Zoran Majstorovic zmajstor

##Problems with role-based authorizations

role :admin, { is_admin: true } do
  can :destroy, Post
end

clone Rails sample app provided by good people from OneLogin Inc. git clone https://github.com/onelogin/ruby-saml-example.git

edit file app/model/account.rb to reflect your consumer service endpoint

	<script type="text/javascript">
	$(document).on("change", "#my_select", callAjax);

	$.ajaxSetup({
	headers: { 'X-CSRF-Token': '<%= form_authenticity_token.to_s %>' },
	timeout: 30000, // timeout after 30 seconds
	async: true,
	});

	function callAjax() {

	<%= check_box_tag "foo[delivered]", nil, foo.delivered, data: { id: foo.id }, class: "delivered" %>

	<script type="text/javascript">

	$.ajaxSetup({
	headers: { 'X-CSRF-Token': '<%= form_authenticity_token.to_s %>' },
	timeout: 30000, // timeout after 30 seconds
	async: true,
	cache: false,
	// dataType: "json", // The type of data that you're expecting back from the server

	.change_pending {
	box-shadow: 0 0 10px 2px #eee;
	-webkit-animation: scaleout 1.0s infinite ease-in-out;
	animation: scaleout 1.0s infinite ease-in-out;
	}

	@-webkit-keyframes scaleout {
	0% { -webkit-transform: scale(0.0) }
	100% { -webkit-transform: scale(1.0); opacity: 0; }
	}

	require 'openssl'
	require 'base64'
	require "test/unit"

	BODY = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<dict>\n\t<key>Status</key>\n\t<string>Idle</string>\n\t<key>UDID</key>\n\t<string>b7ebaaa53fda9be2f7787eff7c1f4aca4e36f79d</string>\n</dict>\n</plist>\n"

	SIGNATURE_BASE64 = "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIHTCCA20wggJVoAMCAQICEESzOh1IytmdQqbap8VUON0wDQYJKoZIhvcNAQEFBQAwSTETMBEGCgmSJomT8ixkARkWA25ldDEWMBQGCgmSJomT8ixkARkWBnByb21kbTEaMBgGA1UEAxMRUHJvbWRtTkVUUm9vdENBdjEwHhcNMTIwOTI1MDgyODI2WhcNMzIwOTI1MDgzODI1WjBJMRMwEQYKCZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGcHJvbWRtMRowGAYDVQQDExFQcm9tZG1ORVRSb290Q0F2MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN43J/4Pimp7CEO7mA7V9A+Dj9NX1Cz0x97SncGqkh+x1xz6Ofoiq9vV2UC5DYIvGf3VVWErPwSXVQJ1Jd/uksCkVktC9zUfInYTb8dSGZ3MdrIntT83XWCkzPAjPZHOicBvU0hRCoY6r/FoQbVAIH+FnuEaGmXM+SYVbed6OLf3RN3DJPFw7y0xiJr3DRg

	# NGinx SSL certificate authentication signed by intermediate CA (chain)
	# http://stackoverflow.com/questions/8431528/nginx-ssl-certificate-authentication-signed-by-intermediate-ca-chain?rq=1

	server {
	listen 443 ssl;

	ssl_certificate ...
	ssl_certificate_key ...

	ssl_client_certificate /path/to/ca.crt;

	xport PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin
	if which rbenv > /dev/null; then eval "$(rbenv init -)"; fi

	# Git branch in prompt.
	parse_git_branch() {
	git branch 2> /dev/null \| sed -e '/^[^]/d' -e 's/ \(.*\)/ (\1)/'
	}
	export PS1="\u@\h \W\[\033[32m\]\$(parse_git_branch)\[\033[00m\] $ "
	export EDITOR='mate -w'
	# export LANG=hr_HR.UTF-8

	require 'active_support'
	require 'active_support/key_generator'
	# KeyGenerator is part of Rails since v4.0.0
	# https://github.com/rails/docrails/blob/master/activesupport/lib/active_support/key_generator.rb

	salt = SecureRandom.random_bytes(64)
	key = ActiveSupport::KeyGenerator.new('password1234').generate_key(salt)
	encryptor = ActiveSupport::MessageEncryptor.new(key)

	message = "Secret message in plain text"

	class API::V1::DevicesController < ApplicationController
	before_filter :authenticate!
	before_filter :find_device, only: [:update, :destroy, :capability, :push_mdm_commands]
	skip_before_filter :verify_authenticity_token

	respond_to :json, :xml
	rescue_from ActiveRecord::RecordNotFound, with: :record_not_found_error

	# curl -v -k -X GET -H "Content-Type: application/json" -H "Accept: application/json" -H 'Authorization: Token token=justesting' https://localhost:8443/api/v1/devices
	# default response format is json, append .xml for XML output: https://localhost:8443/api/v1/devices.xml