Create new person with rest-client post request

Question

I created an simple demo app, to experiment a little bit:

rails new rumba
rails g scaffold People name:string

Then i wrote an little programm to make an post request:

require 'rest_client'
response = RestClient.post 'localhost:3000/people', :people => {:name => 'Joseph'}
puts response

So far it works and generates an new people. The only problem im facing is that i think, that this wont work on heroku, because i provide no authentikation token:

Started POST "/people" for 127.0.0.1 at 2013-09-09 00:08:10 +0200
Processing by PeopleController#create as XML
Parameters: {"person"=>{"name"=>"Joseph"}}

WARNING: Can't verify CSRF token authenticity

←[1m←[35m (0.0ms)←[0m  begin transaction
←[1m←[36mSQL (2.0ms)←[0m  ←[1mINSERT INTO "people" ("created_at", "name", "upd
ated_at") VALUES (?, ?, ?)←[0m  [["created_at", Sun, 08 Sep 2013 22:08:10 UTC +0
0:00], ["name", "Joseph"], ["updated_at", Sun, 08 Sep 2013 22:08:10 UTC +00:00]]

So my question is how can i provide an authentication token in my RestClient.post request?

Answer 1

One solution is to create your own authenticity token. You would need to a couple of things.

1. Turn off csrf token in Rails.

2. Create an action that would give you an authenticity token in your Heroku app.

3. Make a request to the above mentioned action, then store the authenticity token that is given to you in your app.

4. When a request is sent to your Heroku app, create a filter that verifies the authenticity token before your action saves a person.

Since you are playing around, you could always set the token to a DateTime then check for how old the token is to verify it. However, if you ever wanted to do this on a production site, you would have to take much more consideration into how the authenticity token is created.