I'm using omniauth for fb & google logins. However, instead of redirect to page with the login, it re-directs to fallback page all the time.
When I check request.referrer, it is blank. request.original_url is the callback URL for the login. http://localhost:3000/auth/facebook/callback?code="
Here is the route: get "/auth/:provider/callback", to: "sessions#create".
Seems like callback is somehow deleting the request.referrer. I thought on local it might be due to http to https switch. However, it persists when I deploy to and everything is https.
Related
I have a site that is split into an 'app' side and a wordpress side. The wordpress has static text that the client can update easily, hosted on Google. The app side is done in Rails, using Devise for auth, and hosted on Heroku.
I would like to redirect to the wordpress site after a user signs out, and am using after_sign_out_path_for to accomplish this. It works just fine locally, but on production I am getting aberrant behaviour.
The user clicks Sign Out, and the browser redirects to the wordpress site as expected.
However, the user is not actually logged out!
If they click on Sign In, they are directed straight onwards to the root_path without having to enter their credentials. Or if they navigate to eg https://www.theappsite.com/users/edit or https://www.theappsite.com/subscriptions/new (both of which have before_action :authenticate_user!), they can access them without entering their credentials.
Of note - I cannot duplicate this locally. It only happens in production. Locally, I get the redirect and the user must reauthenticate if they click Sign In.
My intuition is that the session or cookie is not getting destroyed before the redirect occurs, but I don't know why that would only occur in production... any advice would be appreciated!
application_controller
def after_sign_out_path_for(resource_or_scope)
# redirect to the wordpress site
if Rails.env.production?
'https://www.thewordpresssite.com'
else
#testing...
'https://www.google.com'
end
end
views/nav_bar.html.haml
%li.has-dropdown
%a Account
%ul.dropdown
%li= link_to 'My Profile', edit_user_registration_path
%li= link_to 'Subscriptions', accounts_path
%li= link_to 'Payment Methods', payment_methods_path
%li.fa-sign-in-alt= link_to 'Sign out', destroy_user_session_path, method: 'delete'
HTTP is stateless, so it’s up to either the browser or your application to “remember” what needs to be remembered.
so you eed to end the user session by deleting it
the session that is not the user and making sure the browser/server remembers the action in the cookies
you will find all that you need and more in the link below
https://www.theodinproject.com/courses/ruby-on-rails/lessons/sessions-cookies-and-authentication
I am building an app which uses the homepage at home#index for both sign in and sign up.
I have managed to get devise to redirect to home on failure to sign in using a custom failure app class, and error messages are passed in flash[:alert]
Now I am trying to redirect to home when the user fails to SIGN UP. I have been able to get it to redirect to home by using a custom registration controller and
redirect_to root_path
however as the errors are attached to resource and this isn't preserved I can't display the validation errors.
I have tried
respond_with resource, location: root_path
and this doesn't work
Comment by Surya was correct. I changed the respond_with to
render 'home/index'
No more need for flash for the errors as the resource persists for the render. Only annoying thing now is that it changes the path to ".../user" rather than "/" but its just an annoyance.
In my application the URLs for sign in, sign up and and sign out were as:
Sign in: /users/sign_in
Sign up: /users/sign_up
Sign out: /users/sign_out
I followed https://github.com/plataformatec/devise/wiki/How-To:-Change-the-default-sign_in-and-sign_out-routes link and changed the URLs as below which is working
Sign in URL should be changed to /login instead of /users/sign_in
Sign up URL should be changed to /register instead of /users/sign_up
Sign out URL should be changed to /logout instead of /users/sign_out
The issue that I am facing is that even if I hit the old URL like /users/sign_in I am able to access the sign in screen which should not be the case.
I had also checked for redirecting the URLs like:
get "/users/sign_in" => redirect("/login")
But it is not working.
Can someone suggest something?
Changed the position of routes and it worked for me.
I have a link on a page that is for users who are not signed in yet. I want this link to redirect to the login_url, which upon logging in will redirect the user back to that page they were on.
Something like this would be great but I don't know how to route this.
Currently, I have a redirect_back helper but that only works on specific actions where you need to be signed in. This is just a link.
The login url is /login and I would like something like this:
("/login?return_to=" + #user.username)
for the link so when you click the link (say on the user jcl), it takes you to /login?return_to=jcl. Then after signing in with a POST request, it returns you to that user's page.
Is there specific routes or helpers that can accomplish this?
you can use a before_filter to save the url in the session and before login you redirect the user to the url in the session.
how to check whether FB Connect session is still valid or not using rails facebooker plugin ? Are there any helper or module that can check the session ? I figure out that if I open up 2 tab in browser, one login with facebook, another is with my site and login using FB Connect. When user trying to logout in my site, facebook will erase both cookie, but when user logout through facebook, it will erase cookie in facebook site only, so the cookie in my site still left behind and I need to check whether the cookie still valid or not...
Using Facebooker, you'll get an exception when you try to use the exception, which can be rescue_from'd in application.rb
rescue_from Facebooker::Session::SessionExpired, :with => :facebook_session_expired
def facebook_session_expired
clear_fb_cookies!
clear_facebook_session_information
reset_session # remove your cookies!
flash[:error] = "Your facebook session has expired."
redirect_to root_url
end
I can't upvote things yet, but the answer that adds the line:
page.redirect_to url
is correct. I'd recommend adding it to Facebooker if Mike is reading.
The fb_logout_link method does not redirect when Facebook session is invalid. Add a redirect callback to your logout_path and it will do the job for you.
def fb_logout_link(text,url,*args)
js = update_page do |page|
page.call "FB.Connect.logoutAndRedirect",url
# When session is valid, this call is meaningless, since we already redirect
# When session is invalid, it will log the user out of the system.
page.redirect_to url # You can use any *string* based path here
end
link_to_function text, js, *args
end