« Back to channel list

#RubyOnRails - 16 February 2018

Forward 1 day »
[06:41:54] helpa: has joined #RubyOnRails
[06:42:17] Radar: Ugh helpa has been down for a few days :( Systemd mustn't be restarting it automatically.
[06:43:55] kies: has joined #RubyOnRails
[06:44:52] Radar: Oh of course! Restart=always instead of Restart=on-abort. Silly me.
[06:46:54] helpa: has joined #RubyOnRails
[06:46:57] Radar: !botsnack
[06:46:57] helpa: Nom nom. Thanks, Radar!
[06:47:00] helpa: Do not beg / plead with people to help you. This includes asking questions like "Any ideas?" after posting your original question.
[06:47:34] Radar: mark-6: I've seen this happen with the latest version of the Mongo gem. I believe that was because /etc/hosts put the IPv6 config about the IPv4 config. I will find the issue.
[06:54:08] Radar: I can't seem to find the issue, sorry.
[06:57:22] n008f4g_: has joined #RubyOnRails
[06:57:38] darkhanb: has joined #RubyOnRails
[06:58:39] mark-6: Radar: this one? https://github.com/mongodb/mongoid/pull/4474
[06:58:59] Radar: mark-6: yes!
[06:59:15] dminuoso: Radar: That means you just got promoted to channel bot.
[06:59:19] dminuoso: !rule3 mark-6
[06:59:19] helpa: Clearly explain what is happening and create a Gist (http://gist.github.com), (formatted neatly please: http://bit.ly/1q75oia) of the code that is causing the problem you are encountering, as well as any useful output like stacktraces.
[06:59:31] Radar: dminuoso: <name>: <tip>
[06:59:36] Radar: dminuoso: !tips
[06:59:36] helpa: dminuoso: Just the tips: http://logs.ryanbigg.com/tips
[06:59:58] dminuoso: Radar: There's a gazillion bots around, each with its own syntax.
[07:00:03] dminuoso: I regularly interact with at least 6 on a daily basis.
[07:00:12] dminuoso: Radar: https://xkcd.com/927/
[07:00:24] Radar: dminuoso: dealwithit.gif
[07:00:43] dminuoso: Radar: I found a rails bug. Who fixes it for me?
[07:00:57] Radar: dminuoso: DHH.
[07:01:01] Radar: And he will probably record a shitty screencast about callbacks while he does it.
[07:02:08] apeiros_: has joined #RubyOnRails
[07:02:46] sevenseacat: is that what his screencast was about? i havent watched it yet
[07:03:09] Radar: His second one was about callbacks. I watched about 5 mins of it this morning. I want to finish watching it.
[07:04:03] sevenseacat: oh didnt know there was more than one. the callbacks one will be interesting
[07:05:26] Radar: fwiw, I thought his 1st one was well-focused and contained some good insights
[07:05:47] Radar: From the ~5 mins of the 2nd one, it doesn't look like his approach is going to be to _remove_ the callbacks... so that's why I'm snarky about it.
[07:06:27] Radar: anyway, that's my train journey for the night. Goodnight people :)
[07:06:33] sevenseacat: might watch it now - dont even want to think about work right now
[07:09:35] dminuoso: Radar: Maybe it's time I tried something new. At this time Im close to ditching ActiveRecord, have already ditched ActionView and ActiveSupport.. my application is mostly just rack with rails routing. :(
[07:09:47] dminuoso: Radar: Good night.
[07:09:55] mtkd: has joined #RubyOnRails
[07:09:57] workmad3: has joined #RubyOnRails
[07:10:01] darkhanb: has joined #RubyOnRails
[07:10:05] sevenseacat: he loves callbacks aaaaah
[07:10:51] dminuoso: callbacks are completely nasty in that they are semi global side effects that happen invisibly at certain times..
[07:11:08] dminuoso: It's impossible to ever reason about code that relies on callbacks to do the right (tm) thing.
[07:12:50] sevenseacat: `include Firehoseable` I love getting to see the weird shit in other peoples code
[07:14:49] sevenseacat: delivering messages in an after_create callback noooooooooo
[07:18:19] dionysus69: has joined #RubyOnRails
[07:19:00] sevenseacat: cant watch the rest of that
[07:19:42] sevenseacat: the fact that he needs so long to explain concepts that should be evident by looking at the code >:(
[07:26:21] snickers: has joined #RubyOnRails
[07:44:19] conta: has joined #RubyOnRails
[07:46:44] uksio: has joined #RubyOnRails
[07:48:21] _ritchie_: has joined #RubyOnRails
[07:57:02] apeiros_: has joined #RubyOnRails
[08:21:07] sevenseacat: has joined #RubyOnRails
[08:23:39] morfin60: has joined #RubyOnRails
[08:24:30] morfin60: if i have class A with cattr_accessor :foo and class B doing self.foo = "bar" seems like this rewrites A.foo instead
[08:24:48] morfin60: should i use class << self attr_accessor :foo end then ?
[08:26:01] dminuoso: morfin60: Please give us a testcase.
[08:28:33] schneide_: has joined #RubyOnRails
[08:29:51] dminuoso: morfin60: A testcase is the _least_ amount of code that replicates your problem, paste it to https://wandbox.org/ press Share and give us the URL. Do _not_ paste code to the channel. See the testcase checklist at http://eel.is/iso-c++/testcase/
[08:29:57] dminuoso: Or use eval.in I guess
[08:37:42] morfin60: ah wandbox )
[08:37:56] morfin60: i keep forgetting name of that site
[08:38:02] dminuoso: morfin60: Haha, I just copied the testcase factoid from the ##c++ bot. ;-)
[08:38:37] schneide_: has joined #RubyOnRails
[08:40:48] morfin60: dminuoso, i noticed that :)
[08:41:18] morfin60: i don't think any bot has ActiveSupport stuff
[08:47:00] roshanavand: has joined #RubyOnRails
[09:01:01] morfin60: dminuoso, i guess this is similar: https://wandbox.org/permlink/dnBtptZRUlpfqkRy
[09:01:21] morfin60: well, not exact match but still: if i use @@ same result as i used cattr_accessor
[09:01:46] dminuoso: morfin60: Welcome to class variables.
[09:02:07] morfin60: i forgot they're shared across children
[09:02:10] dminuoso: morfin60: In almost all cases its more correct to use regular instance variables.
[09:02:24] dminuoso: (That is instance variables in your class object)
[09:02:27] ianfleeton: has joined #RubyOnRails
[09:05:19] dminuoso: apeiros: Pure crazyness. A simple view wrapper around a view that merely renames columns completely bombarded the execution plan, turning a 10ms query into a 68s query because sequentially scanning tons of gigabytes.
[09:06:15] apeiros: dminuoso: lolwut? oracle?
[09:06:17] dminuoso: apeiros: It was across 2 schemas. Now comes the truly bizarre thing: Adding `with grant` fixed it.
[09:06:40] dminuoso: apeiros: so all we changed was including WITH GRANT, and suddenly the query became fast again.
[09:06:41] apeiros: dat database…
[09:07:22] apeiros: reminds me of a case where my query in sqlite ran fine, all the time, below 1ms. on oracle with the same amount of data loaded? some times it'd take 50s. not milliseconds. seconds.
[09:07:38] dminuoso: Oh man. Stop telling me such stories when I have coffee in my mouse.
[09:07:46] dminuoso: You almost made me ask my boss for a new keyboad.
[09:07:52] dminuoso: *in my mound.
[09:08:00] apeiros: lucky you have an external keyboard :-S
[09:08:01] dminuoso: Or *mouth rather.
[09:08:15] dminuoso: apeiros: Did you have another spill?
[09:08:28] apeiros: no. since that accident I use an external one at home too 0:)
[09:08:42] marr: has joined #RubyOnRails
[09:14:34] mtkd: has joined #RubyOnRails
[09:18:45] morfin60: i remember how we optimized query from like 60s to milliseconds
[09:19:02] morfin60: it was not Ruby/Rails but still
[10:03:37] arBmind: has joined #RubyOnRails
[10:06:05] ams__: has joined #RubyOnRails
[10:11:54] AnotherOne: has joined #RubyOnRails
[10:22:34] sameerynho: has joined #RubyOnRails
[10:28:38] _ritchie_: has joined #RubyOnRails
[10:36:02] aguestuser: has joined #RubyOnRails
[10:36:28] AzaToth: has joined #RubyOnRails
[10:41:30] workmad3: has joined #RubyOnRails
[10:51:47] Ergo: has joined #RubyOnRails
[11:18:37] cheeti: has joined #RubyOnRails
[11:18:53] srinidhi: has joined #RubyOnRails
[11:19:41] mtkd: has joined #RubyOnRails
[11:19:44] cheeti: hi, is this possible to pass hash value as image upload attribute to server?
[11:20:50] aguestuser: has joined #RubyOnRails
[11:22:17] cheeti: dminuoso "tested_image_attributes"=>{"abuseimg"=>[#<ActionDispatch::Http::UploadedFile:0x007fd1cc378ca0 @tempfile=#<Tempfile:/tmp/RackMultipart20180216-13412-1kxt2s9.png>, @original_filename="Screenshot from 2018-02-05 12-43-12.png", @content_type="image/png", @headers="Content-Disposition: form-data; name=\"tested[tested_image_attributes][abuseimg][]\"; filename=\"Screenshot from 2018-02-05 12-43-12.png\"\r\nContent-Type: image/pn
[11:22:43] cheeti: dminuoso when i am uploading image these attributes are coming into server
[11:23:01] cheeti: dminuoso we can add one hash value to that?
[11:23:11] dminuoso: What is a `hash value`
[11:23:16] dminuoso: And what are you trying to do
[11:23:39] cheeti: dminuoso md5 hash value to perform checksum
[11:24:03] dminuoso: cheeti: Just add another <input> field to your form then.
[11:24:57] dminuoso: cheeti: Or you know, calculate the hash server side.
[11:25:19] cheeti: dminuoso no i client requirment is like that only, i want to pass with image only
[11:25:36] cheeti: dminuoso is this possible?
[11:26:05] cheeti: dminuoso yes
[11:27:56] dminuoso: cheeti: Sure.
[11:28:47] cheeti: dminuoso not sure
[11:28:59] cheeti: dminuoso not tried before
[11:29:08] b3rnd: has joined #RubyOnRails
[11:29:45] dminuoso: cheeti: Your UploadedFile is IO like, so you have .read/.rewind/etc
[11:29:52] dminuoso: cheeti: http://api.rubyonrails.org/classes/ActionDispatch/Http/UploadedFile.html
[11:33:15] bijan_: has joined #RubyOnRails
[11:33:24] aguestuser: has joined #RubyOnRails
[11:34:55] apeiros_: has joined #RubyOnRails
[11:37:24] _ritchie_: has joined #RubyOnRails
[11:38:50] apparition: has joined #RubyOnRails
[11:49:21] b3rnd: has joined #RubyOnRails
[11:55:24] srinidhi: has joined #RubyOnRails
[11:58:05] sevenseacat: has joined #RubyOnRails
[12:01:15] truenito: has joined #RubyOnRails
[12:13:30] aguestuser: has joined #RubyOnRails
[12:20:54] defsdoor: has joined #RubyOnRails
[12:58:39] schneide_: has joined #RubyOnRails
[13:17:58] aguestuser: has joined #RubyOnRails
[13:22:38] tcopeland: has joined #RubyOnRails
[13:24:54] mtkd: has joined #RubyOnRails
[13:40:17] riotjones: has joined #RubyOnRails
[13:48:10] apparition: has joined #RubyOnRails
[13:49:56] MrCrackPotBuilde: has joined #RubyOnRails
[13:50:33] aguestuser: has joined #RubyOnRails
[13:50:48] MrCrackPotBuilde: hi for site_layout tests i have partials rendering on the homepage so my test fails i tried updating it with all the partialls but i get argument errors
[13:51:42] MrCrackPotBuilde: instead of assert 'index/home' and assert "index/home", "partials/_navbar", "partials/_slider", "partials/_footer", "layouts/application" would i place each assert on a new line for each partial
[14:07:37] jnollette: has joined #RubyOnRails
[14:21:12] riotjones: has joined #RubyOnRails
[14:23:39] mtkd: has joined #RubyOnRails
[14:34:18] ianfleeton: has joined #RubyOnRails
[14:35:42] adavia: has joined #RubyOnRails
[14:39:26] tycoon177: is there any way to easily track down why memory usage in production is going up? I could just throw more ram at it, but I'd like to see if it's something that could be tuned a bit. i have rails running in a docker container and it can range wildly from ~150mb of memory usage to 1gb. The docker container is alpine, so it's not any background stuff causing this, only rails running on puma
[14:40:16] tycoon177: fwiw, the container usually sits at around 250-300mb after running for some time
[14:54:24] _ritchie_: has joined #RubyOnRails
[15:15:15] jgpawletko: has joined #RubyOnRails
[15:27:56] JJonah: I use the post-redirect-get pattern (https://en.wikipedia.org/wiki/Post/Redirect/Get) for my Rails form submissions, and I use flash[] to store the user's inputs so I can redisplay them if there's an error on form submission. This works well, except in one situation: If there's a form input containing a lot of data (eg, a text area), I'll get a cookie overflow error when trying to save that in the flash[], which
[15:27:56] JJonah: uses cookie/session storage under the hood. Which makes sense, but is there any workaround for this problem?
[15:34:58] Dbugger: has joined #RubyOnRails
[15:35:02] Dbugger: Hello everyone
[15:39:14] ianfleeton: has joined #RubyOnRails
[15:40:30] Cavallari: has joined #RubyOnRails
[15:42:33] SteenJobs: has joined #RubyOnRails
[15:45:37] Dbugger: I was wondering, what is the channel's opinion on "Devise" as an authentication system?
[15:48:39] tycoon177: Dbugger: i use it and like it on one site
[15:48:45] tycoon177: it's a nice out of the box solution
[15:49:10] Dbugger: I also was thinking the same, I just wonder how secure is it, for a real production site
[15:49:52] tycoon177: well ours is a production site :p
[15:50:11] tycoon177: i'm not sure on the actual security though
[15:53:06] TvL2386: hey guys, I'm using pundit. In my index where I loop through MyModel.all I have a "if policy(my_model).show?"
[15:53:17] TvL2386: it seems that this call to policy will execute a single query
[15:53:54] TvL2386: so I have about 70 objects. An index action without the policy call does a single query, and an index with the policy call does 1+70
[15:54:04] TvL2386: trying to find out why/where this happens
[15:54:31] Dbugger: tycoon177, do you know of any alternative packages for this purpose?
[15:55:24] tycoon177: Dbugger: https://www.ruby-toolbox.com/categories/rails_authentication devise is by far the most popular
[15:56:02] tycoon177: TvL2386: i'm confused on your question. would you mind rewording it?
[15:56:09] TvL2386: sure tycoon177 !
[15:57:30] TvL2386: I have a very simple rails app. I've got a model in app/models/evc.rb (class: Evc). Now in my evcs_controller#index method I do @evcs = Evc.all. In my evcs/index.html.haml I create a <table> where I print an evc in every row.
[15:58:06] TvL2386: when looping through the models, a single query is fired to retrieve all rows
[15:58:14] TvL2386: right... normal behaviour
[15:58:28] TvL2386: now I use `pundit` for authorization.
[15:59:09] tycoon177: alright, i'm following you so far
[15:59:30] TvL2386: hmmmm....I think I already see something, but I'll continue
[15:59:48] TvL2386: in my loop I want to show a "show" button if the user is allowed to
[15:59:56] tycoon177: sometimes just talking it out can cause you to realize the issue :)
[16:00:07] TvL2386: so I print a link if policy(evc).show?
[16:00:29] TvL2386: and adding that one "if policy(evc).show?" causes a query to be fired for every <table> row
[16:00:34] tycoon177: what are the contents of that `show?` method?
[16:00:44] TvL2386: yeah, that's it probably :)
[16:00:50] bijan_: has joined #RubyOnRails
[16:01:01] TvL2386: it's the default... a single line: scope.where(:id => record.id).exists?
[16:01:18] TvL2386: and I must admit I have no idea what it does
[16:01:59] tycoon177: what that does is fires off a db query with your scope's info along with id = #{record.id} and checking if any rows are returned
[16:02:05] TvL2386: and yeah trying to show someone else what's going "wrong", can be very beneficial to the troubleshooting process :)
[16:02:48] tycoon177: it might be better to write that method so that it does something like scope.pluck(:id) and then work on that
[16:03:10] TvL2386: yeah thanks for helping :)
[16:03:17] tycoon177: then it'd be an array of just the ids and you can do .include?(record.id)
[16:03:28] tycoon177: that might result in a single query for all ids in the scope
[16:03:46] tycoon177: assuming that the db result caching works propery
[16:03:49] Dbugger: I am trying to build an API for 3rd parties to use, and I was wondering how I could do it, to give those 3rd party apps authentication access to my API
[16:04:02] TvL2386: hehehe... I think the show? method should just contain "true"
[16:04:27] TvL2386: boolean true :)
[16:04:46] tycoon177: TvL2386: in that case, the whole if statement would be useless :)
[16:05:06] TvL2386: true that, but at least tinkering with the policy will change it for some users
[16:05:26] tycoon177: Dbugger: if you're just doing it for api auth, that's relatively easy to roll your own (even though you probably shouldn't)
[16:06:09] Dbugger: tycoon177, then what should I use?
[16:07:08] tycoon177: Dbugger: if you just need a way to generate api keys, why not use SecureRandom.hex or something similar?
[16:07:22] tycoon177: if you don't have experience with this kind of thing, reach for the library to do it for you
[16:07:37] tycoon177: if you are familiar with the risks and know how to mitigate that, roll your own
[16:07:39] Dbugger: Well, im not sure how the authentication system would go
[16:07:46] Dbugger: i am not familiar with them
[16:07:49] tycoon177: then reach for something that will do it yourself
[16:07:54] tycoon177: it's VERY easy to do something wrong
[16:08:18] tycoon177: and this isn't anything against you. it's just super hard to do correctly and very easy to do it wrong
[16:08:41] tycoon177: er, reach for something that will do it for you*
[16:09:02] TvL2386: Dbugger: what I did in the past, was supporting users and also api_keys. I would have an authenticate method that checks the session || params[:api_key]. That way I could fetch the user from the db. The user was either a real user or an api_key user... If that makes sense
[16:09:42] TvL2386: and with things like pundit or cancan(can), which I used in the past, I'd restrict everybody
[16:09:57] tycoon177: i use cancancan and hate it
[16:10:11] TvL2386: that's why I'm trying out pundit :)
[16:10:11] tycoon177: i have started writing my own authorization code in controllers for a lot of things
[16:10:20] TvL2386: and so far I like it
[16:10:27] TvL2386: quite clean, simple...
[16:10:39] tycoon177: the problem with cancancan is that it's hard to do permissions based on *other* models
[16:10:46] tycoon177: at least in my experience
[16:11:08] TvL2386: what I really disliked was how cluttered my Ability class became
[16:11:32] TvL2386: that was cancan though
[16:11:38] TvL2386: I'm assuming cancancan is the same :)
[16:11:55] tycoon177: cancancan just provides support for newer rails versions after cancan was stopped being updated i think :p
[16:12:05] TvL2386: yeah exactly
[16:12:11] Dbugger: TvL2386, not sure I understand
[16:12:25] TvL2386: well Dbugger, you authenticate users as well right
[16:12:46] TvL2386: they log in with there password, you search for them in the DB and you create a session
[16:12:49] snickers: has joined #RubyOnRails
[16:12:57] Dbugger: Well, only to set up their app keys. Once that is done, the app should just use that to authenticate, without the user
[16:12:57] tycoon177: i wouldn't suggest using params for the api key..at least use the authorization header :)
[16:13:40] TvL2386: you can do whatever you want... I used basic auth as well for some time... but switched because every request would be done without headers, a 401 was returned and the request was retried all the time
[16:14:28] TvL2386: Dbugger: so yeah: you know how to authenticate users
[16:14:38] TvL2386: Dbugger: now add a second authentication method :)
[16:14:41] Dbugger: TvL2386, for that I use Devise
[16:15:24] TvL2386: Dbugger: yeah I don't know how devise works
[16:15:47] TvL2386: Dbugger: so I don't know if/how you would add extra authentication methods to that
[16:16:06] TvL2386: but I guess you should rtfm the hell out of devise
[16:16:34] TvL2386: that's why I never used it.... it was too big, too complex... writing it myself was way easier
[16:16:46] TvL2386: oh also because I auth against LDAP... so it's pretty simple
[16:16:47] tycoon177: devise seems to really take charge of a lot of auth that you don't have a ton of control over, which is why i don't like it for apis
[16:16:59] tycoon177: but i haven't read into it much so i might be overlooking things
[16:17:00] TvL2386: google that :)
[16:17:24] TvL2386: I need to run!
[16:17:26] TvL2386: thx tycoon177
[16:17:36] TvL2386: good luck Dbugger
[16:18:27] Dbugger: thanks, Ill need it
[16:26:07] zsoc: has joined #RubyOnRails
[16:28:31] zsoc: has left #RubyOnRails: ("Leaving")
[16:34:46] alfie: has joined #RubyOnRails
[16:35:58] lupine: has joined #RubyOnRails
[16:36:58] dblessing: has joined #RubyOnRails
[16:38:51] Cavallari1: has joined #RubyOnRails
[16:44:39] uks: has joined #RubyOnRails
[16:59:08] snickers: has joined #RubyOnRails
[16:59:22] cagomez: has joined #RubyOnRails
[17:00:30] KeyJoo: has joined #RubyOnRails
[17:00:34] troys: has joined #RubyOnRails
[17:07:09] DrYockel: has joined #RubyOnRails
[17:14:05] jcarl43: has joined #RubyOnRails
[17:24:23] tpendragon: has joined #RubyOnRails
[17:26:30] fryguy: how can I set session timeout dynamically? using the expires_in session store does it for all sessions, i'm hoping to have a couple of different categories of sessions with different timeouts
[17:27:21] kapil___: has joined #RubyOnRails
[17:27:35] dionysus69: has joined #RubyOnRails
[17:30:33] darkhanb: has joined #RubyOnRails
[17:30:49] tycoon177: fryguy: i use a before_action in my application controller to check the session expiration
[17:38:20] troys: has joined #RubyOnRails
[17:47:00] ianfleeton: has joined #RubyOnRails
[17:52:15] n008f4g_: has joined #RubyOnRails
[17:57:20] tycoon177: is there any way to check the memory of a running rails server? i have 2 instances running and 1 is using over 400mb of memory and the other is using like 250mb..i'm wanting to see what's being held on to and not being garbage collected
[17:57:44] workmad3: has joined #RubyOnRails
[17:57:57] tycoon177: i'm using puma on alpine linux in a docker container as a server fwiw
[17:58:33] dviola: has joined #RubyOnRails
[18:02:44] b3rnd: has joined #RubyOnRails
[18:11:13] za1b1tsu: has joined #RubyOnRails
[18:11:17] SteenJobs: has joined #RubyOnRails
[18:15:38] NL3limin4t0r: has joined #RubyOnRails
[18:15:50] Dbugger: Does anyone have an idea how to build an api that requires an API ID for someone to use it?
[18:26:31] havenwood: Dbugger: sure
[18:26:54] Dbugger: havenwood, could you guide me a little. Im not sure how to proceed
[18:27:49] havenwood: Dbugger: I don't really know what you mean by "API ID" but there are things called "Bearer Tokens": https://tools.ietf.org/html/rfc6750
[18:28:20] havenwood: Dbugger: You'd really have to say more.
[18:28:33] Dbugger: well, basically I want a thing like Twitter does. Basically someone signs up in the developer section, and when he wants to build a new application, she created it and he is given a Consumer Key
[18:28:53] Dbugger: I want it so that I can track how many requests are done by each application
[18:29:06] havenwood: The plot thickens!
[18:29:28] havenwood: Dbugger: So this is for analytics?
[18:29:40] Dbugger: And also restrict how many requests per week an app can do
[18:29:48] Dbugger: it is just to make sure no app abuses the API
[18:29:59] Dbugger: but also to restrict access to a determinate set
[18:30:11] havenwood: So also an authentication strategy.
[18:30:34] Dbugger: yeah, but instead of authenticating the user, authenticate the apps (that belong to the user) that use the API
[18:30:49] havenwood: Dbugger: See ActionController::HttpAuthentication::Token
[18:31:05] havenwood: Dbugger: https://www.pluralsight.com/guides/ruby-ruby-on-rails/token-based-authentication-with-ruby-on-rails-5-api
[18:31:19] Dbugger: Oh, I read that page
[18:31:28] havenwood: Seems they're using JWTs
[18:31:38] Dbugger: but it seems to me like the first step in that guide is provide credentials, and that just sounds like a user/password
[18:31:49] havenwood: Dbugger: But look into token-based auth.
[18:32:20] havenwood: Dbugger: An auth library that I've been admiring is Rodauth: http://rodauth.jeremyevans.net/
[18:32:35] havenwood: I've not used it with a Rails app, but there are examples of doing so.
[18:32:51] Dbugger: well, when I read that article, what I understood, is that is a way to keep a session alive, without having to use the session.
[18:33:39] Dbugger: I will give it a second reading, if you think this is the way to go
[18:33:42] Dbugger: maybe I missed something
[18:34:02] havenwood: Dbugger: I just Googled "Rails Bearer Token" and pointed you to a top article.
[18:34:45] havenwood: Dbugger: Glancing at it, they're using JWTs. You could probably do a simple Bearer Token if you prefer. It seems you have a bunch of criteria so it's probably worth reading up on options.
[18:34:58] Dbugger: "Bearer Token" is the term I should be investigating? So far Ive used "Consumer Token"
[18:35:48] havenwood: Dbugger: https://tools.ietf.org/html/rfc6750
[18:36:03] Dbugger: Is this OAuth?
[18:36:47] havenwood: Dbugger: You can use just the bearer token part of OAuth.
[18:37:04] havenwood: "The access token provides an abstraction, replacing different authorization constructs (e.g., username and password, assertion) for a single token understood by the resource server."
[18:37:20] Dbugger: Well, seems like I have a good amount to read here
[18:37:25] Dbugger: thanks for the pointers :)
[18:38:42] havenwood: Dbugger: As an example of consuming an API using this auth strategy, see the second code snippet: https://github.com/httprb/http/wiki/Authorization-Header
[18:38:53] havenwood: HTTP.auth("Bearer VGhlIEhUVFAgR2VtLCBST0NLUw")
[18:39:29] Dbugger: let me see
[18:40:09] havenwood: Dbugger: Basic auth is rfc2617 and bearer tokens are rfc6750, which I linked above.
[18:40:24] nogic: has joined #RubyOnRails
[18:40:31] Dbugger: wow, seems like I have A LOT to read :D
[18:40:41] havenwood: Happy reading!
[18:41:49] havenwood: Dbugger: JWTs are rfc7519 if you want to get a bearing on that article as well.
[18:41:50] havenwood: https://jwt.io/
[18:42:21] havenwood: I think it's kinda fun that you can do plain text JWTs with a tiny Ruby script: https://gist.github.com/havenwood/3b98192d6122a4c9b1a4
[18:42:44] schneide_: has joined #RubyOnRails
[18:43:49] havenwood: Dbugger: But yeah, seems like simple bearer tokens fit the bill for what you've said.
[18:44:13] havenwood: It's a very good idea to look at the RFCs for basic auth and bearer tokens. :-)
[18:44:18] Dbugger: May be. Be that or not, seems to be important enough, for me to have a basic understanding of it, in my profesional field
[18:44:35] arBmind: has joined #RubyOnRails
[18:45:52] Dbugger: Well, this line seems to be pretty much what I want
[18:46:07] Dbugger: "Unlike session-based authentication, a token approach would not associate a user with login information but with a unique token that is used to carry client-host transactions."
[19:04:53] Aherin: has joined #RubyOnRails
[19:08:21] guacamole: has joined #RubyOnRails
[19:10:22] sameerynho: has joined #RubyOnRails
[19:16:26] riotjones: has joined #RubyOnRails
[19:17:15] fragamus: has joined #RubyOnRails
[19:18:25] adavia: has joined #RubyOnRails
[19:23:15] adavia: Anyone using AMS 0.9.x knows why isnt it possible to do something like this https://gist.github.com/adavia/c17ba403e223653eea44f570e255c1b2
[19:28:53] dtzuzu: has joined #RubyOnRails
[19:30:35] apeiros_: has joined #RubyOnRails
[19:35:33] mtkd: has joined #RubyOnRails
[19:37:05] tycoon177: adavia: this is a very slow moving channel most of the time
[19:37:08] tycoon177: give it a bit
[19:39:01] tycoon177: wait...i just looked at it
[19:39:22] fragamus: has joined #RubyOnRails
[19:39:30] tycoon177: adavia: i almost guarantee that your issue is the fact that your comments association also has a method called commends
[19:40:13] tycoon177: `has_many :comments` will make a method called comments and you're redefining that
[19:41:23] _ritchie_: has joined #RubyOnRails
[19:42:26] adavia: tycoon177: but still is valid to do something like object.comments.where(created_by: scope)
[19:42:54] tycoon177: sure it's valid but it's probably causing some issues
[19:43:01] tycoon177: it may work but it's not pretty
[19:43:10] adavia: I guess that including an association should always return an array
[19:43:29] tycoon177: associations return activerecord relation objects
[19:45:36] adavia: i cannot add a root level property in the json returned though
[19:45:44] Dbugger: havenwood, I understand the concept of the JWT, but what I want is a little more complex... I need to make authenticate not only the app cocnected to the API, but also the user that uses my app
[19:45:51] Dbugger: not sure if that is covered in those links
[19:45:59] adavia: Seems like the only way is creating a custom adapter
[19:52:55] marr: has joined #RubyOnRails
[19:53:31] tycoon177: Dbugger: those 2 things should have different authentication paths
[19:54:14] tycoon177: what works well for api authentication doesn't work well for users and vice versa
[19:54:49] tycoon177: adavia: what is your end goal?
[19:55:08] adavia: normalizing data
[19:55:28] adavia: I dont want to use the json api specification
[19:56:00] adavia: I dont need to
[19:56:41] tycoon177: so you're using ActiveModel Serializer to make json data?
[19:57:51] adavia: But i thought it was more flexible in the way you want to structure your data
[19:58:57] adavia: Guess im going back to jbuilder
[20:00:23] tycoon177: i'm starting to see your struggle looking at documentation
[20:01:51] workmad3: has joined #RubyOnRails
[20:03:15] Dbugger: tycoon177, but the api handles as well the user authentication
[20:03:38] Cosmonaut: has joined #RubyOnRails
[20:07:06] AnotherOne: has joined #RubyOnRails
[20:07:10] SteenJobs: has joined #RubyOnRails
[20:11:17] Dimik: has joined #RubyOnRails
[20:15:07] fragamus: has joined #RubyOnRails
[20:21:39] fragamus: has joined #RubyOnRails
[20:27:02] fragamus: has joined #RubyOnRails
[20:41:20] hfp_work: has joined #RubyOnRails
[20:53:05] b3rnd: has joined #RubyOnRails
[21:02:07] SteenJobs: has joined #RubyOnRails
[21:02:40] cagomez: has joined #RubyOnRails
[21:06:49] neruda: has joined #RubyOnRails
[21:06:51] hfp_work: has joined #RubyOnRails
[21:09:43] neruda: Anyone used opentracing gem in RoR app? All tutorials I find involve Docker and jaegar and are a little too advanced for me
[21:10:34] guacamole: has joined #RubyOnRails
[21:12:36] fox_mulder_cp: tycoon177 oh. in my demo blog i drop devise and use has_secure_password + send to user JWT token after succesfull signing in.
[21:13:27] tycoon177: fox_mulder_cp: i'm not sure i follow
[21:15:55] crova: has joined #RubyOnRails
[21:17:46] workmad3: has joined #RubyOnRails
[21:18:21] crova: greetings all, how is it going? I have multiple models that have an attribute in common 'message_id' (attributes are being fetched via an API). For some of those models, I have a 'sending_ip' attribute and I would like to match all the models with same 'message_id' and update the missing 'sending_ip' on those models that don't have it. How would one tackle this?
[21:19:20] tycoon177: why isn't the message model just holding the sending ip?
[21:19:28] tycoon177: db normalization exists for a reason
[21:20:16] crova: because it is not a message model (I said something wrong, attributes are being generated by webhooks). I got a model for each event webhook
[21:20:32] AnotherOne: [Model1, Model2].each{|model| model.where(message_id: the_id).update_attributes({sending_ip: sendIP})}
[21:20:34] AnotherOne: there you go ;)
[21:20:59] crova: anotherone, let me give it a shot, thanks
[21:21:19] SteenJobs: has joined #RubyOnRails
[21:22:04] tycoon177: i forget how magic ruby can be at times
[21:22:56] AnotherOne: hehe magic ruby xD
[21:24:42] crova: anotherone, works really well, and that gave me the idea of trying something else: Model1.where(message_id: Model2.pluck(:message_id)) and then I move forard from here
[21:24:47] crova: thanks mate
[21:24:53] hfp_work: has joined #RubyOnRails
[21:25:19] cagomez: has joined #RubyOnRails
[21:25:46] AnotherOne: my pleasure mate gl and hf :)
[21:31:42] dionysus69: has joined #RubyOnRails
[21:42:41] mtkd: has joined #RubyOnRails
[21:43:23] jnollette: has joined #RubyOnRails
[21:47:39] SteenJobs: has joined #RubyOnRails
[22:03:09] Dbugger: you guys/gals know how do Twitter do, so that 3rd party apps dont steal credentials from users using it?
[22:07:03] carlweis: has joined #RubyOnRails
[22:09:18] tycoon177: Dbugger: you mean api keys/
[22:10:19] Dbugger: well, if I want to login into twitter through a 3rd party app, does this app get to see my password?
[22:10:52] Dbugger: i know API keys are used by the app to comunicate to the main server, but the user has to authenticate through the 3rd party app, no?
[22:11:46] tycoon177: it depends on how the app is coded
[22:12:04] Dbugger: that is what I mean. 3rd party apps are risky, no?
[22:12:15] tycoon177: what it should do is open a web browser and let you sign in directly to twitter then it will get the api key which is returned to the app
[22:12:29] tycoon177: i mean, they can be sure
[22:12:36] Dbugger: That is OAuth, no?
[22:13:45] tycoon177: oauth is a standard that handles 3rd party logins sure
[22:14:16] Dbugger: maybe I should look into it, if I want to build an API
[22:23:24] carlweis: is it possible to disable autocomplete for all forms using simple_form?
[22:25:49] fox_mulder_cp: carlweis: manually add option which prevent browser to complete it from stored values
[22:47:28] _ritchie_: has joined #RubyOnRails
[22:53:28] fragamus: has joined #RubyOnRails
[22:57:36] schneide_: has joined #RubyOnRails
[22:59:56] bronson: has joined #RubyOnRails
[23:15:48] schneide_: has joined #RubyOnRails
[23:23:45] agent_white: has joined #RubyOnRails
[23:24:52] jnollette: has joined #RubyOnRails
[23:28:57] bronson: has joined #RubyOnRails
[23:35:55] mices: has joined #RubyOnRails
[23:44:34] cagomez: I have a model that's loaded in memory. does `foo.users = []` do the same thing as `foo.update(users: [])`?
[23:45:19] cagomez: nevermind, just found this: http://www.davidverhasselt.com/set-attributes-in-activerecord/
[23:47:20] mtkd: has joined #RubyOnRails
[23:47:27] tcopeland: has joined #RubyOnRails
[23:48:09] fox_mulder_cp: cagomez: depends what are you want as result
[23:51:46] SteenJobs: has joined #RubyOnRails