Our Blog

Using Devise for Authentication in Rails Without Database Stored Accounts

By Kevin Campusano
January 19, 2023

We can pretty much say that thanks to the venerable Devise gem, the authentication problem has been solved in Ruby on Rails. There are some instances however, when the requirements veer a little further away from convention and some customization needs to happen.

Such was the case of a recent project where we had to implement authentication and session management on a small web application that would serve as an API gateway into other system components. The interesting part was that there was no database to store accounts, and credentials would have to be validated against an external web service.

Luckily for us, the Devise gem is customizable enough to be able to fulfill this requirement via custom authentication strategies. With custom authentication strategies, one can implement completely bespoke authentication logic while still enjoying a lot of the features that Devise offers out of the box.

In this article, we’re going to walk through doing just that. Let’s get started.

To learn more about this capability of Devise, and how it relates to the underlying Warden concepts, here are some interesting sources:

• Remote authentication with devise
• Devise authentication …

Developing Rails Apps in a Dev Container with VS Code

By Kevin Campusano
January 13, 2023

One of the great gifts from the advent of Docker and containers is the ability to get a good development environment up and running very quickly. Regardless of programming language or tech stack, there is probably an image in DockerHub or elsewhere that you can use to set up a container for development, either verbatim or as a basis for more complex setups.

Moreover, even if your development environment is complex, once you have containerized it, it’s easy to replicate for new team members.

VS Code, one of the most popular editors/IDEs today, with help from the Dev Containers extension, makes the task of setting up a container for software development easier than ever.

To demonstrate that, we’re going to walk through setting up such an environment for developing Ruby on Rails applications.

Setting up a Ruby Dev Container

As I alluded to before, all we need is Docker, VS Code, and the extension. Once you have those installed, we can easily create a new Docker container ready for Ruby on Rails development and have VS Code connect to it, resulting in a fully featured development environment.

Creating the configuration file

To get started, create a new directory and open …

Updating Ruby on Rails

By Couragyn Chretien
January 12, 2023

Updating your app to the latest versions of the framework it was built on, and dependencies it uses, is an important part of the development process. It may seem like a waste to invest time and money into it, but it can bring as much value as a new feature.

One good thing about using a framework like Ruby on Rails is that security features are baked in. This saves development time as the developer doesn’t have to re-create the wheel for logins, permissions, authentication, etc. There are many users of the framework who work together to can catch and patch vulnerabilities. Unfortunately, this means if your app hasn’t been updated its weaknesses become more obvious. A black hat attacker has easy access to a list of past Rails vulnerabilities.

Have you ever been to a website that hasn’t been updated for a while and found that everything moves slower than you’re used to? As technology improves and functions are optimized application processing time can be reduced. Most releases come with a performance update that can help your application keep up with the best of them.

The gems your application uses also come out with updates to add new features and …

Kubernetes environment variables, ConfigMaps and Secrets

By Jeffry Johar
January 10, 2023

Photo by Jeffry Johar

There are 3 ways to set environment variables for the container in the Kubernetes Pod: hard-coding, ConfigMaps, and Secrets, each with its own use case.

For those who are taking the Certified Kubernetes Administrator exam, you need to know all of these by heart. These skills fall under the domain of workloads and scheduling, which is 15% of the exam.

Let’s go over how to create environment variables based on these methods.

Hard-coding

This is the method that enables us to define the environment variables in the containers section of the Pod manifest. When using this method the environment variables will be visible when we describe the Pod. The following is an example of defining the environment variables PET01=cat and PET02=dog in an nginx container.

As with most Kubernetes resources, there are 2 ways of creating Pods. You can use either one of them. The first way is the imperative way, using the kubectl CLI. This is the preferred method for the CKA exam because it is convenient, fast, and saves time. The second way is the declarative way which requires you to build the YAML file and apply it.

The imperative

kubectl run mynginx --image=nginx …

How to write end-to-end & component tests with Cypress in Vue.js

By Edgar Mlowe
December 10, 2022

Is writing tests painful for you? In this tutorial, I explain how to handle UI testing with Cypress and hope to convince you that writing tests is not always so tedious and expensive, but can be fun instead.

Cypress is a purely JavaScript-based front-end testing tool built for the modern web. it can test anything that runs in a browser and has built-in support for testing modern frameworks such as Vue.js, React, and Angular. See the full list of front-end frameworks Cypress supports.

As an example we are going to use a to-do app built using Vue. We will learn:

• How to install and set up Cypress.
• How to create a simple to-do app with Vue 3.
• How to write end-to-end tests.
• How to write component tests.

How to install and set up Cypress

1. First let’s create a new Vue project using the Vue CLI.

   Install Vue CLI if you don’t have it in your machine:

   npm install -g @vue/cli
   

2. Create a project (pick the Vue 3,babel,eslint preset):

   vue create todo-app
   

3. cd into the todo-app project and install Cypress:

   npm install cypress --save-dev
   

   No dependencies, extra downloads, or changes to your code are required!

4. Edit package.json. In the scripts section, add a command, …

Nevada State EpiTrax Launch

By Katrease Hale
December 1, 2022

Photo by Adrien Drj

If COVID-19 has taught us anything, it is that the public health landscape can change quickly, and we need a disease surveillance system that is adaptable to support our ever-evolving climate.

Having access to surveillance data for purposes of contact tracing, following trends, and monitoring evolving disease conditions allows health departments to be agile in response. This is a critical component in providing communities with a robust public health infrastructure.

For all these reasons and many more, the State of Nevada embarked on a journey to migrate away from their surveillance system, NBS, to the open-source EpiTrax system created by the Utah Department of Health. Ultimately, the Nevada decisionmakers made this change because they needed to be on one state-wide system and wanted autonomy to customize the system.

Nevada had been exploring this change for a while but due to unforeseen problems the window of time for implementation was incredibly narrow. In the first four months of End Point’s partnership with Nevada, the team was able to accomplish what was believed to be impossible in so short a time.

The Four Month Sprint

Some of the major …

A/B Testing

By Kürşat Kutlu Aydemir
November 28, 2022

Photo by Mikhail Nilov

In statistics, A/B testing is “an experiment with two groups to establish which of two treatments, products, procedures, or the like is superior. Often one of the two treatments is the standard existing treatment, or no treatment” (Bruce 2020, 88).

A/B testing is very useful when adapted to e-commerce and marketing for determining the better of two options for a webpage.

Let’s consider a website where we want to analyze the page visits of page A and page B. Page A is the existing page (the control group), and page B is a new design of the web page (the treatment group).

To prepare A/B testing we start with the following steps:

1. Define hypotheses: null hypothesis (H₀) and alternative hypothesis.
2. Prepare control and treatment groups.

Then we’ll apply the A/B test on the dataset.

Purpose

The new and existing versions of our web page can show different performance in terms of marketing, visitor attention, and “conversion” to a particular goal. By applying A/B tests we can understand which of the two web pages has better performance. We can also find out if any difference in performance is due to chance or due to a design …

ssh-askpass on macOS for SSH agent confirmation

By Bharathi Ponnusamy
November 23, 2022

Photo by Kristoffer Trolle, CC BY 2.0

At End Point Dev we mostly use SSH keys for authentication when connecting to remote servers and Git services. The majority of the time, the servers we are trying to visit are barred from direct access and require a middle “jump server” instead.

Enabling SSH agent forwarding makes it easier to reuse SSH private keys. It keeps the private keys on our local machine and uses them to authenticate with each server in the chain without entering a password.

However, this approach comes with an inherent risk of the agent being hijacked if one of the servers is compromised. This means a bad guy could use the SSH keys to compromise downstream servers.

In this post, we’ll cover a simple way to protect against SSH agent hijacking. We will see in detail on macOS how to configure a system-wide agent using ssh-askpass to pop up a graphical window to ask for confirmation before using the agent.

How it works

It is strongly recommended to use the -c option on the ssh-add command when adding your SSH keys to the agent in order to protect yourself against SSH agent hijacking.

With this, every time a request is made to utilize the private key stored …