Tag: Ruby

Using Ruby gems is safe, right? We're a nice community of friendly beings that act towards the same goal: making Ruby better. But is that true? Can we just blindly use libraries, without making sure, that they are what they are supposed to be?

Learn how you can take over a gem, what you can do with it once you have it and what you can do to protect yourself against several types of attacks you're exposed to on a daily basis. Let's exploit the Ruby gems world, and its data together.

Slides are available here.

A short snippet on how to make Ruby on Rails authenticate_or_request_with_http_basic respond with a JSON valid message upon failure.

class ApplicationController < ActionController::API
  include(
    ActionController::HttpAuthentication::Basic::ControllerMethods
  )

  before_action :http_authenticate!

  def http_authenticate!
    authenticate_or_request_with_http_basic do |key, secret|
      return if Resource.find_by(
        key: key,
        secret: secret
      )
    end

    render(
      json: 'Invalid credentials'.to_json,
      status: 401
    )
  end
end

Cover photo by Vladimer Shioshvili on Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0) license.

Theme by Anders Noren — Up ↑

Tag: Ruby

How to take over a Ruby gem and what to do with it / RubyKaigi 2019 presentation

Ruby on Rails HTTP Basic authentication with JSON failure message