Categories
Programming Projects

Rails-Devise-Warden Token Authentication + Android’s Volley

Hi, recently I’m trying to make an android app that uses a rails server. I used to code REST server before, but that is for javascript apps. Not android. And now that I’m trying to do so, I found a problem. Whenever the devise authenticate_user! failed and it throw 401 to the android app, Volley complain that some form of challenge key is missing. It work fine with a browser and it responded with an error in json form. This is the normal Devise behavior, which seems to also have support for api server. Because of the error in Volley, I can’t get the JSON that contain the error in order to show the message.

For the impatient one, the solution is this:
[ruby]

Devise::FailureApp #Autoload it

##
# Patch failure app so that the WWW-Authenticate message is sent regardless if using http_authenticatable.
class Devise::FailureApp < ActionController::Metal
alias :old_http_auth :http_auth
def http_auth
old_http_auth
self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect})
end
end

[/ruby]

Put this in an initializer. Another thing is that, make sure that Volley tells Rails that it is accepting a json response, through HTTP Headers or ‘.json’ postfix.

The reason for the Volley error is that, when an HTTP server respond with HTTP 401, it is expected to respond with “WWW-Authenticate” header. The spec indicate that it MUST respond so. The problem is, the browser treat this header as an indicator to show user an HTTP Basic Authentication form, which is not always what we want. We just want to respond with 401 to indicate that the user is unauthorized for that particular resource. We can’t really use 403 because that means, Forbidden, a different meaning. Showing a 200 with an error message/json just feels too hackish for an api server. Because of this, devise did not send the header if the model did not enable http basic authentication.

By default, Devise sent out a 401 when it detect that the request is not of a ‘navigation’ format. By default that is [*,:html], which as far as I understand, every format and html. Or in another word, everything. For those of you who have problem with setting up Devise for an api server, change this to [:html] and make sure your client application properly indicate its accepted format. Using this, which basically means nothing else but the patch above, my api server seems to be working for now with no error on Volley (aside from authentication error, but that is expected). If the user manually send a request there from a browser, it will redirect to a login page.

Also, if you intend to use token authentication, checkout the devise-token_authentication gem. Devise developers for some reason (which seems to be security) removed the token authentication strategy from devise. This gem is a fork of the token authentication strategy.

Categories
Linux

Opensuse 13.2

Problem with it.

  • When installing, the expert partitioner is not very friendly. It by default already have various suggesting setting in which I don’t know how to change them, like remove the extended partition and make it primary again. Tips: There is a reset button.
  • VLC says, it can’t decode h264. Its VLC and it actually can’t do that if you install from official repository.
  • The Yast2 package manager is not very intuitive.
  • It is not obvious that Opensuse 13.2 version of packman repository exist. (13.2 is still new right now and the documentation has not been updated).
  • It is not clear how to change installed version of library that is also in packman repository to the packman repository version. Hint: change the repository priority so that packman has a higher priority (lower number) then run zypper dist-upgrade.
  • nginx is actually not in the official repository.
  • By default it does not use the usual NetworkManager. Causes confusion. And for some reason, I need to restart the network.service in order for it to work after switching the network backend in Yast. Shouldn’t it do that for me?
  • When I’m installing something, it keeps giving warning about low disk space on an unrelated ntfs partition I used to store various things. I checked the “don’t warn me again checkbox”, but it still warn me.
  • I have to update the repository on every startup of software manager.
  • I have to update the repository every time I want to install something.
  • I have to upgrade any upgradable software every time I want to install something.
  • FGLRX is not working. It just boot to terminal login.
  • The open source radon driver has a tendency to hang at some point.

Plus side.

  • systemd starts really fast.
  • One click install is literally one click install.
  • The repository has priority. Neat.
  • Delta updates.
  • Kde and Gnome desktop is more complete than in ubuntu.
  • zypper is very nice. zipper accept both package name and rpm file. Much nicer than ubuntu/debian separate dpkg and apt-get.
Categories
Programming Projects Uncategorized

Introducing, String2Regex

Assalamualaikum everyone. In this post, I’ll show you a (relatively) new project which I’ve created in about a week or two. It seems to be useful for greater good and so I’ve released the code under the MIT license. The code is available here

String2regex is basically a clone of txt2re.com but run entirely on client side and not as full featured. The concept is, given a sample string, generate a regular expression to match that string based on user’s selection of string groups. If you don’t know what is regular expression, you are probably not a programmer and this is effectively useless for you. If you are a programmer but you do not know what is regular expression, then you are missing out. If you know what is a regular expression, check it our here and you’ll understand what does it do. Screnshot

One significance of this application for me is that it is the first (I think) client side application I made that have some kind of automated testing. It is also the my first client side application that is made ground up with some nifty javascript tools such as bower and grunt. Styler and IIUMSchedule both uses grunt for concatenation purpose but not originally. In another word, String2Re is currently the most… what is the word?… decent? proper? … yes, proper web application I’ve ever made right now. 

This is largely due to some automated testing build with it. The testing is not perfect, as it does not test it entirely and it does not test the view, just the controller logic. However the controller logic is quite complicated (not really) so having some test for that reassure me that it will not crash easily.