please !
I'm taking first steps in Ruby on Rails and I have a problem for to implements authentication with Devise. In short , this is scenario:
I want that the users can register a new user only inside the aplication, in other words, only after to authenticate. So I used the line of code above,
authenticate_user!(force:true) for to protect the route of register.
class Users::RegistrationsController < Devise::RegistrationsController
before_action :configure_sign_up_params, only: [:create]
before_action :configure_account_update_params, only: [:update]
before_action -> {authenticate_user!(force:true)}, only: [:new, :create, :destroy]
...another methods without modification
And my file routes
Rails.application.routes.draw do
devise_for :users, controllers: {
sessions: 'users/sessions',
passwords: 'users/passwords',
registrations: 'users/registrations',
confirmations: 'users/confirmations'
}
resources :enrolls
resources :students
resources :trainings
resources :instructors
# Certificates
get 'certificates/:id', to: 'certificates#index'
# Dashboard
get 'dashboard', to: 'dashboards#index'
root :to => redirect('/dashboard')
end
So, After this , I can to authenticate and to protect all routes, but after authenticate,
the route /users/sign_up(.:format) for registration don´t working,dont open the form for register, this route are protected even after authentication.
When I type this route , the application redirect again for dashboard (root).
Can someone please help me?
Think it's a hard task for a newcomer.
Let me explain why it doesn't work, take a look at the definition of Devise::RegistrationsController https://github.com/heartcombo/devise/blob/main/app/controllers/devise/registrations_controller.rb
prepend_before_action :require_no_authentication, only: [:new, :create, :cancel]
so in your controller you'd need to do:
class Users::RegistrationsController < Devise::RegistrationsController
skip_before_action :require_no_authentication, only: [:new, :create]
...
end
This change will basically remove the before_action defined in Devise::RegistrationsController and you won't be redirected anymore.
For me is working , my code is like this, Thank for your help Adam!
before_action :configure_sign_up_params, only: [:create]
before_action :configure_account_update_params, only: [:update]
before_action -> {authenticate_user!(force:true)}, only: [:new, :create, :destroy]
skip_before_action :require_no_authentication, only: [:new, :create]
Related
In my rails 6 project (development mode) i've set up a User model along with devise.
In routes.rb i have:
scope :auth do
devise_for :users
end
resources :users, except: :index
resources :articles, only: [:show, :update]
scope :passport do
resources :users, only: :index
resources :articles, except: [:show, :update]
end
Prefixes work as expected for articles but not for users.
For some reason /passport/users refering to users#index
doesn't get the users_path prefix (GET) at all.
It's without any prefix.
Request to localhost:3000/passport/users works fine.
Is there a conflict with devise?
Im missing something but what is it?
Problem not in device gem
You can try this
scope :auth do
devise_for :users
end
scope :passport do
resources :users, only: :index
resources :articles, except: [:show, :update]
end
resources :users, except: :index
resources :articles, only: [:show, :update]
I don't know why, but it works
as I am trying to create web with subodmain for every user i coded as below:
In below controller i am checking if subdomain from sign_in devise page belons to user in User.rb table. If not i am logging out.
class ApplicationController < ActionController::Base
before_action :authenticate_user!
before_action :check_domain
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:slug])
devise_parameter_sanitizer.permit(:account_update, keys: [:slug])
end
def check_domain
unless current_user.nil?
#domain = User.find_by(email: current_user.email)
if #domain.slug != request.subdomain
sign_out_and_redirect(current_user)
flash.alert = "User not found."
end
end
end
end
At this moment I have routes.rb as below:
Rails.application.routes.draw do
resources :devise
resources :places
resources :people_items
resources :people, only: [:edit, :update]
resources :gift_items
resources :gifts, only: [:edit, :update]
resources :program_items
resources :story_items
devise_for :users
root to: 'pages#index'
get '/home', to: 'output#home'
# For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
resources :pages do
member do
delete :delete_file
end
end
resources :stories, only: [:edit, :update]
resources :programs, only: [:edit, :update]
resources :galleries, only: [:edit, :update] do
member do
delete :delete_image
end
end
get 'informations/information'
resources :aboutus, only: [:edit, :update]
end
I modified one more settings in config/environments/development.rb
config.action_dispatch.tld_length = 1
Everything is working fine.
In tutorials i found out that for working subdomains properly I should modify routes.rb as below. But what is the purpose of modification file below? Do I really need to touch routes.rb? That's my question.
constraints subdomain: /.*/ do
resources :pages
end
Do I really need to modify this? Or what is purpose of this modification? Is that really necessary?
Thank you so much for your advices!
Constraints in routes.rb allow you to restrict when routes should or shouldn't be matched, returning a 404 in the event that they do not.
You can do this on a per-route basis for params like so:
get 'products/:category', to: "products#index", category: /(fruit|electronics|medicine)/, as: :products
This would allow requests to http://yourdomain.com/products/fruit but not to http://yourdomain.com/products/vehicles for example. Accessing any forbidden domains would provide you with a 404 response.
You can provide generic constraints to a bunch of different routes by enclosing them in a constraints block, like so:
constraints ->(req) { Site.exists?(subdomain: req.subdomain) } do
resources :articles, path: "blog", only: [:index, :show]
...
end
So here, we're checking that a Site record exists with the subdomain provided. If not, we return a 404.
I have a weird error when I want to redirect users to the root_url when they try to access blogs/new url in my app.
My routes are
resources :blogs, only: [:index, :show] do
resources :comments, only: [:create]
end
namespace :admin do
resources :blogs
resources :users, only: [:index, :show]
resources :comments, only: [:create, :new, :destroy]
end
My non-admin blogs controller looks like this:
class BlogsController < ApplicationController
before_action :set_blog, only: [:show]
def show
unless #blog
redirect_to blogs_path
flash[:notice] = "You are not authorized to create a post."
end
end
def index
#blogs = Blog.all
end
private
def set_blog
#blog = Blog.find(params[:id])
end
end
I get the error Couldn't find Blog with 'id'=new.
In rails, the priority of routes goes from top to bottom. Meaning, when you try to hit /blogs/new, the route gets matched with the show action of blogs defined in the top of your routes.rb.
blogs/new gets matched with /blogs/:id which is mapped to blogs#show action.
In the set_blog method, params[:id] is new and since there is no record with the id of new, you're getting that weird error.
How to get around this? Change the priority of your routes.
Move the following block below the admin namespaced routes.
namespace :admin do
resources :blogs
resources :users, only: [:index, :show]
resources :comments, only: [:create, :new, :destroy]
end
resources :blogs, only: [:index, :show] do
resources :comments, only: [:create]
end
By the way, your question says that you want to avoid non-admin users to access blogs#new. If that's the case, you should try to hit /admin/blogs/new and not /blogs/new.
If you had done that, you wouldn't have gotten the error in the first place. But still, its good to know about the priority of routes in rails.
Hope this helps!
I'm having troubles with routes in Ruby on Rails. I've configured routes this way
resources :users do
collection do
resource :registrations, only: [:show, :create]
resource :sessions, only: [:new, :create, :destroy]
resource :confirmations, only: [:show]
end
end
And I have a RegistrationsController where I have two endpoints (new, create)
class RegistrationsController < ApplicationController
skip_before_filter :authenticate!
def new
#user = User.new
end
def create
#user = User.new(params[:user])
if #user.save
flash[:notice] = t("registrations.user.success")
redirect_to :root
end
end
end
But when I do rails s and I put localhost:3000/users/registrations/create or new I get a "no route matches". And I think the route exist because If I do raake routes I get this
registrations POST /users/registrations(.:format) registrations#create
GET /users/registrations(.:format) registrations#show
I know it should be a silly mistake but I don't get it. I appreciate any help
When you define routes for registrations, you're limiting it to just [:show, :create]:
resource :registrations, only: [:show, :create]
But your controller (correctly!) is presuming that there are two routes: new (to show the registration form) and create (to create the new user). You need to change your routes so that they match your controller actions:
resources :users do
collection do
resource :registrations, only: [:new, :create] # Updated this line!
resource :sessions, only: [:new, :create, :destroy]
resource :confirmations, only: [:show]
end
end
I have two roles in devise. The first is the admin and the second the normal user-role.
Now I´d like to give these two groups in some cases same rights with before filters.
How does this work?
I have:
before_filter :authenticate_user!, :only => [:new, :create]
before_filter :authenticate_admin!, :only => [:new, :create, :edit, :update, :destroy]
But now only a user can :new and :create...the admin not..
What I have to do here?
Thanks,
Mattherick
I haven't yet used Devise personally, so this is only to point you in the right direction. It might not work exactly right.
before_filter :authenticate_user_or_admin, :only => [:new, :create]
before_filter :authenticate_admin!, :only => [:edit, :update, :destroy]
# ...
protected
def authenticate_user_or_admin
unless user_signed_in? or admin_signed_in?
# Redirect somewhere else
end
end