I found this code in here:
# lib/admin_constraint.rb
class AdminConstraint
def matches?(request)
return false unless request.session[:user_id]
user = User.find request.session[:user_id]
user && user.admin?
end
end
# config/routes.rb
require 'sidekiq/web'
require 'admin_constraint'
mount Sidekiq::Web => '/sidekiq', :constraints => AdminConstraint.newLooks like we can add a column to the user. I can then add 3 users (each of us) to the db. We would each need to jot down our email, password AND USER ID. However, I don't see how this "password" protects us. Looks like anyone can insert a user_id into the session token and bam, they authenticate. I wonder if we could somehow add our pw to that.
I found this code in here:
Looks like we can add a column to the user. I can then add 3 users (each of us) to the db. We would each need to jot down our email, password AND USER ID. However, I don't see how this "password" protects us. Looks like anyone can insert a user_id into the session token and bam, they authenticate. I wonder if we could somehow add our pw to that.