Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Security in angular.js with Ruby on Rails

Tags:

security

angularjs

ruby-on-rails

What is the best way to make authentication?

on frontend I use Angular.js

on backend: Ruby on Rails

Rails app using as API for my frontend.

UPDATE: This is will be single page application. Frontend wiil be developed in Angular.js, backend in Ruby on Rails. In ideal I want to build backend as collection of resources returned in json.

I search best method of security implementation.

When user open the app I need to check if user authenticated. If not - go to login page, If authenticated - open that he wants and return needed resource from backend.

I think that I need to store auth token on the client side. What is the best method to generate it, or maybe Rails already generate it for me?

like image 796
Pavel Avatar asked Aug 05 '12 20:08

Pavel

1 Answers

I don't know Angular.JS at all but I will try to provide you general information on rails that you can use with any Javascript Framework.

For authentication, you just needs:

  • A model for users
  • a controller which handle login, this method check user login/password, create a session object with all information needed (session is stored on server side and a cookie is used on client-side to associate each request to a session)
  • A controller for handling logout which basically only destroy the user's session

You have a good implementation in the rails tutorial here, or you can find several plugins (authlogic seems to be the recommendation of stackoverflow usershere).

Then, there is few differences between handling authentication with static html pages or with AJAX:

  • A HTML request will send login and password to the controller, which will automatically redirect it to another internal page once the session create
  • In AJAX, the javascript on client side should send an ajax request, look for the answer by the server (success / failure) and launch adapted actions (message if failure, redirection if success)

In both cases, the important thing is to check that the user is authenticated at at each controller otherwise anybody would be allowed to launch action or access internal information.

like image 97
Nibbler Avatar answered Nov 15 '22 18:11

Nibbler
Sign in to Comment

Related questions

Weird problem with Rails app and Mongrel
Mystifying "undefined constant" issue with Ruby/Rails
Move sidekiq job straight to dead queue
How can i forcefully redirect http request to https in passenger standalone with aws elastic load balancer?
Rails End-User Templating Engines: Liquid vs Mustache vs. Others?
Rails and iOS app, authentication question
How to write a Devise extension (to use a custom datastore)
Rails 3: Storing Session in Active Record (not cookie)
Capybara integration testing with asynchronous JavaScript
Where are instance variables in a Rails helper module stored?
rails name convention for service objects
Rspec: Transactional fixtures do not work after upgrading to rails 4
Rails asset pipeline: how to create custom manifest file
Scopes and Queries with Polymorphic Associations
Rendered PDF looks different in production - Rails, PDFKit, wkhtmltopdf
How can I customize the path of a Rails 5.2 ActiveStorage attachment in Amazon S3?
Rspec with headless Chrome/Chromium on Alpine Linux
More precise distance_of_time_in_words
How to execute arbitrary parameterized SQL in rails
Using Toggle Buttons in place of Check boxes (Rails, Twitter Bootstrap, Simple_form)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!