All geek questions in one place

How to configure Signature Authentication rails for working with multiple domains?

I am creating an application that uses subdomains as accounts (myaccount.domain.com), and I have my sessions configured to work in such subdomains:

config.action_controller.session = {:domain => '.domain.com'}

In addition to the subdomain, the user can enter the real domain name when creating his account. My Nginx configuration is configured to view * .com * .net, etc., and it works to serve the pages.

The problem occurs when a site visitor submits a comment form in a user domain that has been entered by the user. The code throws an invalid authentication exception. I am 99% sure that this is due to the fact that the domain the user is on is not listed in the config.action_controller.session domain. Thus, the authentication token is not matched because Rails cannot find its session.

So the question is: can you set config.action_controller.session in more than 1 domain, and if possible, can you add / remove from this value at run time without restarting the application?

+3
source share
1 answer

: http://codetunes.com/2009/04/17/dynamic-cookie-domains-with-racks-middleware/

, Rails 2.3.5, Rack. -, . , , , cookie . :

# app/middlewares/set_cookie_domain.rb
class SetCookieDomain
  def initialize(app, default_domain)
    @app = app
    @default_domain = default_domain
  end

  def call(env)
    host = env["HTTP_HOST"].split(':').first
    env["rack.session.options"][:domain] = custom_domain?(host) ? ".#{host}" : "#{@default_domain}"
    @app.call(env)
  end

  def custom_domain?(host)
    domain = @default_domain.sub(/^\./, '')
    host !~ Regexp.new("#{domain}$", Regexp::IGNORECASE)
  end
end


# turn it on in environment.rb
config.load_paths += %W( #{RAILS_ROOT}/app/middlewares )


# production.rb
config.middleware.use "SetCookieDomain", ".example.org"

.example.org - , , (, site.com), (production/staging/development ..).

# tests/integration/set_cookie_domain_test.rb (using Shoulda and Webrat)
require 'test_helper'

class SetCookieDomainTest < ActionController::IntegrationTest

  context "when accessing site at example.org" do
    setup do
      host! 'example.org'
      visit '/'
    end

    should "set cookie_domain to .example.org" do
      assert_equal '.example.org', @integration_session.controller.request.session_options[:domain]
    end
  end

  context "when accessing site at site.com" do
    setup do
      host! 'site.com'
      visit '/'
    end

    should "set cookie_domain to .site.com" do
      assert_equal '.site.com', @integration_session.controller.request.session_options[:domain]
    end
  end

  context "when accessing site at site.example.org" do
    setup do
      host! 'site.example.org'
      visit '/'
    end

    should "set cookie_domain to .example.org" do
      assert_equal '.example.org', @integration_session.controller.request.session_options[:domain]
    end
  end

end
+4

Source: https://habr.com/ru/post/1741266/

More articles:


All Articles