1

I would like to login to an external https site, through rails based on user/password credentials saved into a rails database. Something like a single sign on. The external site does not provide an API to login; only a login form. Their docs say you can post the credentials to their login form by loading the email and password to the form and then pressing ok.

But if I do that, then by viewing the source code of the login form, someone may find out the login credentials. I have looked into Mechanize and loading cookies like here Submitting POST data from the controller in rails to another website and Rails 3 - Log into another site and keep cookie in session but it does not seem right.

Is there a way to automatically load the credentials from the controller and post to the external site immediately in order to login to that site?

Thank you in advance

Community
  • 1
  • 1
Nick_K
  • 541
  • 6
  • 22
  • Hey were you able to solve this problem? If yes, can you please tell me how? – Raza Nov 16 '16 at 03:54
  • I could not. You see, once they provide a form for you to login in and nothing else, you have to fill in the username/password programmatically and post the form with javascript on load. Since there is no api involved, the solution is somewhat broken. – Nick_K Nov 22 '16 at 08:13
  • Well, I was able to do this via Mechanize – Raza Nov 22 '16 at 23:30

2 Answers2

2

I would use Oauth2. Here is a good wrapper: https://github.com/intridea/oauth2

ruby_newbie
  • 3,190
  • 3
  • 18
  • 29
  • Thanks but the external site does not provide an API to use for login. They only have an http login form to login. – Nick_K Aug 29 '16 at 05:48
0

I was able to do this via mechanize. For facebook for example, which uses https, the code is shown below

In my user_controller.rb:

  def face_book
    @website = 'https://www.facebook.com/login.php?login_attempt=1&lwv=110' 
    agent = Mechanize.new
    agent.log = Logger.new "mechanize.log"
    agent.user_agent_alias = 'Mac Safari'
    agent.follow_meta_refresh = true
    agent.redirect_ok = true
    login_page  = agent.get (@website)
    login_form = login_page.forms.first 
    email_field = login_form.field_with(name: "email")
    password_field = login_form.field_with(name: "pass")  
    email_field.value = 'PUT_YOUR_EMAIL_HERE'
    password_field.value = 'PUT_YOUR_PASSWORD_HERE'
    home_page = login_form.click_button
    @blah = agent.get("https://m.facebook.com/")
  end
Raza
  • 205
  • 1
  • 8