- Authlogic Perishable Token changes and breaks emails
Overall, I think Authlogic is pretty great. It’s saved me a bunch of time that I don’t have to worry about user creation and user session maintenance. But this one little doozy was causing some issues when sending out one-time-use emails like invites or password resets.
The perishable_token is the suggested way to send out secured one-time-use emails because it’s updated every time the User model is updated (like, when the user logs in) so the email can’t be re-used to reset the password again for instance. I’m using it in some pretty strange ways to handle proxy users (users who haven’t actually registered yet on our site), but this issue also is present for the password-reset case.
I noticed that some users were getting rejected after clicking the link in the email saying that the perishable token was no longer valid. “That can’t be right,” I thought to myself – because I know for a fact that some of those users hadn’t logged in. But their token was still invalid. So after a little bit of troubleshooting, I realized the issue….
The token is updated every time the User object is saved. Not just when they login. And I have jobs running in the background to update the users with external data pulled from various APIs. So my job was resetting the perishable_token for every user it touched. Ok, so how did I fix the issue? Simple really – I just took control of the maintenance of the perishable_token away from Authlogic and handled it myself.
- Tip: Using vim with Rails Apps
I’ve been trying a few different editors for working with Rails, including TextMate, Aptana and my trusty vim. I was leaning towards TextMate (bought a license too) but since I also develop on Ubuntu and would like to standardize tools to a certain extent, I decided to see if I could supercharge vim. The answer is a resounding YES.
This plugin is awesome. Because it is aware of the Rails app structure, you can do cool things like jumping between files using commands like
:Rcontroller Userwhich will load the UserController or:Rview places/newwhich loads /app/views/places/new.html.erb. And, when your cursor is over a reference like a has_many line in a model if you key ingf, it will jump to the file where that reference is defined.Or, if you’re looking at specific action in a controller, the command
:Rwill jump you to the view for that action (and vice versa). It even supports refactoring and neato stuff like that. These are just a few examples, try it out and read the documentation to see how powerful it is!
- Aha! The trick to getting custom named routes!
It was frustrating me that I had to hardcode strings like
/activate/#{user.activation_token}when using link_to and other constructs with wacky custom routes (because they wouldn’t auto-generate a named route). The trick is to add:as => 'routename'to your routes.rb match statement. This will then exposeroutename_urlto the rest of your app so you can doroutename_url(user.activation_token)to get the proper url.It’s easy when you know how… Also,
$ rake routesis essential to understanding the magic under the hood. Use it!
- Upgrading your Authlogic Gem for Rails3
If you’re using Authlogic in Rails3 (or if you’re upgrading your existing app from 2.3.8 to Rails3) you really need to be using the rails3 branch of the Authlogic gem. If you’re using Bundler, this is super-easy because you just need to update your Gemfile.
In your Gemfile, update the authlogic line to be:
gem 'authlogic', :git => 'git://github.com/odorcicd/authlogic.git', :branch => 'rails3'
Now you should run
$ bundle installto grab the new gem. Then, there are just a few more deprecated things in Rails3 that you’ll need to change in your upgraded app. I’ll try to enumerate here from memory, so please forgive me if I forget something.
- InvalidAuthenticityToken on Logout when using Authlogic
This one took me a while to debug. When upgrading my existing application to Rails 3 almost everything was working fine except whenever I would click the Logout link I would get an error because Rails couldn’t verify that the UserSessionsController#destroy request was valid from my app.
This is the error message shown:
ActionController::InvalidAuthenticityToken in User sessionsController#destroyactionpack (3.0.0) lib/action_controller/metal/ request_forgery_protection.rb:96:in `verify_authenticity_token'And the solution is simple, you just need to add the new csrf_meta_tag helper to your generated page (probably in the /views/layouts/application.html.erb file).
- PDFLib .NET Deploy Tip (specified module could not be found)
We’re using the ASP.NET C# version of PDFLib at work to generate loads of reports and cool pdf files. Everything was peachy on our development systems until we deployed to staging servers and started getting a strange error.
All of the sudden we started getting the following exception on the site:
The specified module could not be found.
(Exception from HRESULT: 0x8007007E)
Not one of Microsoft’s more useful error messages, to be true and googling for that error returns so many diverse topics that they were completely useless.So after a bit of troubleshooting, we came to the following solution tips. These should work for both C# and VB and any other .NET language. Tested on Windows 2003 and Windows Server 2008. (more…)
- Build your own modded System.Web.Extensions.dll
Earlier today Microsoft released the source code to the AJAX 1.0 release System.Web.Extensions library. I was in the apparently unique position of needing to modify parts of the code for a special case application, so I downloaded the source right away ready to modify, compile and deploy.
I guess I was pretty naive to think that it would be that easy. The distribution doesn’t include some pretty important parts. A .csproj file for one. The entire Resources class for another.
So I had to work my way through the process of getting a compile-able version of the library ready to replace the official System.Web.Extensions binary in my project. The server code Reference License prevents me from simply providing the project to you, but here are the high points if you need to do the same.
(more…)
