MyUtil™

Yahoo OpenID has extra security constaints

Posted by face on March 05, 2008

I have a feeling this will help some of y’all if you are getting the following error:

Sorry! Something is not quite right with the request we received from the website you are trying to use. Please try again in a few minutes. If this error persists, please contact the site administrator for the website you are trying to use. If you are the site administrator, click here to contact us.

I get this error if I try to login on my development environment because localhost:3000 just won’t cut it for Yahoo’s OpenID security policy. If I run from a production URL on port 80, say http://myutil.com/ then signin works (though I haven’t gotten Simple Registration Attribute Exchange working with Yahoo).

From the Yahoo OpenID Developers FAQ:

Yahoo! Security Policies Yahoo! will only support Relying Parties running on webservers with real hostnames (IP addresses are not supported) running on standard ports (Port 80 for HTTP and Port 443 for HTTPS).

Hope this saves ya some time!

Sections: Web Design
Tags: Rails rails
Meta: 1 comment, permalink

Prototype translations for Gibberish with Google Language Tools, a mouse click, and 13 lines of code

Posted by face on January 23, 2008

I wanted to prototype my Gibberish translations before we have an actual translator. I grabbed gibberish_translate and started copying and pasting from Google Language Tools.

After five minutes of this, I thought there has got to be a better way. I googled for an API to the Google tools, and though I found none, I did find a scraping Ruby API called rtranslate. So…

gem install googletranslate

Then I hacked the index method of translations_controller.rb from gibberish_translate. I added the following lines of code


  require 'rtranslate'
  def index
     # ...Mark's entire index method goes here unchanged
    if params[:filter] == "untranslated"
      count=0
      @paginated_keys.each do |key|  
        if ! @translated_messages[key]
          @translated_messages[key] = { 
          :to => Translate.t(@en_messages[key], Language::ENGLISH, session[:translation_locale] ),
          :from => @en_messages[key]
          }
        end
        break if (count += 1) == per_page
        sleep 1 # Let's be nice to google
      end
    end
  end
 # end of index from gibberish_translate's translations_controller.rb

And now Google does the work for me with the click of a mouse!

Note I did make some other changes to Mark’s code. There was a bug in translations_controller.rb in that it lost your current local when saving changes. To fix this I changed the set_translation_locale to use the session of there is no paramater:


  def set_translation_locale
    session[:translation_locale] = params[:translation_locale] if params[:translation_locale]
    session[:translation_locale] = Gibberish.languages.first if Gibberish.languages if ! session[:translation_locale]
  end

I also made some changes to gibberish_translate’s extractor.rb to handle Gibberish strings with default keys ("foo"[] is a valid Gibberish way of saying "foo"[:foo]):


    def message_pattern(start_token, end_token)
      /#{start_token}((?:[^#{end_token}](?:\\#{end_token})?)+)#{end_token}\[:*([a-z_]*)[,\]]/m
    end

    def add_messages(contents, start_token, end_token)
      contents.scan(message_pattern(start_token, end_token)).each do |text, key|
        key = text.tr('[  ]', '_').downcase if ( key == '' )
        add_message(key, remove_quotes(text, end_token))
      end
    end

The final tweaks I made was to make the find system call more portable (no -regex on OpenBSD) and also have it search for strings in my gibberish_rails plugin:


    def files_with_messages
      `find #{dirs_to_search.join(" ")} -type f '(' -name '*rb' -or -name '*.ml' ')'`.split.map(&:chomp)
    end

    def dirs_to_search
      %w(app config lib vendor/plugins/gibberish_rails).map { |dir| "#{RAILS_ROOT}/#{dir}" }
    end

Peace!

Sections: Web Design
Tags: Rails rails
Meta: 0 comments, permalink

gibberish_rails: a Ruby-On-Rails plugin to translate Rails with Gibberish

Posted by face on January 22, 2008

With migrating from Rails 1 to Rails 2, I have tried to simplify. When I wanted to prototype a multilingual Rails application I was very intrigued by Gibberish and it’s simplicity.

As all Gibberish does is translate strings and all this plugin attempts to do is translate srings in Rails. This plugin is in a very early prototype stage but I expect it to be useful none the less.

If you want full localization of dates, numbers, the world etc. check out some of the other more mature localization plugins.

If you are trying to localize your Rails strings with Gibberish, then this plugin is for you.

When I set out I didn’t even expect to make a plugin, just write some simple ruby in my project. However, it turns out there is a reason for the bloat in localization plugins…rails was never designed to be localized and has some quirks that lead to the necessity of overriding large core rails methods. The rails core team is obviously aware the problem and are working on a solution with ticket 9726. I’m hoping Rails ticket 9726 will make it to edge and then I’ll be able to simplify this plugin.

Without further adieu, I give you gibberish_rails.

Here is a link to the RDoc.

Quickie instructions (includes install for Gibberish).

./script/plugin install svn://errtheblog.com/svn/plugins/gibberish
./script/plugin install http://svn.myutil.com/projects/plugins/gibberish_rails/

Please read the README in it’s entirety before using.

Now you must translate your strings. I recommend using gibberish_translate. My next article will be on automatic prototyping translations with gibberish_translate and Google Language Tools.

Sections: Web Design
Tags: Rails rails
Meta: 0 comments, permalink

OpenID-2.0.2 with Rails-2.0.2

Posted by face on December 29, 2007

OpenID makes sense. Dr. Nick’s multi-OpenIDs per user example app makes even more sense.

In the middle of integrating it into my project, gem-1.0.1 came out and broke ruby-openid-1.1.4. Dr. Nick’s great example no longer worked!

A little digging and I found Dr. Nick’s example uses the standard open_id_authentication. That has a patch to work on ruby-openid-2.0.2 and rails 2 which can be found here.

So in a nutshell, I grabbed openidauth_multiopenid-0.3.2 from Dr. Nick, removed a bunch of stuff from vendor plugins. Updated Rakefile, config/boot.rb, and config/environment.rb for rails 2.0.2. Patched vendor/plugins/open_id_authentication for ruby-openid-2.0.2. Regenerated db/migration/002_add_open_id_authentication_tables.rb. And installed ruby-openid-2.0.2 as a system gem.

As a little code is worth more than a thousand words, here is Dr. Nick’s example application fully ported to rails 2.0.2 in ZIP and TAR.gz.

For my port of Dr. Nick’s example above to work, you will need rails-2.0.2 and ruby-openid-2.0.2 installed as a gems.

Security Update: January 4th, 2007 I noticed the example adds edit, update, and destroy to users_controller.rb using params[:id] thus allowing any logged in user to edit, update, and destroy any user of the system. To fix, simply change the first line of edit, update, and destroy to use the current logged in user (i.e. @user = User.find(self.current_user.id)).

Another Update:February 27th, 2007 One of my clients noticed the user_openids_controller’s index method finds all openids for all users if you surf to user_openids URL. To fix, change the find in user_openids_controller.index to be @user_openids = UserOpenid.find_all_by_user_id(@user.id). I think it’s time I put this example under SVN and apply these security upates…

It should look something like this under rails 2.0.2: