Wednesday, March 10, 2010
Rails can't find active_support or other already installed gems?
Recently a development server I use became inoperable with strange messages about missing gems that I knew where installed. It turns out I had accidentally installed them as my local user under my .gem directory and then removed the gems when I realized my mistake. Unfortunately, I didn't delete everything that had been installed under ~/.gem, notably the spec files for the said gems and other cruft.
It seems that Rails (2.3.5) checks the spec files at startup and will not probe the system gems if it encounters a spec file for one in your local directory, even if it fails to load the referenced gem. So make sure you delete ALL the files related to your gem in your local directory if you make the same mistake.
It seems that Rails (2.3.5) checks the spec files at startup and will not probe the system gems if it encounters a spec file for one in your local directory, even if it fails to load the referenced gem. So make sure you delete ALL the files related to your gem in your local directory if you make the same mistake.
Friday, October 16, 2009
per request rails authenticity_tokens
An example of how to present a different rails authentication_token per request. This doesn't conveniently cache keys, or tackle the problem of storage and expiration of the tokens yet but shows how you can embed information that might allow you to do that. Used a public key encryption scheme, but probably should really be symmetric to ease the load on the server.
Copy & paste to see me!
Copy & paste to see me!
module ActionController #:nodoc:
module RequestForgeryProtection
# This module overrides the default rails authenticity_token behavior by using
# the normal rails token as a secret that only lives in the current user's
# session. The new token is an encrypted hash containing that secret and a
# timestamp that could be used to timeout the code.
class << self
attr_accessor :key_secret
end
protected
# Returns true or false if a request is verified. Checks:
#
# * is the format restricted? By default, only HTML requests are checked.
# * is it a GET request? Gets should be safe and idempotent
# * Does the form_authenticity_token match the given token value from the params?
def verified_request?
!protect_against_forgery? ||
request.method == :get ||
request.xhr? ||
!verifiable_request_format? ||
check_private_data(params[request_forgery_protection_token])
# form_authenticity_token == params[request_forgery_protection_token]
end
def check_private_data(input)
ret = true
logger.debug("sec-: " + ActionController::RequestForgeryProtection.key_secret)
# set key in environment.rb with ActionController::RequestForgeryProtection.key_secret = 'key'
p_key = OpenSSL::PKey::RSA.new(File.read(RAILS_ROOT + '/config/webprivate.pem'), ActionController::RequestForgeryProtection.key_secret)
yml = p_key.private_decrypt(Base64.decode64(input))
logger.debug("YAML TOKEN: " + yml)
hsh = YAML::load(yml)
if not hsh[:rnd] == session[:_csrf_token]
ret = false
else
#check some other things like token store and time for expirations
end
ret
end
# Sets the token value for the current session. Pass a :secret option
# in +protect_from_forgery+ to add a custom salt to the hash.
def form_authenticity_token
session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32)
hsh = {}
hsh[:time] = Time.now
hsh[:rnd] = session[:_csrf_token]
p_key = OpenSSL::PKey::RSA.new(File.read(RAILS_ROOT + '/config/webpublic.pem'))
yml = hsh.to_yaml
logger.debug("YAML Token: " + yml)
crypted = p_key.public_encrypt(yml)
token = Base64.encode64(crypted)
#puts token
token
end
end
end
Tuesday, July 29, 2008
Scilicet
Scilicet
Its one of these things in a legal document notating what state and county it is in effect for.
and you can make one with:
\[\left.\begin{tabular}{l}State of California\\\\County of Orange\\\end{tabular}\right\}ss.\]
in LaTeX, if you cared.
Yep, it's a slow day.
Its one of these things in a legal document notating what state and county it is in effect for.
and you can make one with:
\[\left.\begin{tabular}{l}State of California\\\\County of Orange\\\end{tabular}\right\}ss.\]
in LaTeX, if you cared.
Yep, it's a slow day.
Monday, April 23, 2007
Window XP Auto-Update Restart Nag Screen
To change windows xp so the stupid nag screen reminding you to restart you computer doesn't pop up every 10 minutes:
Start your Group Policy Editor
Navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Window Update
Then enable the Re-prompt for restart with scheduled installations and set it as high as it will go (1440 minutes).
Unfortunately you will need to reboot for this to take effect.
Rejoice!
Start your Group Policy Editor
Navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Window Update
Then enable the Re-prompt for restart with scheduled installations and set it as high as it will go (1440 minutes).
Unfortunately you will need to reboot for this to take effect.
Rejoice!
Subscribe to:
Posts (Atom)