Ruby on Rails Saturday, September 29, 2012

I would use cancan.



if valid(params[:token])
  authorize! :show, @stuff
end

===================
Alexandre Mondaini Calvão

"Nossa recompensa se encontra no esforço e não no resultado. Um esforço total é uma vitória completa." [Ghandi]


2012/9/29 Christopher R. Maden <crism@maden.org>
On 09/28/2012 06:21 PM, Matt Martini wrote:
> Are there any gems/plug-ins out there for this?  How would I go about
> creating it from scratch?

Not sure about existing gems, not having looked at this in Ruby or
Rails, but having solved it in another language: you create an entry in
your database with a token and a timestamp.  When a user sends the token
back, you check the current time against the token's associated
timestamp, and reject it if the token is unknown or the timestamp is too
old.  (Periodically, you can garden your database to delete any entry
with an old timestamp.)

~Chris
--
Chris Maden, text nerd  <URL: http://crism.maden.org/ >
LIVE FREE: vote for Gary Johnson, Libertarian for President.
     <URL: http://garyjohnson2012.com/ >  <URL: http://lp.org/ >
GnuPG fingerprint: DB08 CF6C 2583 7F55 3BE9  A210 4A51 DBAC 5C5C 3D5E

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

No comments:

Post a Comment