AWS |
AWS Compute Blog |
ICYMI: Serverless Q4 2021 |
https://aws.amazon.com/blogs/compute/icymi-serverless-q4-2021/
|
ICYMI Serverless Q Welcome to the th edition of the AWS Serverless ICYMI in case you missed it quarterly recap Every quarter we share all of the most recent product launches feature enhancements blog posts webinars Twitch live streams and other interesting things that you might have missed In case you missed our last ICYMI check out what … |
2022-01-04 13:21:02 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
PythonのPriority queue(優先度付きキュー)でPopすると最小値が取得できる |
https://qiita.com/84zume/items/0c05d210a375bce16a98
|
そのためPopすると最小値が取得できます。 |
2022-01-04 22:39:59 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
PySimpleGUIでforで使えるプログレスバーを作る |
https://qiita.com/towa_skm/items/092ba60a7e1aa55f8cb7
|
プログレスバーはsgProgressBarとして用意されているが、MAXが不明なマーキースタイルについては標準で用意されているものが見当たらなかったのでsgTextをみっちり並べて色を変えることでそれっぽい動きをさせるようにした。 |
2022-01-04 22:00:38 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
javascriptにcssを埋め込めず、style-loaderのバージョンを落としたら成功した話 |
https://qiita.com/sygnas/items/9360739967287b4f05f4
|
javascriptにcssを埋め込めず、styleloaderのバージョンを落としたら成功した話今まで正常に動いていたプロジェクトで、styleloaderをアップデートしたらSwiperのcssファイルが読み込まれなくなりました。 |
2022-01-04 22:53:03 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
calendarモジュールを使ったときfloat文が使えない |
https://teratail.com/questions/376639?rss=all
|
calendarモジュールを使ったときfloat文が使えない前提・実現したいことpythonの勉強をしていて、calendarモジュールを使っているときに変数を入れようとするとエラーコードが出ます。 |
2022-01-04 22:56:20 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Wordpress で 当月の月別アーカイブページにリンクさせたいです |
https://teratail.com/questions/376638?rss=all
|
Wordpressで当月の月別アーカイブページにリンクさせたいです前提・実現したいこと月別アーカイブでイベントのスケジュールページを作成しています。 |
2022-01-04 22:51:00 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Excel via でパワポのスライドマスター内の文字列を置換する |
https://teratail.com/questions/376637?rss=all
|
Excelviaでパワポのスライドマスター内の文字列を置換するExcelnbspVBAでパワーポイントの操作をしています。 |
2022-01-04 22:50:42 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
動画の指定時間へジャンプしたい |
https://teratail.com/questions/376636?rss=all
|
動画の指定時間へジャンプしたいお世話になっております。 |
2022-01-04 22:33:46 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
【AdMob】【リワード】5秒の動画のみを表示させたい |
https://teratail.com/questions/376635?rss=all
|
【AdMob】【リワード】秒の動画のみを表示させたい実現させたいことAdMobのリワードで秒の動画のみを表示させたいです秒の動画を排除概要Monacaでアプリ開発をしており、cordovaadmobplusプラグインを使用しています。 |
2022-01-04 22:30:52 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
siamese networkのペア付けをミニバッチごとに行いたい |
https://teratail.com/questions/376634?rss=all
|
siamesenetworkのペア付けをミニバッチごとに行いたい行いたいことsiamesenbspnetworkのペア付けをミニバッチごとに行えるように変更したいと考えています。 |
2022-01-04 22:30:45 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Andoroidエミュレータ起動時の エラーメッセージを解決したい |
https://teratail.com/questions/376633?rss=all
|
Andoroidエミュレータ起動時のエラーメッセージを解決したい前提・実現したいこと初めてアンドロイドアプリを作成しようと思いアンドロイドエミュレーターをインストールしました。 |
2022-01-04 22:24:07 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
python 正規表現でマッチした数を表示する方法について |
https://teratail.com/questions/376632?rss=all
|
python |
2022-01-04 22:05:58 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
継続を扱えるLispの簡易的な処理系をRubyで実装 |
https://qiita.com/tetetratra/items/da2b21ea74caaeb3dd73
|
最初の実装ではパースしたS式を再帰的に処理していたのですが、それだと第一級の継続を実装できないことに気づき、バイトコードに変換して処理する方式に切り替えました。 |
2022-01-04 22:23:31 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
[個人開発] 普段コンビニ食品を食べているが、成分が気になる方へ向けてのサービス 「healthy-combi」を開発しました。 |
https://qiita.com/takuya178/items/70ce1ca21529a0b3341e
|
RailsでのSへの画像の直接アップロードCarrierWaveで実装されている記事はいくつかあったのですが、ActiveStorageで実装している記事がほとんど見当たらず、画像を保存しようとするとエラーが発生してしまう。 |
2022-01-04 22:11:23 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
VPCサンプルシステムを構築してみた |
https://qiita.com/yakushikabuto/items/45f568b21f08154b0e2f
|
VPCサンプルシステムを構築してみた下記のようなVPCサンプルシステムを構築してみたインターネットからアクセスされるWebサーバーのECインスタンスとそのWebサーバーからアクセスされるDBのインスタンスからなるシステムをAWS上に構築するとします。 |
2022-01-04 22:27:49 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
AWS Amplify フレームワークの使い方Part18〜GraphQL Transform v2 @hasOne/@hasMany/@belongsTo/@manyToMany (旧@ connection)編〜 |
https://qiita.com/too/items/982dff46f9e70d5226d4
|
fields指定あり双方向データ取得なしprojectTeamIdの変数名を自分で指定したい場合は、以下のように記載します。 |
2022-01-04 22:24:34 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
【Rails7】Railsで数値を3桁で区切る |
https://qiita.com/Hassan/items/c529ac0cd641e9be5a67
|
【Rails】Railsで数値を桁で区切るRailsで数値を桁区切りにする際のメソッド名が変更された。 |
2022-01-04 22:51:28 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
[個人開発] 普段コンビニ食品を食べているが、成分が気になる方へ向けてのサービス 「healthy-combi」を開発しました。 |
https://qiita.com/takuya178/items/70ce1ca21529a0b3341e
|
RailsでのSへの画像の直接アップロードCarrierWaveで実装されている記事はいくつかあったのですが、ActiveStorageで実装している記事がほとんど見当たらず、画像を保存しようとするとエラーが発生してしまう。 |
2022-01-04 22:11:23 |
技術ブログ |
Developers.IO |
DASA DevOpsファンダメンタルを受講しました |
https://dev.classmethod.jp/articles/dasa-devops-tpp/
|
dasadevops |
2022-01-04 13:05:51 |
海外TECH |
MakeUseOf |
The Best Tablets for Students |
https://www.makeuseof.com/best-tablets-for-students/
|
power |
2022-01-04 13:51:16 |
海外TECH |
DEV Community |
Rails Authentication From Scratch (A Complete Guide) |
https://dev.to/stevepolitodesign/rails-authentication-from-scratch-38m2
|
Rails Authentication From Scratch A Complete Guide If you re like me then you probably take Devise for granted because you re too intimidated to roll your own authentication system As powerful as Devise is it s not perfect There are plenty of cases where I ve reached for it only to end up constrained by its features and design and wished I could customize it exactly to my liking Fortunately Rails gives you all the tools you need to roll your own authentication system from scratch without needing to depend on a gem The challenge is just knowing how to account for edge cases while being cognizant of security and best practices Step Build User ModelGenerate User model rails g model User email string db migrate timestamp create users rbclass CreateUsers lt ActiveRecord Migration def change create table users do t t string email null false t timestamps end add index users email unique true endendRun migrations rails db migrateAdd validations and callbacks app models user rbclass User lt ApplicationRecord before save downcase email validates email format with URI MailTo EMAIL REGEXP presence true uniqueness true private def downcase email self email email downcase endendWhat s Going On Here We prevent empty values from being saved into the email column through a null false constraint in addition to the presence validation We enforce unique email addresses at the database level through add index users email unique true in addition to a uniqueness validation We ensure all emails are valid through a format validation We save all emails to the database in a downcase format via a before save callback such that the values are saved in a consistent format We use URI MailTo EMAIL REGEXP that comes with Ruby to valid that the email address is properly formatted Step Add Confirmation and Password Columns to Users TableCreate migration rails g migration add confirmation and password columns to users confirmation token string confirmation sent at datetime confirmed at datetime password digest stringUpdate the migration db migrate timestamp add confirmation and password columns to users rbclass AddConfirmationAndPasswordColumnsToUsers lt ActiveRecord Migration def change add column users confirmation token string null false add column users confirmation sent at datetime add column users confirmed at datetime add column users password digest string null false add index users confirmation token unique true endendWhat s Going On Here The confirmation token column will store a random value created through the has secure token method when a record is saved This will be used to identify users in a secure way when we need to confirm their email address We add null false to prevent empty values and also add a unique index to ensure that no two users will have the same confirmation token You can think of this as a secure alternative to the id column The confirmation sent at column will be used to ensure a confirmation has not expired This is an added layer of security to prevent a confirmation token from being used multiple times The confirmed at column will be set when a user confirms their account This will help us determine who has confirmed their account and who has not The password digest column will store a hashed version of the user s password This is provided by the has secure password method Run migrations rails db migrateEnable and install BCrypt This is needed to use has secure password Gemfilegem bcrypt gt bundle installUpdate the User Model app models user rbclass User lt ApplicationRecord CONFIRMATION TOKEN EXPIRATION IN SECONDS minutes to i has secure password has secure token confirmation token before save downcase email validates email format with URI MailTo EMAIL REGEXP presence true uniqueness true def confirm update columns confirmed at Time current end def confirmed confirmed at present end def confirmation token is valid return false if confirmation sent at nil Time current confirmation sent at lt User CONFIRMATION TOKEN EXPIRATION IN SECONDS end def unconfirmed confirmed end private def downcase email self email email downcase endendWhat s Going On Here The has secure password method is added to give us an API to work with the password digest column The has secure token confirmation token method is added to give us an API to work with the confirmation token column The confirm method will be called when a user confirms their email address We still need to build this feature The confirmed and unconfirmed methods allow us to tell whether a user has confirmed their email address or not The confirmation token is valid method tells us if the confirmation token is expired or not This can be controlled by changing the value of the CONFIRMATION TOKEN EXPIRATION IN SECONDS constant This will be useful when we build the confirmation mailer Step Create Sign Up PagesCreate a simple home page since we ll need a place to redirect users to after they sign up rails g controller StaticPages homeCreate UsersController rails g controller Users app controllers users controller rbclass UsersController lt ApplicationController def create user User new user params if user save redirect to root path notice Please check your email for confirmation instructions else render new end end def new user User new end private def user params params require user permit email password password confirmation endendBuild sign up form lt app views shared form errors html erb gt lt if object errors any gt lt ul gt lt object errors full messages each do message gt lt li gt lt message gt lt li gt lt end gt lt ul gt lt end gt lt app views users new html erb gt lt form with model user url sign up path do form gt lt render partial shared form errors locals object form object gt lt div gt lt form label email gt lt form text field email required true gt lt div gt lt div gt lt form label password gt lt form password field password required true gt lt div gt lt div gt lt form label password confirmation gt lt form password field password confirmation required true gt lt div gt lt form submit Sign Up gt lt end gt Update routes config routes rbRails application routes draw do root static pages home post sign up to users create get sign up to users new end Step Create Confirmation PagesUsers now have a way to sign up but we need to verify their email address to prevent SPAM Create ConfirmationsControllerrails g controller Confirmations app controllers confirmations controller rbclass ConfirmationsController lt ApplicationController def create user User find by email params user email downcase if user present amp amp user unconfirmed redirect to root path notice Check your email for confirmation instructions else redirect to new confirmation path alert We could not find a user with that email or that email has already been confirmed end end def edit user User find by confirmation token params confirmation token if user present amp amp user confirmation token is valid user confirm redirect to root path notice Your account has been confirmed else redirect to new confirmation path alert Invalid token end end def new user User new endendBuild confirmation pages This page will be used in the case where a user did not receive their confirmation instructions and needs to have them resent lt app views confirmations new html erb gt lt form with model user url confirmations path do form gt lt form email field email required true gt lt form submit Confirm Email gt lt end gt Update routes config routes rbRails application routes draw do resources confirmations only create edit new param confirmation tokenendWhat s Going On Here The create action will be used to resend confirmation instructions to an unconfirmed user We still need to build this mailer and we still need to send this mailer when a user initially signs up This action will be requested via the form on app views confirmations new html erb Note that we call downcase on the email to account for case sensitivity when searching The edit action is used to confirm a user s email This will be the page that a user lands on when they click the confirmation link in their email We still need to build this Note that we re looking up a user through their confirmation token and not their email or ID This is because The confirmation token is randomly generated and can t be easily guessed unlike an email or numeric ID This is also why we added param confirmation token as a named route parameter Note that we check if their confirmation token has expired before confirming their account Step Create Confirmation MailerNow we need a way to send a confirmation email to our users for them to actually confirm their accounts Create a confirmation mailer rails g mailer User confirmation app mailers user mailer rbclass UserMailer lt ApplicationMailer default from User MAILER FROM EMAIL def confirmation user user user mail to user email subject Confirmation Instructions endend lt app views user mailer confirmation html erb gt lt h gt Confirmation Instructions lt h gt lt link to Click here to confirm your email edit confirmation url user confirmation token gt lt app views user mailer confirmation text erb gt Confirmation Instructions lt edit confirmation url user confirmation token gt Update User Model app models user rbclass User lt ApplicationRecord MAILER FROM EMAIL no reply example com def send confirmation email regenerate confirmation token update columns confirmation sent at Time current UserMailer confirmation self deliver now endendWhat s Going On Here The MAILER FROM EMAIL constant is a way for us to set the email used in the UserMailer This is optional The send confirmation email method will create a new confirmation token and update the value of confirmation sent at This is to ensure confirmation links expire and cannot be reused It will also send the confirmation email to the user We call update columns so that the updated at updated on columns are not updated This is personal preference but those columns should typically only be updated when the user updates their email or password The links in the mailer will take the user to ConfirmationsController edit at which point they ll be confirmed Configure Action Mailer so that links work locally Add a host to the test and development and later the production environments so that urls will work in mailers config environments test rbRails application configure do config action mailer default url options host example com end config environments development rbRails application configure do config action mailer default url options host localhost port endUpdate Controllers Now we can send a confirmation email when a user signs up or if they need to have it resent app controllers confirmations controller rbclass ConfirmationsController lt ApplicationController def create user User find by email params user email downcase if user present amp amp user unconfirmed user send confirmation email end endend app controllers users controller rbclass UsersController lt ApplicationController def create user User new user params if user save user send confirmation email end endend Step Create Current Model and Authentication ConcernCreate a model to store the current user app models current rbclass Current lt ActiveSupport CurrentAttributes attribute userendCreate a Concern to store helper methods that will be shared across the application app controllers concerns authentication rbmodule Authentication extend ActiveSupport Concern included do before action current user helper method current user helper method user signed in end def login user reset session session current user id user id end def logout reset session end def redirect if authenticated redirect to root path alert You are already logged in if user signed in end private def current user Current user session current user id amp amp User find by id session current user id end def user signed in Current user present endendLoad the Authentication Concern into the Application Controller app controllers application controller rbclass ApplicationController lt ActionController Base include AuthenticationendWhat s Going On Here The Current class inherits from ActiveSupport CurrentAttributes which allows us to keep all per request attributes easily available to the whole system In essence this will allow us to set a current user and have access to that user during each request to the server The Authentication Concern provides an interface for logging the user in and out We load it into the ApplicationController so that it will be used across the whole application The login method first resets the session to account for session fixation We set the user s ID in the session so that we can have access to the user across requests The user s ID won t be stored in plain text The cookie data is cryptographically signed to make it tamper proof And it is also encrypted so anyone with access to it can t read its contents The logout method simply resets the session The redirect if authenticated method checks to see if the user is logged in If they are they ll be redirected to the root path This will be useful on pages an authenticated user should not be able to access such as the login page The current user method returns a User and sets it as the user on the Current class we created We use memoization to avoid fetching the User each time we call the method We call the before action filter so that we have access to the current user before each request We also add this as a helper method so that we have access to current user in the views The user signed in method simply returns true or false depending on whether the user is signed in or not This is helpful for conditionally rendering items in views Step Create Login PageGenerate Sessions Controller rails g controller Sessions app controllers sessions controller rbclass SessionsController lt ApplicationController before action redirect if authenticated only create new def create user User find by email params user email downcase if user if user unconfirmed redirect to new confirmation path alert You must confirm your email before you can sign in elsif user authenticate params user password login user redirect to root path notice Signed in else flash now alert Incorrect email or password render new end else flash now alert Incorrect email or password render new end end def destroy logout redirect to root path notice Signed out end def new endendUpdate routes config routes rbRails application routes draw do post login to sessions create delete logout to sessions destroy get login to sessions new endAdd sign in form lt app views sessions new html erb gt lt form with url login path scope user do form gt lt div gt lt form label email gt lt form text field email required true gt lt div gt lt div gt lt form label password gt lt form password field password required true gt lt div gt lt form submit gt lt end gt What s Going On Here The create method simply checks if the user exists and is confirmed If they are then we check their password If the password is correct we log them in via the login method we created in the Authentication Concern Otherwise we render an alert We re able to call user authenticate because of has secure passwordNote that we call downcase on the email to account for case sensitivity when searching The destroy method simply calls the logout method we created in the Authentication Concern The login form is passed a scope user option so that the params are namespaced as params user some value This is not required but it helps keep things organized Step Update Existing ControllersUpdate Controllers to prevent authenticated users from accessing pages intended for anonymous users app controllers confirmations controller rbclass ConfirmationsController lt ApplicationController before action redirect if authenticated only create new def edit if user present amp amp user confirmation token is valid user confirm login user else end endendNote that we also call login user once a user is confirmed That way they ll be automatically logged in after confirming their email app controllers users controller rbclass UsersController lt ApplicationController before action redirect if authenticated only create new end Step Add Password Reset Columns to Users TableCreate migration rails g migration add password reset token to users password reset token string password reset sent at datetimeUpdate the migration db migrate timestamp add password reset token to users rbclass AddPasswordResetTokenToUsers lt ActiveRecord Migration def change add column users password reset token string null false add column users password reset sent at datetime add index users password reset token unique true endendWhat s Going On Here The password reset token column will store a random value created through the has secure token method when a record is saved This will be used to identify users in a secure way when they need to reset their password We add null false to prevent empty values and also add a unique index to ensure that no two users will have the same password reset token You can think of this as a secure alternative to the id column The password reset sent at column will be used to ensure a password reset link has not expired This is an added layer of security to prevent a password reset token from being used multiple times Run migration rails db migrateUpdate User Model app models user rbclass User lt ApplicationRecord PASSWORD RESET TOKEN EXPIRATION IN SECONDS minutes to i has secure token password reset token def password reset token has expired return true if password reset sent at nil Time current password reset sent at gt User PASSWORD RESET TOKEN EXPIRATION IN SECONDS end def send password reset email regenerate password reset token update columns password reset sent at Time current UserMailer password reset self deliver now end endUpdate User Mailer app mailers user mailer rbclass UserMailer lt ApplicationMailer def password reset user user user mail to user email subject Password Reset Instructions endend lt app views user mailer password reset html erb gt lt h gt Password Reset Instructions lt h gt lt link to Click here to reset your password edit password url user password reset token gt lt app views user mailer password reset text erb gt Password Reset Instructions lt edit password url user password reset token gt What s Going On Here The has secure token password reset token method is added to give us an API to work with the password reset token column The password reset token has expired method tells us if the password reset token is expired or not This can be controlled by changing the value of the PASSWORD RESET TOKEN EXPIRATION IN SECONDS constant This will be useful when we build the password reset mailer The send password reset email method will create a new password reset token and update the value of password reset sent at This is to ensure password reset links expire and cannot be reused It will also send the password reset email to the user We still need to build this Step Build Password Reset FormsCreate PasswordsController rails g controller Passwords app controllers passwords controller rbclass PasswordsController lt ApplicationController before action redirect if authenticated def create user User find by email params user email downcase if user present if user confirmed user send password reset email redirect to root path notice If that user exists we ve sent instructions to their email else redirect to new confirmation path alert Please confirm your email first end else redirect to root path notice If that user exists we ve sent instructions to their email end end def edit user User find by password reset token params password reset token if user present amp amp user unconfirmed redirect to new confirmation path alert You must confirm your email before you can sign in elsif user nil user password reset token has expired redirect to new password path alert Invalid or expired token end end def new end def update user User find by password reset token params password reset token if user if user unconfirmed redirect to new confirmation path alert You must confirm your email before you can sign in elsif user password reset token has expired redirect to new password path alert Incorrect email or password elsif user update password params redirect to login path notice Signed in else flash now alert user errors full messages to sentence render edit end else flash now alert Incorrect email or password render new end end private def password params params require user permit password password confirmation endendWhat s Going On Here The create action will send an email to the user containing a link that will allow them to reset the password The link will contain their password reset token which is unique and expires Note that we call downcase on the email to account for case sensitivity when searching Note that we return If that user exists we ve sent instructions to their email even if the user is not found This makes it difficult for a bad actor to use the reset form to see which email accounts exist on the application The edit action renders simply renders the form for the user to update their password It attempts to find a user by their password reset token You can think of the password reset token as a way to identify the user much like how we normally identify records by their ID However the password reset token is randomly generated and will expire so it s more secure The new action simply renders a form for the user to put their email address in to receive the password reset email The update also ensures the user is identified by their password reset token It s not enough to just do this on the edit action since a bad actor could make a PUT request to the server and bypass the form If the user exists and is confirmed and their password token has not expired we update their password to the one they will set in the form Otherwise we handle each failure case differently Update Routes config routes rbRails application routes draw do resources passwords only create edit new update param password reset tokenendWhat s Going On Here We add param password reset token as a named route parameter to the so that we can identify users by their password reset token and not id This is similar to what we did with the confirmations routes and ensures a user cannot be identified by their ID Build forms lt app views passwords new html erb gt lt form with url passwords path scope user do form gt lt form email field email required true gt lt form submit Reset Password gt lt end gt lt app views passwords edit html erb gt lt form with url password path user password reset token scope user method put do form gt lt div gt lt form label password gt lt form password field password required true gt lt div gt lt div gt lt form label password confirmation gt lt form password field password confirmation required true gt lt div gt lt form submit Update Password gt lt end gt What s Going On Here The password reset form is passed a scope user option so that the params are namespaced as params user some value This is not required but it helps keep things organized Step Add Unconfirmed Email Column To Users TableCreate migration and run migrationrails g migration add unconfirmed email to users unconfirmed email stringrails db migrateUpdate User Model app models user rbclass User lt ApplicationRecord attr accessor current password before save downcase unconfirmed email validates unconfirmed email format with URI MailTo EMAIL REGEXP allow blank true def confirm if unconfirmed or reconfirming if unconfirmed email present return false unless update email unconfirmed email unconfirmed email nil end update columns confirmed at Time current else false end end def confirmable email if unconfirmed email present unconfirmed email else email end end def reconfirming unconfirmed email present end def unconfirmed or reconfirming unconfirmed reconfirming end private def downcase unconfirmed email return if unconfirmed email nil self unconfirmed email unconfirmed email downcase endendWhat s Going On Here We add a unconfirmed email column to the users table so that we have a place to store the email a user is trying to use after their account has been confirmed with their original email We add attr accessor current password so that we ll be able to use f password field current password in the user form which doesn t exist yet This will allow us to require the user to submit their current password before they can update their account We ensure to format the unconfirmed email before saving it to the database This ensures all data is saved consistently We add validations to the unconfirmed email column ensuring it s a valid email address We update the confirm method to set the email column to the value of the unconfirmed email column and then clear out the unconfirmed email column This will only happen if a user is trying to confirm a new email address Note that we return false if updating the email address fails This could happen if a user tries to confirm an email address that has already been confirmed We add the confirmable email method so that we can call the correct email in the updated UserMailer We add reconfirming and unconfirmed or reconfirming to help us determine what state a user is in This will come in handy later in our controllers Update User Mailer app mailers user mailer rbclass UserMailer lt ApplicationMailer def confirmation user mail to user confirmable email subject Confirmation Instructions endendUpdate Confirmations Controller app controllers confirmations controller rbclass ConfirmationsController lt ApplicationController def edit if user present amp amp user confirmation token is valid if user confirm login user redirect to root path notice Your account has been confirmed else redirect to new confirmation path alert Something went wrong end else end end endWhat s Going On Here We update the edit method to account for the return value of user confirm If for some reason user confirm returns false which would most likely happen if the email has already been taken then we render a generic error This prevents leaking email addresses Step Update Users ControllerUpdate Authentication Concern app controllers concerns authentication rbmodule Authentication def authenticate user redirect to login path alert You need to login to access that page unless user signed in end endWhat s Going On Here The authenticate user method can be called to ensure an anonymous user cannot access a page that requires a user to be logged in We ll need this when we build the page allowing a user to edit or delete their profile Add destroy edit and update methods Modify create method and user params app controllers users controller rbclass UsersController lt ApplicationController before action authenticate user only edit destroy update def create user User new create user params end def destroy current user destroy reset session redirect to root path notice Your account has been deleted end def edit user current user end def update user current user if user authenticate params user current password if user update update user params if params user unconfirmed email present user send confirmation email redirect to root path notice Check your email for confirmation instructions else redirect to root path notice Account updated end else render edit status unprocessable entity end else flash now error Incorrect password render edit status unprocessable entity end end private def create user params params require user permit email password password confirmation end def update user params params require user permit current password password password confirmation unconfirmed email endendWhat s Going On Here We call redirect if authenticated before editing destroying or updating a user since only an authenticated use should be able to do this We update the create method to accept create user params formerly user params This is because we re going to require different parameters for creating an account vs editing an account The destroy action simply deletes the user and logs them out Note that we re calling current user so this action can only be scoped to the user who is logged in The edit action simply assigns user to the current user so that we have access to the user in the edit form The update action first checks if their password is correct Note that we re passing this in as current password and not password This is because we still want a user to be able to change their password and therefore we need another parameter to store this value This is also why we have a private update user params method If the user is updating their email address via unconfirmed email we send a confirmation email to that new email address before setting it as the email value We force a user to always put in their current password as an extra security measure in case someone leaves their browser open on a public computer Update routes config routes rbRails application routes draw do put account to users update get account to users edit delete account to users destroy endCreate an edit form lt app views users edit html erb gt lt form with model user url account path method put do form gt lt render partial shared form errors locals object form object gt lt div gt lt form label email Current Email gt lt form text field email disabled true gt lt div gt lt div gt lt form label unconfirmed email New Email gt lt form text field unconfirmed email gt lt div gt lt div gt lt form label password Password leave blank if you don t want to change it gt lt form password field password gt lt div gt lt div gt lt form label password confirmation gt lt form password field password confirmation gt lt div gt lt hr gt lt div gt lt form label current password Current password we need your current password to confirm your changes gt lt form password field current password required true gt lt div gt lt form submit Update Account gt lt end gt What s Going On Here We disable the email field to ensure we re not passing that value back to the controller This is just so the user can see what their current email is We require the current password field since we ll always want a user to confirm their password before making changes The password and password confirmation fields are there if a user wants to update their current password Step Update Confirmations ControllerUpdate edit action app controllers confirmations controller rbclass ConfirmationsController lt ApplicationController def edit if user present amp amp user unconfirmed or reconfirming amp amp user confirmation token is valid end end endWhat s Going On Here We add user unconfirmed or reconfirming to the conditional to ensure only unconfirmed users or users who are reconfirming can access this page This is necessary since we re now allowing users to confirm new email addresses Step Add Remember Token Column to Users TableCreate migration rails g migration add remember token to users remember token stringUpdate migration db migrate timestamp add remember token to users rbclass AddRememberTokenToUsers lt ActiveRecord Migration def change add column users remember token string null false add index users remember token unique true endendWhat s Going On Here We add null false to ensure this column always has a value We add a unique index to ensure this column has unique data Run migrations rails db migrateUpdate the User model app models user rbclass User lt ApplicationRecord has secure token remember token endWhat s Going On Here Just like the confirmation token and password reset token columns we call has secure token on the remember token This ensures that the value for this column will be set when the record is created This value will be used later to securely identify the user Step Update Authentication ConcernAdd new helper methods app controllers concerns authentication rbmodule Authentication extend ActiveSupport Concern def forget user cookies delete remember token user regenerate remember token end def remember user user regenerate remember token cookies permanent encrypted remember token user remember token end private def current user Current user if session current user id present User find by id session current user id elsif cookies permanent encrypted remember token present User find by remember token cookies permanent encrypted remember token end end endWhat s Going On Here The remember method first regenerates a new remember token to ensure these values are being rotated and can t be used more than once We get the regenerate remember token method from has secure token Next we assigned this value to a cookie The call to permanent ensures the cookie won t expire until years from now The call to encrypted ensures the value will be encrypted This is vital since this value is used to identify the user and is being set in the browser The forget method deletes the cookie and regenerates a new remember token to ensure these values are being rotated and can t be used more than once We update the current user method by adding a conditional to first try and find the user by the session and then fallback to finding the user by the cookie This is the logic that allows a user to completely exit their browser and remain logged in when they return to the website since the cookie will still be set Step Update Sessions ControllerUpdate the create and destroy methods app controllers sessions controller rbclass SessionsController lt ApplicationController before action authenticate user only destroy def create if user if user unconfirmed elsif user authenticate params user password login user remember user if params user remember me else end else end end def destroy forget current user end endWhat s Going On Here We conditionally call remember user in the create method if the user has checked the Remember me checkbox We still need to add this to our form We call forget current user in the destroy method to ensure we delete the remember me cookie and regenerate the user s remember token token We also add a before action to ensure only authenticated users can access the destroy action Add the Remember me checkbox to the login form lt app views sessions new html erb gt lt form with url login path scope user do form gt lt div gt lt form label remember me gt lt form check box remember me gt lt div gt lt form submit Sign In gt lt end gt Step Add Friendly RedirectsUpdate Authentication Concern app controllers concerns authentication rbmodule Authentication def authenticate user store location end def store location session user return to request original url if request get amp amp request local end endWhat s Going On Here The store location method stores the request original url in the session so it can be retrieved later We only do this if the request made was a get request We also call request local to ensure it was a local request This prevents redirecting to an external application We call store location in the authenticate user method so that we can save the path to the page the user was trying to visit before they were redirected to the login page We need to do this before visiting the login page otherwise the call to request original url will always return the url to the login page Update Sessions Controller app controllers sessions controller rbclass SessionsController lt ApplicationController def create if user if user unconfirmed elsif user authenticate params user password after login path session user return to root path login user remember user if params user remember me redirect to after login path notice Signed in else end else end end endWhat s Going On Here The after login path variable it set to be whatever is in the session user return to If there s nothing in session user return to then it defaults to the root path Note that we call this method before calling login This is because login calls reset session which would deleted the session user return to Step Account for Timing AttacksUpdate the User model Note that this class method will be available in Rails app models user rbclass User lt ApplicationRecord def self authenticate by attributes passwords identifiers attributes to h partition do name value has attribute name amp amp has attribute name digest end map amp to h raise ArgumentError One or more password arguments are required if passwords empty raise ArgumentError One or more finder arguments are required if identifiers empty if record find by identifiers record if passwords count name value record public send authenticate name value passwords size else new passwords nil end end endWhat s Going On Here This class method serves to find a user using the non password attributes such as email and then authenticates that record using the password attributes Regardless of whether a user is found or authentication succeeds authenticate by will take the same amount of time This prevents timing based enumeration attacks wherein an attacker can determine if a password record exists even without knowing the password Update the Sessions Controller app controllers sessions controller rbclass SessionsController lt ApplicationController def create user User authenticate by email params user email downcase password params user password if user if user unconfirmed redirect to new confirmation path alert You must confirm your email before you can sign in else after login path session user return to root path login user remember user if params user remember me redirect to after login path notice Signed in end else flash now alert Incorrect email or password render new end end endWhat s Going On Here We refactor the create method to always start by finding and authenticating the user Not only does this prevent timing attacks but it also prevents accidentally leaking email addresses This is because we were originally checking if a user was confirmed before authenticating them That means a bad actor could try and sign in with an email address to see if it exists on the system without needing to know the password Step Account for Session Replay AttacksNote that this refactor prevents a user from being logged into multiple devices and browsers at one time We re currently setting the user s ID in the session Even though that value is encrypted the encrypted value doesn t change since it s based on the user id which doesn t change This means that if a bad actor were to get a copy of the session they would have access to a victim s account in perpetuity One solution is to rotate encrypted and signed cookie configurations Another solution is to use a rotating value to identify the user which is what we ll be doing A third option is to configure the Rails session store to use mem cache store to store session data You can read more about session replay attacks here Add a session token column to the users table rails g migration add session token to users session token stringUpdate migration db migrate timestamp add session token to users rbclass AddSessionTokenToUsers lt ActiveRecord Migration def change add column users session token string null false add index users session token unique true endendWhat s Going On Here Similar to the confirmation token password reset token and remember token prevent the session token from being null and enforce that it has a unique value Update User Model app models user rbclass User lt ApplicationRecord has secure token session token endUpdate Authentication Concern app controllers concerns authentication rbmodule Authentication def login user reset session user regenerate session token session current user session token user reload session token end def logout user current user reset session user regenerate session token end private def current user Current user if session current user session token present User find by session token session current user session token elsif cookies permanent encrypted remember token present User find by remember token cookies permanent encrypted remember token end end endWhat s Going On Here We update the login method by adding a call to user regenerate session token This will reset the valid of the session token through the has secure token API We then store that value in the session We updated the logout method by first setting the current user as a variable This is because once we call reset session we lose access to the current user We then call user regenerate session token which will update the value of the session token on the user that just signed out Finally we update the current user method to look for the session current user session token instead of the session current user id and to query for the User by the session token value Force SSL config environments production rbRails application configure do config force ssl trueendWhat s Going On Here We force SSL in production to prevent session hijacking Even though the session is encrypted we want to prevent the cookie from being exposed through an insecure network If it were exposed a bad actor could sign in as the victim |
2022-01-04 13:33:53 |
海外TECH |
DEV Community |
Death to Tribal Knowledge |
https://dev.to/thawkin3/death-to-tribal-knowledge-d39
|
Death to Tribal KnowledgeDocumentation is a struggle for nearly every company When information is undocumented it remains as “tribal knowledge information that someone new to the company must ask others about in order to learn This may work fine for a time but what happens when those with the knowledge are unavailable Or worse what happens when those people leave the company The knowledge leaves with them Ridding your company of tribal knowledge is difficult in practice but it can be done in three simple steps First document the information Second make sure people know where to find it Third make sure the documentation stays up to date Getting Things DocumentedGetting started may feel daunting so the best thing to do is to just start writing something Ask yourself what you wish you knew when you started at your company Or better yet ask a new hire what they are still struggling to understand or find answers to For software engineers the following topics may be worth documenting How do we run our app locally What does our release process look like Are there various environments the code gets promoted to Do we follow CI CD best practices How often does code get deployed to production What branching strategy do we use What does the code review process look like Do we have a set of guidelines we all agree to follow What version control system do we use What browsers and environments do we support What does our QA process look like Do we have dedicated QA engineers or are software engineers expected to QA their own code What browsers or environments do we support Is our app mobile responsive Is it a web app a desktop app a mobile app a progressive web app PWA or some combination of all of the above What are our test coverage standards Is our app accessible Do we comply with any part of the Web Content Accessibility Guidelines WCAG What screen reader browser combinations do we support How do we translate content in our app What internationalization or localization libraries do we use Do we work with third party vendors to translate our text How do we track our work Do we use Jira or Workfront or some other tool Do we practice Scrum How long is each sprint How do we estimate our work What does a story point represent What tools do we use for things like error monitoring logging or measuring application performance metrics New Relic Sentry Datadog Splunk Sumo Logic etc What Slack channels should I join Where do I go to ask certain questions How often do we hold ons What is the best way to mark time off on shared calendars or submit PTO requests What are the core responsibilities of my team What parts of the app do we own What does our app architecture look like Document all those things and you ll be off to a great start I m sure you can think of other things that are specific to your organization that are worth documenting as well Spreading the WordOnce things are documented it s important that people know that the documentation exists and where to find the wiki pages If people don t know about the documentation or how to find it the documentation may as well not exist Keeping the documentation all in one place and making your content searchable is probably the most important problem to solve here Ideally you should use a platform like Notion or Confluence that everyone in the company can access and contribute to Keeping it FreshIf you have existing documentation and people know about it you re doing great The last hurdle to overcome is making sure that your documentation stays up to date As time passes processes change and wikis naturally get out of date Stale documentation with misleading info is the worst so finding a good way to keep track of existing documentation and showing ownership in updating it when things change is the problem to solve here New hires in this instance are again one of the best resources you have If a new hire is setting up their app locally and runs into issues when following the setup documentation they should take the time to update the documentation with the correct steps If your company is actively hiring this ensures that fresh eyes will be following and improving the documentation every month The same goes for every other current employee Any time someone finds information in a wiki that is incorrect they should do their due diligence and update the documentation Ignoring the bad information won t make things any easier for the next person who stumbles across the same page But by taking a few minutes to correct any misinformation when it s noticed you make life so much easier for the next person The struggle of keeping documentation up to date is more of a people problem than a technical one Keeping information relevant and accurate requires discipline and a sense of ownership from everyone in the company ConclusionAny time you encounter tribal knowledge document it Make sure people know about the documentation Help create a culture of ownership where updating documentation is something everyone does consistently Death to tribal knowledge |
2022-01-04 13:14:45 |
海外TECH |
Engadget |
JBL's first gaming microphone is the USB 'Quantum Stream' |
https://www.engadget.com/jbl-usb-quantum-stream-gaming-mic-130057253.html?src=rss
|
JBL x s first gaming microphone is the USB x Quantum Stream x JBL has expanded its Quantum gaming line with new products including its first USB microphone aimed at streamers and podcasters The JBL Quantum Stream is a dual condenser mic with two selectable voice pickup patterns One of those patterns gives you a way to make sure the mic focuses on your voice while the other was designed to capture everyone s voice in case you re in a group call or recording a podcast with someone The Quantum Stream also has a mute button and controls that allow you to adjust your voice volume directly on the device itself It will set you back when it makes its way to JBL s website and to retailers this spring The company has also introduced its first true wireless earbuds for the line the JBL Quantum TWS They have Adaptive Noise Cancelling and ambient aware features giving them the capability to automatically adjust how much noise gets in based on your surroundings They have JBL s QuantumSURROUND feature that enables spatial surround sound as well along with support for various voice assistants The wireless earbuds can connect to a mobile device via Bluetooth but they also come with a USB C dongle for low latency connection to PCs the PlayStation and the Nintendo Switch When it comes to battery life the earbuds can last for eight hours with the charging case providing additional hours The earbuds will also be available this spring and will sell for JBLFinally JBL has added three new over ear headsets to the line the JBL Quantum JBL Quantum and JBL Quantum The Quantum comes with the JBL QuantumSPHERE which is the brand s proprietary head tracking technology making it the first wireless device with the feature Both the Quantum and headsets have Active Noise Cancelling and can connect to consoles PCs and mobile via G wireless or Bluetooth Meanwhile the only has G wireless connection though it has the longest battery life of the three and can last for up to hours The Quantum will sell for the Quantum for and the Quantum for when they come out this spring Follow all of the latest news from CES right here |
2022-01-04 13:00:57 |
海外TECH |
Engadget |
Harman would like to sell you some $1,000 headphones |
https://www.engadget.com/mark-levinson-5909-headphones-announced-price-specs-130056543.html?src=rss
|
Harman would like to sell you some headphonesNot so long ago the internet was debating what the folks at Apple were thinking charging for the AirPods Max At CES luxury audio brand Mark Levinson would like a word The Harman owned company which also owns AKG JBL and Harman Kardon and is itself a Samsung subsidiary mostly known for its high end home and car audio systems has announced its first wireless headphones the No While they offer everything you d expect from a premium set they have a nearly price tag that only a select few might commit to nbsp The over ear No packs mm Beryllium drivers quot expertly tuned to the Harman curve quot The company explains that quot the Harman curve quot is acoustic response that it says has taken decades of research to construct The result here is quot incredible acoustic performance quot in a set of quot reference class quot wireless headphones Mark Levinson says that audio performance meets the guidelines for Hi Res Audio certification thanks to bit kHz signal processing and kHz acoustic response The No supports LDAC AAC and aptX Adaptive wireless codecs via Bluetooth Mark Levinson promises you ll hear details you haven t before like quot the slightest breath an artist takes quot or quot a hidden harmony quot The company explains that the same quot world class sound engineers quot that built the luxury brand s amps turntables and streaming players are behind the tuning of the ultra pricey No Mark Levinson HarmanSound quality isn t the only consideration though The No has adaptive active noise cancellation ANC with three modes quot for premium sound isolation quot and an Ambient Aware feature that lets you tune into your surroundings as needed The company also packed in four microphones for calls that are equipped with a so called Smart Wind Adaption feature The materials used to make the headphones are also better than the mostly plastic sets we typically see The No is built with an aluminum frame painted metallic earcups leather headband and replaceable leather ear cushions An included hard shell travel case comes stocked with a USB C charging cable USB C to USB A adaptor two USB C to mm cables mm to mm adaptor airplane adaptor and a polishing cloth Basically it s everything you d need to use the headphones on any setup ーwired wireless or while traveling nbsp Mark Levinson says you can expect up to hours of use with adaptive ANC active and up to hours with the feature disabled A quick charge feature will give you up to six hours of play time in minutes Via an app for Android and iOS you ll get some control over the headphones but the company didn t go into specifics there nbsp The No will be available in black pewter and red color options starting today for Follow all of the latest news from CES right here |
2022-01-04 13:00:56 |
海外TECH |
Engadget |
JBL expands its true wireless lineup with three new ANC models |
https://www.engadget.com/jbl-true-wireless-earbuds-lineup-ces-2022-130052913.html?src=rss
|
JBL expands its true wireless lineup with three new ANC modelsIt wouldn t be CES without a barrage of audio devices from JBL Part of that annual deluge is a collection of true wireless earbuds and this year is no different Today the company is debuting three new models with active noise cancellation ANC and at least seven hours of battery life Each one is also at least IPX rated for water and sweat resistance so all three can stand up to your workouts in the new year nbsp First the JBL Live Pro offers an AirPod like stickbud design and adaptive ANC This model also has a quot smart ambient quot mode that allows you to adjust the amount of background noise the earbuds let in JBL says you can enable hands free voice control through its headphones app for either Amazon Alexa or Google Assistant while on board touch controls are available for core functions Six microphones quot deliver superior call quality quot according to JBL by isolating noise and wind and focusing on your voice The company says you can expect up to hours of use on the earbuds themselves with another hours in the case That case supports wireless charging via Qi compatible accessories and minutes will give you four hours of playback nbsp JBL Live Free JBLFor those who prefer a more quot traditional quot true wireless earbud design the tiny JBL Live Free might be more your speed Like the Live Pro they feature adaptive noise cancelling smart ambient mode hands free voice control a six mic setup for calls and on board touch controls The main difference aside from the design is that the Live Free only lasts seven hours on a charge with an additional hours in the case There s no quick charge mode and wireless charging isn t on the spec sheet here However the Live Free is the most compact of the three new models when it comes to overall earbud size Lastly The JBL Reflect Aero is built specifically for workouts complete with an adjustable ear fin to hold them in place They re IP rated so they offer protection from dust in addition to improved water proofing over the other two models Adaptive ANC smart ambient mode hands free voice control on board touch controls and six microphones to handle calls are all part of the features list JBL says you can expect up to eight hours of battery life on the earbuds with two full charges in the case hours There s no mention of quick charging or compatibility with Qi accessories here so if that s a dealbreaker you ll have to live with the stickbud Live Pro out of the company s trio of new devices nbsp JBL Reflect AeroJBLThe Live Pro Live Free and Reflect Aero are all priced at and are scheduled to arrive sometime this spring nbsp Follow all of the latest news from CES right here |
2022-01-04 13:00:52 |
ニュース |
BBC News - Home |
We can't jab world every four to six months - scientist |
https://www.bbc.co.uk/news/uk-59865108?at_medium=RSS&at_campaign=KARANGA
|
andrew |
2022-01-04 13:26:48 |
ニュース |
BBC News - Home |
Sir Keir Starmer sets out vision of 'straight leadership' |
https://www.bbc.co.uk/news/uk-politics-59862654?at_medium=RSS&at_campaign=KARANGA
|
restore |
2022-01-04 13:19:30 |
ニュース |
BBC News - Home |
Murray loses in Melbourne, GB beaten by Canada in ATP Cup |
https://www.bbc.co.uk/sport/tennis/59865328?at_medium=RSS&at_campaign=KARANGA
|
melbourne |
2022-01-04 13:08:23 |
LifeHuck |
ライフハッカー[日本版] |
うっかり鼻毛は悲しい。安全に深く処理できる『パナソニックのエチケットカッター』|これ買ってよかった |
https://www.lifehacker.jp/2022/01/248236best-buy-panasonic-er-gn11.html
|
鼻毛 |
2022-01-04 22:05:00 |
北海道 |
北海道新聞 |
D・ボウイさんの楽曲の権利取得 米ワーナー、290億円 |
https://www.hokkaido-np.co.jp/article/630031/
|
音楽 |
2022-01-04 22:16:00 |
北海道 |
北海道新聞 |
「核保有国に説明責任問う」 ピースボート、会議再延期受け |
https://www.hokkaido-np.co.jp/article/630030/
|
核保有国 |
2022-01-04 22:12:00 |
北海道 |
北海道新聞 |
23年G7サミットで準備室設置 首相、6月に開催地選定 |
https://www.hokkaido-np.co.jp/article/630029/
|
首脳会議 |
2022-01-04 22:12:00 |
北海道 |
北海道新聞 |
ジョコビッチ、全豪出場へ ワクチン接種義務免除で |
https://www.hokkaido-np.co.jp/article/630028/
|
世界ランキング |
2022-01-04 22:07:00 |
北海道 |
北海道新聞 |
国連報告者訪日再び要請 福島調査、調整中と外務省 |
https://www.hokkaido-np.co.jp/article/630027/
|
原発事故 |
2022-01-04 22:07:00 |
北海道 |
北海道新聞 |
五輪フェアプレー賞に四十住ら スケボー7選手を選出 |
https://www.hokkaido-np.co.jp/article/630026/
|
国際オリンピック委員会 |
2022-01-04 22:07:00 |
仮想通貨 |
BITPRESS(ビットプレス) |
[Bloomberg] ビットコイン10万ドルに、米当局は引き締め徹底の勇気欠く-NEXO |
https://bitpress.jp/count2/3_9_12974
|
bloomberg |
2022-01-04 22:14:39 |
仮想通貨 |
BITPRESS(ビットプレス) |
[FT] 新興仮想通貨、ビットコイン覇権に挑む |
https://bitpress.jp/count2/3_9_12973
|
新興 |
2022-01-04 22:01:22 |
海外TECH |
reddit |
誰も必要としていないものが、必要なものとしての幻想を与えられるんだ。簡単だよ。情報をどんどん作っていきゃあいいんだ。住むんなら港区です、車ならBMWです、時計はロレックスです、ってね。 |
https://www.reddit.com/r/newsokunomoral/comments/rvu1hb/誰も必要としていないものが必要なものとしての幻想を与えられるんだ簡単だよ情報をどんどん作っていきゃあ/
|
ewsokunomorallinkcomments |
2022-01-04 13:10:22 |
コメント
コメントを投稿