Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it thread safe to set Active Resource HTTP authentication on a per-user basis?

Tags:

class-variables

ruby-on-rails

thread-safety

activeresource

Active Resource can make use of HTTP authentication set at the class level. For instance:

class Resource < ActiveResource::Base
end

Resource.user = 'user'
Resource.password = 'password'

or

Resource.site = "http://user:[email protected]/"

But what if I use different HTTP authentication based on which user is logged in? If I change Resource.user and Resource.password, is that going to cause a race condition where requests from one thread suddenly start using the authentication of a user whose requests are running simultaneously in a different thread? Or is this a non-issue (as long as I reset the authentication between requests) because rails servers are not multithreaded?

Even if there's no thread safety problem, it still seems risky that if I fail to reset them, the previous user's credentials will be used automatically by future requests.

Update: After being frustrated with ActiveResource, I wrote my own REST library: https://github.com/DeepWebTechnologies/well_rested

like image 985
Nick Urban Avatar asked Nov 11 '11 00:11

Nick Urban

1 Answers

Monkey patch the host, user and password methods of ActiveResource::Base class:

class ActiveResource::Base
  # store the attribute value in a thread local variable
  class << self
    %w(host user password).each do |attr|               

      define_method(attr) do
        Thread.current["active_resource.#{attr}"]
      end

      define_method("#{attr}=") do |val|
        Thread.current["active_resource.#{attr}"] = val
      end
    end
  end
end

Now set the credentials in every request

class ApplicationController < ActionController::Base

  around_filter :set_api_credentials

private 

  # set the credentials in every request
  def set_api_credentials
    ActiveResource::Base.host, 
      ActiveResource::Base.user, 
        ActiveResource::Base.password = current_user_credentials
    yield
  ensure
    ActiveResource::Base.host = 
      ActiveResource::Base.user = 
        ActiveResource::Base.password = nil
  end

  DEFAULT_HOST, DEFAULT_USER, DEFAULT_PASSWORD= [
    "http://www.foo.com", "user1", "user78102" ]

  def current_user_credentials
    current_user.present? ? 
      [ current_user.host, current_user.login, current_user.password] : 
      [ DEFAULT_HOST, DEFAULT_USER, DEFAULT_PASSWORD]
  end

end
like image 147
Harish Shetty Avatar answered Oct 15 '22 09:10

Harish Shetty
Sign in to Comment

Related questions

Set rails request timeout (execution expired)
Heroku powered private restricted beta
How to show ping output dynamically in a web page?
Auto increment a non-primary key field in Ruby on Rails
How do you specify Content-Type (and other headers) and request body in RSpec Rails Controller test?
Rails 3 Admin Namespace Issue
Rails 2 to Rails 3, method verification in controllers gone?
Rails 3 - set environment
Verifying page title with rspec
Admin Authorization with CanCan
Is there any harm in running PHP and Ruby on the same server?
Rails: Why can't you set an association to nil in a where clause?
Rails: dynamically generated path is adding a period and the id at the end
Access the current user in Cucumber features - Devise
Heroku app crashed, receiving "Invalid DATABASE URL" when attempting heroku rake db:migrate
Rails 3.1 asset pipeline - missing files from public/assets - why isn't this the default?
How can I make Rails ActiveRecord automatically truncate values set to attributes with maximum length?
How do I achieve the "GitHub browse repo effect" (update URL without refreshing the page)
Is it possible to stub a method in a parent class so that all subclass instances are stubbed in rspec?
How can I do something like find_in_batches_by_sql in Rails

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!