rails-authentication-from-scratch issues

Confused about `request.local?`

1

Hi Steve, I'm confused about the check for `request.local?` in `store_location`. The reason I ask is that redirecting to the originally requested URL works in dev but not production on...

matt17r

The Vague Line

2

https://github.com/stevepolitodesign/rails-authentication-from-scratch/blob/9823b3a8682f0132004e0f9a77fb26b197e5be9a/test/test_helper.rb#L17 Hi. This line seems vague to me. Have you tried to type "elsif" or am I not understanding the purpose of this line? :)

Tarbetu

Limit remember cookie to httponly

1

## Before https://github.com/stevepolitodesign/rails-authentication-from-scratch/blob/b3e253fe2986d5672ba50f4ca23d4af038d5e8b1/app/controllers/concerns/authentication.rb#L37-L39 ## After ```ruby def remember(active_session) cookies.permanent.encrypted[:remember_token] = { value: active_session.remember_token, httponly: true } end ``` Issues ------- [set httponly cookie](https://github.com/stevepolitodesign/rails_mvp_authentication/issues/53#issuecomment-1051187056)

stevepolitodesign

Confirmation token can be re-used before it expires

https://github.com/stevepolitodesign/rails-authentication-from-scratch/blob/b3e253fe2986d5672ba50f4ca23d4af038d5e8b1/app/models/user.rb#L57 Issues ------- https://github.com/stevepolitodesign/rails_mvp_authentication/issues/54

stevepolitodesign

Update README to reference the generator

I should up the the intro to reference [the generator](https://github.com/stevepolitodesign/rails_mvp_authentication). - [ ] Update [blog post](https://stevepolito.design/blog/rails-authentication-from-scratch/) - [ ] Update [Dev.to post](https://dev.to/stevepolitodesign/rails-authentication-from-scratch-38m2)

stevepolitodesign

Single point of failure when using signed IDs

5

Using Rails signed IDs is certainly an elegant way to go about account activations and password resets and 99.9% of the time I reckon they're fine in terms of security....

ayushn21

Small refactor on sessions controller

2

To stop from having multiple nested `if` statements.

alexventuraio

E36lewis

rails-authentication-from-scratch
rails-authentication-from-scratch copied to clipboard

Metadata

Confused about `request.local?`

The Vague Line

Limit remember cookie to httponly

Confirmation token can be re-used before it expires

Update README to reference the generator

Single point of failure when using signed IDs

Small refactor on sessions controller

Suggestion for a refactor on passwords controller

Reorder controller methods to enhance developer experience and improve readability

Why is the ||= removed? current_user method

← Metadata

Owner

Metadata

rails-authentication-from-scratch rails-authentication-from-scratch copied to clipboard

Metadata

← Metadata

Owner

Metadata

rails-authentication-from-scratch
rails-authentication-from-scratch copied to clipboard