Restricting access to controllers methods #340
Comments
|
@gkopylov - thanks for your feedback. We do accept pull requests. |
gkopylov
added a commit
to gkopylov/devise_token_auth
that referenced
this issue
Aug 17, 2015
|
Ok, I have done some improvements but we still need to make this code better :-) |
|
Thanks, we will review ASAP.
I mostly agree with this, but let's proceed on a case-by-case basis. I worry sometimes about breaking up long functions just for the sake of it. I know that code climate complains about long functions, but there are also really good arguments for them. (This article for example.) |
booleanbetrayal
added a commit
that referenced
this issue
Aug 31, 2015
…ers_methods #340 Restrict access to controllers methods
neutronz
pushed a commit
to neutronz/devise_token_auth
that referenced
this issue
Sep 21, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, there.
The idea of this gem to improve security aspects of a token authentication is very nice, but some moments are bowl me out, for example there is almost no restriction access to controllers methods. It is a bad practice to make all methods public in controller, you can read about it here https://www.safaribooksonline.com/library/view/rails-cookbook/0596527314/ch04s13.html and here http://stackoverflow.com/questions/4495078/protected-and-private-methods-in-rails
Btw, I think there are some long methods that need to be refactored and we need to add rubocop to make the code cleaner.
PS. Is there any serious apps using this gem in production or it would be better to handle token authorization by yourself?(just curious).
The text was updated successfully, but these errors were encountered: