_routes_2.rb
Created
June 6, 2012 15:32
How to Build A Secure Website With Ruby On Rails 9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security::Application.routes.draw do | |
| get 'show_settings' => "settings#show" | |
| put 'update_settings' => "settings#update" | |
| end |
iHiD
/ settings_routes_3.rb
Created
June 6, 2012 15:32
How to Build A Secure Website With Ruby On Rails 10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security::Application.routes.draw do | |
| resource :settings | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class User < ActiveRecord::Base | |
| # Has attributes: [:username, :hashed_password, :is_admin] | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class UsersController < ApplicationController | |
| #... | |
| def update | |
| @user = User.find(params[:id]) | |
| @user.update_attributes(params[:user]) | |
| #... | |
| end | |
| #... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%= form_for @user do |f| %> | |
| <%= f.label :username %> | |
| <%= f.text_field :username %> | |
| <%= submit_tag %> | |
| <% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class User < ActiveRecord::Base | |
| # Has attributes: [:username, :hashed_password, :is_admin] | |
| attr_protected :is_admin | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Migration | |
| create_table :users do |t| | |
| t.boolean :can_do_dangerous_things, null: false | |
| #... | |
| t.timestamps | |
| end | |
| class User < ActiveRecord::Base | |
| # Blacklisting attribute |