Lockdown

Hey Oliver,

Thanks for trying out Lockdown.

Public access rights can be a bit touchy at the beginning, hope you don't mind a little background info. The first time you access your site your access rights are stored in your session. If you make a change to the access rights definition in init.rb you must reset your session so that the new rights are loaded. There are a couple ways of doing this. The /logout action (session.destroy) should reset this for you (if the code is your application to do so.) If go to /logout and you are still getting the error, try removing the cookie.

On a side note, you need to add the :home, :users_management, :user_groups_management, :permissions_managent to protected_access as well before you can hit the pages.

Let me know how it goes...

I'm a little tired...hope this makes sense.

thanks,
andy

Hi Andy,

it's funny, I had tried resetting the session before by going to /logout and even clearing tmp/sessions (hadn't tried clearing cookies though), and it didn't work.

of course, when I tried it after I got your message, it did work :)
I must have been making a mess somewhere...

things are making more sense now too, thanks for the background info (and the hard work!).

- Oliver

I'm having the same problem after deploying to Heroku, but I haven't been able to shake it off by going through the same steps (going to /logout and deleting cookies).

any ideas? I'm also asking the heroku people about whether they handle sessions in a different way...

Sorry for my insistence, but I've just tried deploying to another host (railsplayground), and am experiencing the same problem. After deploying cold, no session, and then after clearing my sessions over and over again, I still get it.

Is there anything else at all that could cause this? It's embarassing to admit it, but I've been stuck with this for several days now :P

thanks
Oliver

Can you send me the log from railsplayground so that I can see if you are getting any errors? Are the init.rb and routes.rb files the same as above?

Here's the log, looks like now at least the infinite loop is gone, but I'm still getting locked out. I'm posting the updated init below (the routes are the same):

Processing SessionsController#create (snip) [POST]
  Session ID: BAh7CzoQZXhwaXJ5X3RpbWV1OglUaW1lDVIjG4AePpkgOgxjc3JmX2lkIiVj
M2QwZjY0MWRkNmU3MmYwMGZiOTI0ZTE0MjEwOGY5ZDoNdGhpc3BhZ2UiCy9s
b2dpbjoSYWNjZXNzX3JpZ2h0c1sLIhxzZXNzaW9ucy9sb2NhbF9yZXF1ZXN0
PyIlc2Vzc2lvbnMvcmVzY3VlX2FjdGlvbl9pbl9wdWJsaWMiFXNlc3Npb25z
L2Rlc3Ryb3kiFHNlc3Npb25zL2NyZWF0ZSIbc2Vzc2lvbnMvbG9nX2V4Y2Vw
dGlvbiIRc2Vzc2lvbnMvbmV3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
OjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOg1wcmV2cGFnZSIGLw==--c479235545942a3d2396d9567349f53ee3787b0e
  Parameters: {"commit"=>"Log in", "action"=>"create", "authenticity_token"=>"(snip)", "controller"=>"sessions", "login"=>"admin", "password"=>"[FILTERED]"}
Redirected to http://senso.oliverbarnes.railsplayground.net/
Completed in 0.00857 (116 reqs/sec) | DB: 0.00021 (2%) | 302 Found [http://senso.oliverbarnes.railsplayground.net/sessions]

Processing MainController#index (snip) [GET]
  Session ID: BAh7CzoQZXhwaXJ5X3RpbWUwOgxjc3JmX2lkIiVjM2QwZjY0MWRkNmU3MmYw
MGZiOTI0ZTE0MjEwOGY5ZDoNdGhpc3BhZ2UiCy9sb2dpbjoSYWNjZXNzX3Jp
Z2h0czA6DXByZXZwYWdlIgYvIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
OjpGbGFzaDo6Rmxhc2hIYXNoewY6CmVycm9yIhtBdXRoZW50aWNhdGlvbiBm
YWlsZWQuBjoKQHVzZWR7BjsLRg==--8d86d4fbae9d62a5f36ea4fe58be737c74a2d239
  Parameters: {"action"=>"index", "controller"=>"main"}
Redirected to http://senso.oliverbarnes.railsplayground.net/login

Processing SessionsController#new (snip) [GET]
  Session ID: BAh7CzoQZXhwaXJ5X3RpbWV1OglUaW1lDVIjG4CTYUoiOgxjc3JmX2lkIiVj
M2QwZjY0MWRkNmU3MmYwMGZiOTI0ZTE0MjEwOGY5ZDoNdGhpc3BhZ2UiBi86
EmFjY2Vzc19yaWdodHNbCyIcc2Vzc2lvbnMvbG9jYWxfcmVxdWVzdD8iJXNl
c3Npb25zL3Jlc2N1ZV9hY3Rpb25faW5fcHVibGljIhVzZXNzaW9ucy9kZXN0
cm95IhRzZXNzaW9ucy9jcmVhdGUiG3Nlc3Npb25zL2xvZ19leGNlcHRpb24i
EXNlc3Npb25zL25ldyIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh
c2g6OkZsYXNoSGFzaHsGOgplcnJvciIbQXV0aGVudGljYXRpb24gZmFpbGVk
LgY6CkB1c2VkewY7C1Q6DXByZXZwYWdlIgsvbG9naW4=--319526894863e638f039c9c5583dea5a9e947842
  Parameters: {"action"=>"new", "controller"=>"sessions"}
Rendering template within layouts/application
Rendering sessions/new
Completed in 0.00429 (233 reqs/sec) | Rendering: 0.00401 (93%) | DB: 0.00000 (0%) | 200 OK [http://senso.oliverbarnes.railsplayground.net/login]

require "lockdown" 
require File.join(File.dirname(__FILE__), "session")

Lockdown::System.configure do

  options[:access_denied_path] = "/login" 

  options[:successful_login_path] = "/" 

  set_permission :home, all_methods(:main)
  set_permission :sessions_management, all_methods(:sessions)
  set_permission :users_management, all_methods(:users)
  set_permission :user_groups_management, all_methods(:user_groups)
  set_permission :permissions_management, all_methods(:permissions)
  set_permission :my_account, only_methods(:users, :edit, :update, :show)

  set_permission :projects_management, all_methods(:projects)
  set_permission :project_management, only_methods(:projects, :edit, :update, :show)
  set_permission :institutions_management, all_methods(:institutions)
  set_permission :institution_management, only_methods(:institutions, :edit, :update, :show)
  set_permission :investors_management, all_methods(:investors)
  set_permission :investor_management, only_methods(:investor, :edit, :update, :show)
  set_permission :senso_staff_management, all_methods(:technicians), 
                                          all_methods(:correspondents), 
                                          all_methods(:consultants)

  set_public_access :sessions_management
  set_protected_access :my_account, :home, :sessions_management, :users_management, :user_groups_management, :permissions_management

  set_user_group(:instituto_senso, :projects_management, :institutions_management, :investors_management, :senso_staff_management, :home) 
  set_user_group(:gestores, :my_account, :project_management, :institution_management)
  set_user_group(:tecnicos, :my_account, :project_management)
  set_user_group(:consultores, :my_account, :project_management)
  set_user_group(:correspondentes, :my_account, :project_management)

end 

thanks for looking into this further,
Oliver

No problem Oliver, I would like to figure this out to see what I can do to prevent issues like this in the future.

So, lets dig a little.

I'm going to assume your using the same session controller included with Lockdown? When you log in you are calling: set_session_user(User.authenticate(login, password)) ? An that method should be calling: add_lockdown_session_values(user).

If that is all there we are good.

So, let's look at the user you are logging in as. Go to the database and select all the user_groups associated to that user. Make sure they match up to what you expect. If you have user management screens, just check there.

Let me know.

thanks,
andy

after the reinstall I'm using the original generated session controller, and what you described is all there.

The user I'm logging in as is the default 'admin' with password 'password', in user group 'Administrators'.

and it's working fine in my machine :P

Do you have any suggestions/ideas for functionality that may have helped you out?

thanks,
andy

sorry, what I meant is that I have this working on my machine, but it still doesn't work on either RailsPlayground nor Heroku...

no worries. well, if it works locally and not RailsPlayground/Heroku then I would guess a configuration issue, right?

have you verified the gem versions are the same on RailsPlayground/Heroku?

have you verified the lib/lockdown/*.rb files are the same?

can you do some logging and take a look at what's in session[:access_rights] before/after you log in?

thanks,
andy