Open cktricky opened 10 years ago
Hi @cktricky. Do you know what Railsgoat is using for authentication? My primary use case has been devise, with a method/attribute on the model that indicates whether the user is an admin. The dummy app (/test/dummy) uses this and seems to work ok.
One note: There was a typo in the readme. To get to the dashboard visit /ensnare/dashboard/violations (instead of just /ensnare/dashboard). This should get you to the violations list which contains a menu with the other dashboard pages as well.
Awesome, we will give the violations endpoint a shot. Thanks for your assistance on this.
To answer your question, Railsgoat does not use Devise yet but we are actually migrating to Devise as well as Rails 4 since it seems to be the most commonly used authentication library. If a move to Devise fixes this, that's awesome but obviously those folks who use custom authentication might have an issue.
We'll spend some more time getting this to work w/ Railsgoat and our custom auth schema versus Devise and see if a Pull request isn't in order/needed.
Great idea and thanks for building this!
When a current_user helper method is defined in your application controller, assigned in the ensnare.rb config file (as well as the admin authorization), the gem still does not pick this up.
I'm wondering if the way the gem's controllers are injected into the application's inheritance chain isn't the root cause?
I'm happy to provide any details you would like. Currently, this is for Railsgoat as we'd like to demonstrate protecting your application with this gem.