Authentication with omniauth-github in Rails

Authenticating with 3rd party services is widely used on many websites. You can log with Facebook, Google Account or other depending on website. For some of my Rails projects I need authentication with GitHub.

First, we start with adding omniauth (Rack framework for authentication) and omniauth-github (OmniAuth strategy for GitHub) to Gemfile.

gem 'omniauth', '~> 1.2.2'
gem 'omniauth-github', '~> 1.1.2'

Second, we create config/initializers/omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, ENV.fetch('GITHUB_CLIENT_ID'), ENV.fetch('GITHUB_CLIENT_SECRET')

As you can see I pass environment variables GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET to GitHub provider. Feel free to do it in your preferred way.

Here comes third step, it’s necessary to provide mentioned environment variables. On we register a new OAuth application.

For development purposes we can set:

Sequence of requests between application and GitHub is following:


To routes.rb we add to two lines:

  get '/login' => redirect('/auth/github')
  get '/auth/:provider/callback', to: 'sessions#create'

Then we create app/controllers/sessions_controller.rb and we add following code:

class SessionsController < ApplicationController
  def create
    user = User.find_or_create_by(user_attributes)

    session[:user_id] =


  def user_attributes
      provider: auth['provider'],
      username: auth['info']['nickname']

  def auth

This is basic template I use for my projects. Sometimes I extract more information from request.env['omniauth.auth'] and store in database.

More info in documentation:

Review: „Web Development with Node and Express”


Node book done well

Web Development with Node and Express is the third book I’ve read about Node since 2012. Last two books were mediocre and I had quite high expectations this time.

The core of this book is building fictional website for Meadowlark Travel, a company offering services for people visiting the great state of Oregon. First two chapters cover basics about Express and Node, then in third chapter starts development of Meadowlark Travel web application. I started project from scratch and I was adding features according with material presented in consecutive chapters. I was typing most of the JS code provided in book. This way I run into some issues with typos but I had also some problems with newer versions of libraries used in book. I’m familiar with managing dependencies in Node, so I figured out which libraries I needed to downgrade. Book may contain some typos so be watchful and check errata.

At first order of chapters seemed to me a little bit chaotic, but after reading all of them they are good chunks of bigger picture. Chapters: 4 & 5 introduce good practices like version control system & quality assurance. Later, chapter after chapter, are introduced other topics like: template engine (handlebars), cookies, sessions, middleware, sending email, REST API and many more. It’s worth noting that most of the topics appears in daily work.

To sum up, Ethan Brown did good job in writing Web Development with Node and Express. He covered many topics & provided solutions to real-life developer’s problems.


My rating:

Product page:

I review for the O'Reilly Blogger Review Program

Review: „JavaScript & jQuery: The Missing Manual”


Manual for beginners

JavaScript & jQuery: The Missing Manual consists of 17 chapters (+ appendix).

First part skims the surface of JavaScript – it is gentle introduction to programming in JS. I really like author’s explanations and visualisations of simple concepts like: variable, statements, conditions, loops.

Afters basics of JavaScript journey with jQuery begins. After introductory material there are real-life examples of jQuery usage: photo galleries, navigations, forms with user friendly validations and some more.

The book is quite verbose and if you’re familiar with a bit of JavaScript & jQuery then I recommend other books (e.g. JavaScript: The Definitive Guide). If you’re taking first steps in web development and you want to start with programming in JavaScript, that’s the book for you.

My rating:

Product page:

I review for the O'Reilly Blogger Review Program

Review: „Learning jQuery Deferreds”


Promising Deferreds

Learning jQuery Deferreds is another book related to JavaScript I read from O’Reilly Reader Review Program.

At first I was struggling to grasp the idea how jQuery Deferreds work but explanations provided by author helped me understand this.

I solved some of challenges in Chapter 3. It’s nice that they tackle many different problems in different contexts but I didn’t find them very engaging.

In general it’s good to get familiar with idea of deferreds and this book is good with explaining with that concept.

My rating:

Product page:

I review for the O'Reilly Blogger Review Program

Ruby 2.2.0, Ruby on Rails 4.2.0 — instalacja na Ubuntu 14.04

Na początek instalujemy potrzebne biblioteki i narzędzia do skompilowania Rubiego i gemów domyślnie będących w zależnościach Railsów.

sudo apt-get install build-essential bison openssl libreadline6 libreadline6-dev curl git git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool nodejs

W przypadku korzystania z gemu ‚pg’ warto doinstalować:
sudo apt-get install libpq-dev

Na stronie: za pomocą polecenia:

curl -L | bash -s stable --ruby

instalujemy RVM (Ruby Version Manager) oraz najnowszą wersję Rubiego.

Następnie do pliku .bashrc w katalogu domowym dodajemy następujące linijki:

[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"
export PATH="$PATH:$HOME/.rvm/bin"

W terminalu wczytujemy zmieniony .bashrc za pomocą polecenia source ~/.bashrc.

Teraz opcjonalnie możemy stworzyć plik .gemrc w katalogu domowym i dodać:

gem: --no-ri --no-rdoc

Dzięki temu przy instalacji gemów nie będzie generowana dokumentacja.


rvm use 2.2.0 --default

wskazujemy, że domyślnie chcemy korzystać z Rubiego 2.2.0.

Zaktualizujmy narzędzie gem do najnowszej wersji:

gem update --system

Warto zainstalować jeszcze Bundlera:

gem install bundler

Do zainstalowania pozostały jeszcze Railsy, co robimy poleceniem:

gem install rails

Po instalacji tworzymy testowy projekt, aby sprawdzić poprawność działania.

rails new projekt
cd projekt
rails server

Wchodzimy na stronę: http://localhost:3000, aby zobaczyć działającą aplikację.

Review: „JavaScript: The Good Parts”


Learn how to use the good parts of JavaScript

Javascript: The Good Parts is another book related to JavaScript I read from O’Reilly Reader Review Program.

After more than 1 year of experience I tackled many problems covered in this book. Author did a good job to point out good & bad parts of JavaScript. Book as a whole is great overview of JavaScript as a programming language — after introductory chapter, author covers: grammar (with nice railroad diagrams :-)), objects, functions (with important topics like: callback, closure, scope), array, regular expressions, style and more.

I have to admit that I browsed Chapter 8 because it is documentation with some examples for methods.

Actually after all those chapters, the most intriguing are appendices: A (Awful Parts), B (Bad Parts). Most of them I am already familiar with, but it is good to be reminded.

After longer experience with JavaScript, this book is nice overview.

So if you need more thorough book about JavaScript, I recommend you JavaScript: The Definitive Guide,

My rating:

Product page:

I review for the O'Reilly Blogger Review Program

Review: „JavaScript Design Patterns”


Patterns in JavaScript developer’s life

I read several books about JavaScript, many articles. This time I decided to go through Javascript Design Patterns.

Books consists of 2 „parts”. First 6 chapters are mostly introductory. They are answers for following question: what is design pattern? when should I use patterns? what is good structure of design pattern? when and how should I write my own patterns? what can I learn from anti-patterns? Then, there is part about design patterns. I really like Addy’s approach in book:  every pattern has diagram (to visualize concept), code (to see real implementation), more examples (when pattern has some „flavours”), references (to read more), discussion (about advantages and disadvantages).

Especially I like chapter about MV* patterns. It gave me more insights about structuring JavaScript applications.

If you are writing a lot of code in JavaScript/CoffeeScript, I recommend this book to you.

My rating:

Product page:

I review for the O'Reilly Blogger Review Program

Review: „Hacking Web Apps”


Be more security-aware developer/user

As a web developer I learned many things about security in the day-to-day practice. I admit that Hacking Web Apps is very good overview of different ways to hack web app with useful examples. Every chapter covers specific group of hacks (e.g. XSS, CSRF, SQL injection, logic attacks and so on) and countermeasures for them. Examples are pretty useful, ready to check on existing websites (of course those you own ;-)). No matter if you are developer or user, after reading this book you’ll be much more aware of security and privacy issues.

My rating:

Product page:

I review for the O'Reilly Blogger Review Program

Refactoring legacy code

Recently I’m trying to upgrade one big project from Ruby 1.8.7 to 1.9.3.
It is bumpy road but here are some thoughts gathered during this time:

1. Make small steps – especially when pushing those changes to production. You’ll never know what are going to break.
2. When changing API endpoint find every call to that endpoint. Record HTTP requests & responses and test them.
3. Improve test coverage. The more good specs you have, the better.
4. Update only necessary gems to get your code working on Ruby 1.9.3.
5. Set up Continuous Integration server to run specs on both Ruby versions: 1.8.7 & 1.9.3.
6. Analyze & understand business logic in code. Use metric_fu, simplecov to know more about code.
7. Delete unused code.

FTP server on OS X 10.8.5

On my OS X 10.8.5 I tried to do specific task: I want to set up FTP server where user has full access to that specific place — he can upload/download and remove files without any problems. After spending some time with this I came to solution to create new user in system and set configuration of /etc/ftpd.conf to sth like that:

chroot REAL /path/to/directory
modify all
upload all

To start & stop FTP server I used those commands

sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist
sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist

Those resources were helpful for me:
Start an FTP or SFTP Server in Mac OS X
OS X: anonymous ftp directory on Mountain Lion


Otrzymuj każdy nowy wpis na swoją skrzynkę e-mail.