Thursday 29 April 2010

current_user in rubyCAS-client

With restful_authentication (or other schemes) we have a requires_login before_filter which you stick at the top of your controllers, to make sure certain actions are protected by login. It also tends to take care of the slightly messy logic involved in setting up the extremely useful current_user variable.

Obviously our applications have already been built around this logic existing, so a smooth transition requires the same sort of functionality.

The ruby-CAS (client) provides a basic before_filter for us that takes care of the nasty talking-to-the-rubyCAS-server logic... at the end of which we know whether or not the person talking to us is known to the system. But we still to actually associate this person with a real live User model on our system, and save them into the current-user variable.

On our system, after going through the provided before_filter, we have configured the server to provide two things in the session:

  1. the :cas_user, which is the user's username and
  2. a set of :extra_attributes which is a set of other fields we've asked CAS to provide and which we'll use later for roles (see authorisation for more on that)

If we want any other user information - we will need to go fetch it by hand from our local db, and we'll need to do this directly after the main rubyCAS before_filter. So, we'll need something like the following, probably put into ApplicationController

  # this is the before_filter provided by rubyCAS client
  before_filter CASClient::Frameworks::Rails::Filter
  # this is a call to our own new before_filter
  before_filter :setup_cas_user

  # actions go here...

  # and at the bottom of the controller file...
  private
    # this before_filter takes the results of the rubyCAS-client filter and sets up the current_user
    def setup_cas_user
      # save the login_url into an @var so that we can later use it in views (eg a login form)
      @login_url = CASClient::Frameworks::Rails::Filter.login_url(self)

      # if we don't have the :cas_user in the session, then we are not logged into rubyCAS
      # we could have none because:
      #   1) we have failed login or 
      #   2) because we don't necessarily need to login to get here
      # either way we need to skip out here
      return unless session[:cas_user].present?

      # so now we go find the user in our db
      @current_user = User.find_by_username(session[:cas_user])
      @current_user.present?
    end

Pretty simple

What if the user isn't on this application yet?

Good question - it is possible to have created a user on one application and of course, using single sign-on, you may want to automatically sign your users up into another application. This could easily be done here with a slight addition to the before_filter:

      # so now we go find the user in our db - or create them if they don't yet exist.
      @current_user = User.find_or_create_by_username(session[:cas_user])
      @current_user.present?

Note: the only information linking the two user-records will be the username. You won't be able to access any other information (eg address or other details) unless you physically query your other application's user record... though this is a good use-case for passing extra information through the extra_attributes fields. Still, it does allow your users to seamlessly transition from one of your applications to another.

This is one article in a series on Rails single-sign-on with rubyCAS

Wednesday 28 April 2010

RedBubble

I have just discovered RedBubble an awesome site for displaying and selling your artwork (whether images, writing, T-shirts or otherwise)... and developed in Ruby-on-Rails too.

You can upload your art and offer it for sale in a variety of formats - they provide widgets for helping sell your stuff (eg the portfolio below). You just specify the markup you want and they take care of the shipping and payment - sending you your cut via checque or paypal. It also has groups a-la flickr - where you can join your art with other similar art, take part in challenges etc.

Here's my portfolio as an example of what they can do for you.

Wednesday 14 April 2010

Silicon Stilettos

I just went to a great meetup. Silicon Stilettos is a networking meetup aimed at business women in the IT industry.

I went along last night and loved it. It was a great way to catch up with like-minded women in the industry, and hopefully learn a few tips and tricks from them, and share my own experience.

Despite it being an IT industry Do, I seemed to be the only actual developer in the lot - but that didn't surprise me at all. Even after decades of equal-rights, I still find that even with the small number of women in the IT world, that majority of them tend to be in marketing or PR, which played out amongst this group. But that's fine - after all, if I wanted to learn yet more IT stuff, I could go for linuxchix, GirlGeekDinners or any one of the non-female-only[1] user groups I attend already. So it was great to see a different side of the IT industry - and there were certainly a few women there that were quite savvy in the field.

The best chat was about social media as it pertains to IT PR, how big corporates still haven't realised they should do it, and how those that realise they should don't know how to get started. Mainly because they're so used to hiding behind their corporate brand-projection that it's hard for them to dredge up a real, unique and human voice, which is what is needed for social media to actually be genuine and appealing.

Often, big companies try to continue the sort of push-style marketing they're used to, just dropping it into twitter/facebook as though that was how to win over the social media crowd. They couldn't be more wrong, of course. Social media demands a real and genuine connection with people, and you can't do that by braying about how good you are.

A lot of companies still don't get the "conversation" part of the equation and fail to understand that at least one half of a conversation should be devoted to really listening to the other person[2]. Failing to pay attention can lead to serious problems quicker than you think. One of the women spoke about some kerfuffle that happened over facebook/twitter when someone at nestle was obviously having a bad day. Clearly, social media can also go horribly horribly wrong...

So, I think the meetup wa a resounding success, and I'm really looking forward to the next one.

Notes

1
Why go to an all-women group? Well - that's hard to answer without offending people, but I'll try. It's not that I don't like co-ed groups - I'm not terrified of men. Being in an industry so obviously dominated by them means I've gotten pretty used to hanging around with them... but there are still cultural differences between the sexes (in an on-average way, and I'm sure entirely due to different upbringing). While it's great to do the mixed-thing it can also be good to get amongst other women too.

Being an expat I can immediately see similarities with hanging out with others from my own country. It's not that I don't want to assimilate - I spend > 95% of my time hanging around with locals... but it's also nice now and then to get together with other Aussies and bitch about how crap the NHS is compared with Medicare (for example). :)

The expectations and culture are simply different. For one thing, I noticed that most of the attendees had one small drink and I wasn't the only one leaving before 9 to get home. Being used to IT get-togethers where you get funny looks if you don't have a second or third drink and get a sense that you're just "not up to it" if you don't hang around until way past 10 (regardless of it being a school-night)... this came as a breath of fresh air. Seems like these other women also have a life... :)

2
It still surprises me that companies don't get this. After all, The Cluetrain Manifesto was written a decade ago, and folks like Seth Godin are doing their best to get the message out every which way they can. Yet I still see big companies pushing the same rhetoric out as though they could just transcribe their traditional TV-ads or print-media brochure-ware onto the web. They remind me of those obnoxious types that will talk over the top of everyone at dinner but only ever talk about how good they are, without realising that the adage of "show don't tell" isn't limited to novel-writing.

Thursday 1 April 2010

What am I up to?

Wow, time goes by so fast!

It seems that only a few weeks ago I was writing my RubyCAS blogposts and now it's suddenly April and I haven't finished them up yet. They're all sitting, half-written in my drafts folder.

The past few months have been crazy-busy. I left my previous employment in Windsor and am now working two part-time contracts - one for Mobibliast in Australia one day a week (paying off the mortgage back home), and one for Moneyspyder three days a week in London. For my remaining one day a week, I'm working on my own startup - which I'll tell more about as it creeps closer to launch-date... though that one day a week often creeps over in to Saturday and sometimes Sunday too. :P

RubyCAS Logout action

Here's a quick snippet for the CAS logout action. It logs the user out of the CAS-server and redirects them to the root_url of your application.

  def cas_logout
    @cas_current_user = @extra_attributes = nil
    reset_session
    CASClient::Frameworks::Rails::Filter.logout(self, root_url) and return
  end

This is one article in a series on Rails single-sign-on with rubyCAS