Archive for the ‘RoR App Development’ Category

Single Sign-On In Rails Application

Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Such as we once log in to google, we are permitted to access the Youtube, Docs, Google Drive etc. dnd1999110501 We may think about sharing the session cookies among the all domains but its generally not a good idea. One can steal cookies to sign in from other system or browser. Single SignOn Helps us in getting around this problem and implement a much robust system. How do we implement Single Sign-On in Rails App? We will try to get our hand around on how to build a prototype around a rails app to implement single sign-on. We will be looking a sample rails application powered by CASino gem Why we are using CASino ?
  1. Distributed under MIT LIcense
  2. Active Development since
  3. External authentication sources (LDAP, SQL)
  4. Two-factor authentication
  5. Session-overview for logged-in users
  6. Full localization support
  7. REST-API
So what is CASino exactly? CASino is a simple Single sign-on server application. It supports the CAS protocol and can therefore be used in combination with almost every web programming language out there. CAS is an authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS centralizes authentication: It allows all your applications to ask users to login to a single sign-on server The implementation. Here we have two apps client and server. We assume that the app is using devise for the demonstration purposes. The Logic can easily be extended to other authentication methods though. The app is as simple as configuring a few variables in the CASino gem.
  1. user request to client domain .
  2. it redirects to the server if not authorised.
  3. Start with adding the gems client app
  4. redirects to back url to whichever client request url is
Step #1 Implementing the client application. Gemfile # If You face some compatability issues then use ruby 2.1

gem 'devise_cas_authenticatable', git: '<a href="https://github.com/jpamaya/devise_cas_authenticatable">https://github.com/jpamaya/devise_cas_authenticatable</a>'

routes.rb

devise_for :users, skip: [:sessions], controllers: { cas_sessions: 'sso_cas' }

devise_scope :user do

get "sign_in", to: "devise/cas_sessions#new"

delete "sign_out", to: "devise/cas_sessions#destroy"

end

devise.rb # ==> Configuration for SSO server authentication

config.cas_base_url = "http://localhost:4000/"

config.cas_create_user = false

config.cas_destination_logout_param_name = 'service'

config.cas_enable_single_sign_out = true

User.rb

devise :cas_authenticatable

Now run client application on localhost:3000 and begin with typing users/sign_in Since we overwrote devise’s sign in mechanism, so instead of presenting devise’s normal sign in page, we are redirected to localhost:4000 which is the backend app to authenticate the users. Lets prepare the backend app to authenticate the users.  Step #2 Start with implementing code in server app limitation use ruby ruby “2.1.5” and rails “3.2.11” check rails -v ‘~>(‘ 3.2.11’). for server app Gemfile #It users these db to store sessions and some tokens. casino will take care all about these

gem 'sqlite3'   # for sqlite support

gem 'mysql2'    # for mysql support

gem 'pg'        # for postgresql support

gem 'casino'

Run bundle install and rails g casino:install The CAS configuration is stored under config/cas.yml. This is where you configure how your SSO handles logins. An example configuration can be found in the file config/cas.yml.example provide the valid db credentials and run the migrations. Run this app on localhost:4000 , Just follow the old steps
  1. Goto localhost:3000/users/sign_in
  2. You will redirected to localhost:4000 enter credentials click sign in
  3. You will be redirected back on successful login
In the links below you can find some ready made examples for you to clone these  apps and have better understanding of SSO.
Server exampleruby “2.1.5”git clone https://github.com/codescrum/casino-sso-server-example.gitRails 4 client examplegit clone https://github.com/codescrum/casino-sso-client-rails4-example.gitRails 3 client example git clone https://github.com/codescrum/casino-sso-client-rails3-example.git
Let us know in comments if you face any troubles in the implementation !! PS: Single Sign-out has been left as a thought for another day and we will discuss that in a follow up blog.

Embedly Integration in Rails

Embedly is a powerful tool to embed multimedia content or images or even blogs in your application. It comes in handy especially to make your content easier to share.
Embedly provides an easy to use official ruby gem to integrate Embedly into your RoR app. The usage of the gem is fairly straight forward. I will try to go step by step on how to integrate embedly API into an RoR app.
  • Add the gem in your gem file
    gem "embedly"
    Bundle the Gems
  • Get the API key from “https://app.embed.ly/login”. For the purpose of the blog we assume that the API key is accessible through the config variable AppConfig.embedly[:api_key]
  • Mostly the embeds will stay the view side logic so lets create a small helper to generate an embed from a Youtube Video. The call to the API is pretty straight forward and intuitive as we can see from the following code.
  • require 'embedly'
    require 'json'def display
    embedly_api =Embedly::API.new AppConfig.embedly[:api_key]
    obj = embedly_api.oembed :url => 'http://www.youtube.com/watch?v=sPbJ4Z5D-n4&feature=topvideos'
    obj.first.html
    end
  • The code calls the embedly API to generate an ombed for the youtube url and returns the html for the embed. This html can be used directly to embed the content into your blog or app.
  • Thats it !!

Enjoy supercharged content with your app and feel free to post any comments in the comments section.

Braintree Integration In Rails Application

Braintree is one gateway that is getting a lot of traction and user love these days due to its ease of use and getting started easily. I have indicated here a few things that should get you started with braintree in rails quickly. In this Blog, we’ll securely process a credit card transaction using the official braintree gem and the Client-side encryption method, utilizing Braintree.js library. The blog covers the case where the form to accept the payments is rendered on the client side only.     Note: Before starting you’ll need to sign up for a Sandbox account. That will provide us with the required braintree API keys. There are two parts to the problem. First one is setting up the form and securing the data to be sent to the server. The next is to process the transaction the server side. Payment Form A simple payment form captures the credit card information along with amount of payment to be made. Here goes a very simple HTML form which asks for all the required info:
</pre>
<h1>Braintree Credit Card Transaction Form</h1>
<div><form id="braintree- payment-form" action="/create_transaction" method="POST"><label>Card Number</label>
<input type="text" autocomplete="off" size="20" data-encrypted-name="number" />

<label>CVV</label>
<input type="text" autocomplete="off" size="4" data-encrypted-name="cvv" />

<label>Expiration (MM/YYYY)</label>
<input type="text" name="month" size="2" /> / <input type="text" name="year" size="4" />

<input id="submit" type="submit" /></form></div>
<pre>
Next up, we need to encrypt the payment that is being sent from client side to our server for processing. Braintree provides a nice JS library to encrypt the data that is being sent from your form. The integration is as simple as including the library and calling a do it all method.
<script type="text/javascript" src="https://js.braintreegateway.com/v1/braintree.js"></script><script type="text/javascript">// <![CDATA[
var braintree = Braintree.create("YourClientSideEncryptionKey"); braintree.onSubmitEncryptForm('braintree-payment-form');
// ]]></script>
As you can see, we just did couple of steps to secure the data being sent to the server.
  • We initialized the Braintree.js with client-side encryption key.
  • We then called the Braintree.js onSubmitEncryptForm method with the id of the form to encrypt the form before sending it to the server.
Thats it, your data is being securely sent to your server now for processing. Lets move on to the server side of the things. First up install the official braintree gem in your Gemfile. Setting up Rails Controller to commit a transaction with Braintree
  • Every Braintree user receives a unique set of API keys. These need to available in your application.
  • To retrieve the keys, first sign in your Sandbox account.
  • On the sandbox home page, you can get the API keys required to execute transactions with BrainTree.
  • The code will look like this(for sandbox environment)
  • 	Braintree::Configuration.environment = :sandbox
    	Braintree::Configuration.merchant_id = “use_your_merchant_id”
    	Braintree::Configuration.public_key = “use your public key”
    	Braintree::Configuration.private_key = “use your private key”
  • Next Up, lets call up the API call to make the transaction. Braintree gem comes with exhaustive set of method calls to interact with the gateway. Here we initiate a sale with Braintree.
  • 	result = Braintree::Transaction.sale(:amount => “1000.00”,
    :credit_card => {:number => params[:number], :cvv => params[:cvv], :expiration_month => params[:month], :expiration_year => params[:year]},
    :options => {:submit_for_settlement => params[:settlement]})
  • Thats it !! The result object will tell us whether initiating the payment succeeded or not. The object comes loaded with methods to test the result like result.success? and result.failed?
This is not the end to the whole payment process in Braintree. Braintree will send calls/hooks informing your application about the various payment states but that is out of scope for the purpose of this blog and will better taken up as a post for separate. I hope the blog helps you get up with Braintree Quickly. Please feel free to drop in comments if any.

Stripe Integration with Ruby on Rails

Stripe is a payment gateway that is easy to set up with your ROR app. It only charges fees on a per-transaction basis and that fee is very reasonable due to which it has been gaining foot in the market and is choice for many internet based stores as a defacto payment processor. Stripe is currently only available in the United States so you’ll need an account at a U.S. bank if you want to use it in your app. In this blog we will see how one can integrate strip in an RoR app:-
  1. First of all create your account at Stripe(stripe.com)
  2. You will get stripe keys(api and publishable) after creating an account, to retrieve. Go to Your Stipe Account -> Account Settings -> API Keys and note down the keys.
  3. Now add the stripe gem in your Gemfile as
  4. gem 'stripe', :git => https://github.com/stripe/stripe-ruby
  5. Place the api key in a configuration file to use them globally. For the simplicity of the blog, I assume we have an AppConfig struct which contains the application level globals
  6. Stripe.api_key = AppConfig.stripe[:api_key]
  7. Now Create a view page which will accept the card information from the user that contains the card information like name on card, card number, card id, exp_month and exp_year.
  8. <%= content_tag :tr do %>
     <%= label_tag "Name on Card:"%>
     <% end %>
     <%= content_tag :td do%>
     <%= f.text_field :name_on_card, :required => true%>
     <% end %>
     <% end %>
     <%= content_tag :tr do%>
     <%= content_tag :td do%>
     <%= label_tag "Card Number:"%>
     <% end %>
     <%= content_tag :td do%>
     <%= f.text_field :card_number, :required => true%>
     <% end %>
     <% end %>
    
  9. Create a stripe token to initiate a payment process
  10. card_token = Stripe::Token.create(:card => {:number => params[:card_number], :exp_month => params[:exp_month],
    :exp_year => params[:exp_year], :cvc => params[:card_id] })
    
  11. And then charge the card with the token obtained above. Thats it !! Isn’t it damn simple ?
  12. stripe_charge = Stripe::Charge.create(:amount => amoumt_in_cents, :currency => "usd", :card => card_token[:id],:description=> your_email_id )
    
  13. Stripe takes the amount in cents and your email is required to link the transaction. Now, the charge deducted from the user’s credit card will be added to your account excluding stripe charges.
  14. You can also retrieve the charge information as follows for the record purposes as:
  15. Stripe::Charge.retrieve(stripe_charge[:id])
    
  16. To Refund the Charge
charge = Stripe::Charge.retrieve(stripe_charge[:id])</pre>
charge.refund
Meanwhile, The Stripe API’s Documentation is available at https://stripe.com/docs/api/ruby. Important Note: Please note that blog is just meant to illustrate the usage of Stripe in an RoR app. There are many security considerations that must be taken into account while implementing a payment processor in the application. All that is topic for another day and we will suggest to research on proper security methods before implementing any payment processor in the application.

Using Localtunnel in Rails Application

Localtunnel, as the name indicates, allows you to share your local web server on the internet. This kind of technique is very useful in cases such as:-
  • You want to demonstrate your web applications to clients.
  • Testing the web applications for compatibility issues against various operating systems and web browsers
  • Testing your web applications for compatibility in various mobile devices.
It is very easy to use. Your web application will be shared on public internet in a couple of seconds while it is running on your local system. Lets go through a step by step procedure to tunnel our very own RoR apps: STEP 1: Firstly, you need to install the client library for Localtunnel. So just install it by installing the ‘localtunnel’ gem or write it in your Gemfile:-
gem 'localtunnel'
and run ‘bundle install’ STEP 2: Run your local web server on any port! Let’s say you’re running on port 8080.
$rails s -p 8080
STEP 3: Now run localtunnel by specifying it the on port to be shared as:-
$ localtunnel 8080
It will establish a connection between your local server running at 8080 and localtunnel.com. Note that for first time you run the localtunnel, it needs you to specify your ssh public key for authentication. Here’s an example:
$ localtunnel -k ~/.ssh/id_rsa.pub 8080
After running the above commands, you will see something like this: – Port 8080 is now publicly accessible from http://xyz.localtunnel.com … Enjoy Tunnelling your apps !!

Resources Controller for RoR Applications

Rails has one basic and most important principle to keep its code DRY (Don’t Repeat Yourself) which means writing same code again and again is a bad thing. But in every rails application, we can often see similar CRUD actions in every controller which violates the DRY principle of Rails. To avoid such kind of duplicacy, we can club the standard CRUD actions at one place. Resources Controller is a plugin to facilitate this approach and to keep your controllers DRY. It introduces some abstraction to help you override the default RESTful functionality in a clean and simple manner. How to use:-
  • To use Resources Controller, firstly you need to download it from https://github.com/ianwhite/resources_controller and keep it in vendor/plugin folder of your Rails application.
  • In every controller of your application which needs to get this nifty functionality, you just add resource_controller_for line in the controller.
     class PostsController < ApplicationController
           resources_controller_for :posts
       end
    
    now your posts controller will get all standard CRUD actions, views will get instance variable (i.e. @post or @posts).
  • Here are some general methods of Resources Controller which can be used in your controller for convenience and for making your code RESTful.
  • enclosing_resources: returns array of resources which are nested in that controller.
  • resource_class : returns class of controller’s resource.
  • find_resources: returns collection or array of resources (commonly used in index).
  • find_resource : returns the resource using id from params (commonly used in show, edit, update & destroy).
  • new_resource : initializes a resource of controller’s resource class (commonly used in new).
  • save_resource : saves the newly created or updated resource (commonly used in create).
  • resource : returns the controller’s current resource.
If you want to add some extra functionality into your actions, you can write that action in your controller. Now your newly written action will override the standard action defined in Resources Controller. Isn’t it the Rails DRYness at its best !!