I'm not so long in Rails development and now am working with checkout login logic. I ended up with finding this kind of solution in order to pass user as the resource for using Devise in other controllers
def resource_name
:user
end
def resource
#resource ||= User.new
end
def resource_class
User
end
def devise_mapping
#devise_mapping ||= Devise.mappings[:user]
end
Though I now can use resourse in my controller, when I'm trying to login/sign up Devise doesn't work properly. I get error of incorrect email/password when I'm trying to log in and get no response trying to sign up. Even if I leave email field empty I don't receive error which should appear due to resource.errors.
My code is:
= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
= render 'devise/shared/error_messages', resource: resource
= f.label :email, 'Enter Email'
= f.email_field :email, placeholder: 'Enter Email'
= resource.errors.messages[:email].to_sentence
= f.submit ''
Maybe anyone else had the same problem or saw any solution in such situation, I'll be grateful for any help.
If you are trying to create a user and then pass them to other functions, if they successfully log in, you can use current_user as per the Devise documentation
But I'm not sure what exactly you are trying to do. The user should be #user or :user, depending on your setup. What exactly are you trying to achieve? What are the other controllers like?
Related
I am building a digital library, and I have completed a lot of the functionalities needed. I am currently having an issue with integrating the digital library with a Learning Management System (LMS).
I already have an admin authentication system for the digital library using the Devise gem. My goal is to allow users who want to access the digital library to login to the digital library using their Learning Management System (LMS) credentials (username and password).
I have been provided with the Login API endpoint and other needed parameters of the Learning Management System (LMS), and I have created the User Model, the Sessions Controller and the Sessions View Templates.
I am currently using the RestClient Gem for the API call, but I having an error undefined local variable or method `username' for # Did you mean? user_path. I can't figure out where things went wrong.
Sessions Controller
require 'rest-client'
class SessionsController < ApplicationController
def new
end
def create
response = RestClient::Request.execute(
method: :post,
url: 'https://newapi.example.com/token',
payload: { 'username': "#{username}",
'password': "#{password}",
'grant_type':'password' },
headers: { apiCode: '93de0db8-333b-4f478-aa92-2b43cdb7aa9f' }
)
case response.code
when 400
flash.now[:alert] = 'Email or password is invalid'
render 'new'
when 200
session[:user_id] = user.id
redirect_to root_url, notice: 'Logged in!'
else
raise "Invalid response #{response.to_str} received."
end
end
def destroy
session[:user_id] = nil
redirect_to root_url, notice: 'Logged out!'
end
end
Sessions New View
<p id=”alert”><%= alert %></p>
<h1>Login</h1>
<%= form_tag sessions_path do %>
<div class="field">
<%= label_tag :username %>
<%= text_field_tag :username %>
</div>
<div class="field">
<%= label_tag :password %>
<%= password_field_tag :password %>
</div>
<div class="actions">
<%= submit_tag 'Login' %>
</div>
<% end %>
User Model
class User < ApplicationRecord
has_secure_password
validates :username, presence: true, uniqueness: true
end
Any form of help with code samples will be greatly appreciated. I am also open to providing more information about this integration if required. Thank you in advance.
I think that the problem is in fact that inside your SessionsController in create action, you are interpolating username and password. There's no definition for these methods in your code so you get undefined local variable or method.
You could probably pick those from params like this:
def username
params[:username]
end
def password
params[:password]
end
Or interpolate them directly in payload replacing current method calls with params[:username] and params[:password].
In such situations, it is good to use byebug or pry to debug your code and see what's happening inside your controller.
You could also think of closing some parts of your logic in Service objects - you shouldn't have more 10-15 lines in your controller action (unless the situation requires it)
Maybe you should use params[:username] rather than only username ?
username and password in payload are undefined variables. Please set their values. Possible values could be params[:username] and params[:password]
I'm trying to perform actions after the creation of a session and before the redirect. The user subscribes to a lesson, and after they've picked a lesson to sign up for, I'd like to provide the option to just sign in, and use their existing card on file to finalize the purchase without making them go through the process again (it's very clearly stated that this will happen on the form).
I'm currently overriding the default actions for Devise, like so:
Rails.application.routes.draw do
devise_for :users, controllers: {registrations: 'registrations', sessions: 'sessions'}
end
And using this controller:
class SessionsController < Devise::SessionsController
def create
super
my_service = MyService.new
my_service.charge_card_and_create_event(resource, params)
end
end
With this form:
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
= f.email_field :email, autofocus: true, class: 'signin-fields', placeholder: "Email"
= f.password_field :password, autocomplete: "off", class: 'signin-fields', placeholder: "Password"
=hidden_field_tag "lesson_name", #lesson.team_name
=hidden_field_tag "lesson_price", #lesson.price_per_student
%br
= f.submit "Log in", class: 'btn btn-ps-sm'
.shared-links#forgot-password
I have 4 goals once the user clicks Log in:
Sign the user in.
Extract lesson data from hidden fields, and charge signed-in user's card via API request.
Upon successful API response, create a spot for the user in the database.
Redirect to or re-render the page with a success or error message.
I have all the logic for steps 2 and 3 all laid out, and obviously sharing all that isn't relevant. Where I'm stuck is figuring out how to use super in the SessionsController to log the user in, but delay the redirect until I've performed my actions. I'm using after_sign_in_path_for.
Or the other option would be to completely take out super and manually do the whole authentication myself. But I feel this is unnecessary.
You should pass your logic inside a block, like so:
class SessionsController < Devise::SessionsController
def create
super do
my_service = MyService.new
my_service.charge_card_and_create_event(resource, params)
end
end
end
If you don't do this, the redirect_to inside devise's create method will be called before your code is executed.
I am currently trying to add guest users/records to my application and am encountering having some difficulty getting devise to play along. I am trying to follow the tutorial at http://railscasts.com/episodes/393-guest-user-record, but am stuck when it comes to bypassing the devise validation for the email, password, and username if the user is a guest. In the video tutorial at about 5:40 he quickly mentions devise but i am lost as to how to implement this change. Thanks for the help.
Update** Here is my code. Thanks for the help guys.
Here is my create action under my users_controller.rb
def create
#user = params[:user] ? User.new(params[:user]) : User.new_guest
if #user.save
current_user.move_to(#user) if current_user && current.user.guest?
session[:user_id] = #user.id
redirect_to root_url
else
render "new"
end
end
Here is code from my user.rb
validates_presence_of :username, unless: :guest?
validates_uniqueness_of :username, :email, allow_blank: true
Here is the link that starts the Guest Record
<%= button_to "Try it!", users_path, method: :post %>
The errors that I am getting is are
3 errors prohibited this user from being saved:
Email can't be blank
Password can't be blank
Username can't be blank
You may be receiving the “can't be blank” errors as the parameters are not being allowed through the Devise controller as they're not listed as permitted params?
https://github.com/plataformatec/devise#strong-parameters
Check for 'Unpermitted parameters' errors in your logs to see if this is the issue.
I'm working through the Railscast on implementing Devise and OmniAuth (along with the Devise documentation) -- currently, I've got a site going where visitors can sign up using their facebook accounts or by filling out a form.
I'm running into trouble when users that sign up via OmniAuth try to edit their profiles, though. Devise looks for the user's current password when they submit changes to their profiles, but those that logged in with facebook don't know their passwords (they're set automatically in the user model):
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(first_name:auth.extra.raw_info.first_name,
last_name:auth.extra.raw_info.last_name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
When a user edits his information, the app should not require password confirmation if he set up his account through OmniAuth. The tutorial suggests that the handy password_required? method will help me achieve this outcome. Specifically, adding this method to the user model means that it should only return true if the user didn't sign up through OmniAuth (the provider attribute would be nil in that case):
def password_required?
super && provider.blank?
end
Thus, a piece of code like:
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<%= render :partial => "essential_user_info_inputs", :locals => { :f => f } %>
<%= render :partial => "inessential_user_info_inputs", :locals => { :f => f } %>
<% if f.object.password_required? %>
<%= render :partial => "password_inputs", :locals => { :f => f } %>
<%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
<%= f.password_field :current_password %>
<% end %>
<%= f.submit "Update" %>
<% end %>
would theoretically only display password inputs when needed. It also suggests that Devise has built in logic saying that OmniAuth users don't need to use passwords to edit their accounts. I have no idea if this is true, but the tutorial kind of makes it look like that. But when an OmniAuth user tries to edit his account, I get "Current password can't be blank." Same thing with non-OmniAuth users (this makes sense, since the password fields don't show up on those users' edit pages either).
Some poking around confirms that the password_required? method is returning false, both when the user signed up through OmniAuth and through the site's regular user signup. Even when I change it to simply run the superclass method, it returns false.
Any ideas of what's going on with the password_required method? I can't find anything about it anywhere, but I feel like that's what's tripping things up right now.
Update:
This is now working, but not using the method outlined in the Railscast, which relies on requires_password? method, a topic that I still know nothing about. Instead, I implemented the solution outlined here, as suggested here. So I am now only requiring passwords to update non-OmniAuth accounts with the code:
class Users::RegistrationsController < Devise::RegistrationsController
def update
#user = User.find(current_user.id)
email_changed = #user.email != params[:user][:email]
is_facebook_account = !#user.provider.blank?
successfully_updated = if !is_facebook_account
#user.update_with_password(params[:user])
else
#user.update_without_password(params[:user])
end
if successfully_updated
# Sign in the user bypassing validation in case his password changed
sign_in #user, :bypass => true
redirect_to root_path
else
render "edit"
end
end
end
The easiest way is to overwrite the update_resource method in your RegistrationsController. This is advised by devise in their own implementation of the controller:
# By default we want to require a password checks on update.
# You can overwrite this method in your own RegistrationsController.
def update_resource(resource, params)
resource.update_with_password(params)
end
So the solution is to overwrite this method in your own controller like this:
class Users::RegistrationsController < Devise::RegistrationsController
# Overwrite update_resource to let users to update their user without giving their password
def update_resource(resource, params)
if current_user.provider == "facebook"
params.delete("current_password")
resource.update_without_password(params)
else
resource.update_with_password(params)
end
end
end
I've added an update to the link below that includes my solution to the Devise/ OmniAuth change user profile/password issue and collected some helpful links:
stackoverflow - Allowing users to edit accounts without saving passwords in devise
I saw this used somewhere.
def update
params[:user].delete(:current_password)
params[:user].delete(:password)
params[:user].delete(:password_confirmation)
if current_user.update_without_password(params[:user])
redirect_to somewhere_wicked_path, notice => "You rock"
else
render 'edit', :alert => 'you roll'
end
end
use something like this in your update method in your controller. Pretty sure that method is in Devise too.
Say I have a site like this (generic Q&A site) in Rails and I wanted this "ask" page w/ a text box to be the first page a user sees, even if he's not logged in. He enters a question, and on the 'new' method I check that he's not logged in, and bounced him to /session/new, where he can either log in or create a new account. Question is, how do I (and what is the best way to) preserve that question that he initially asked all through this process?
I'm understanding the flow of action described in the question to be
user is presented with a form
user is redirected to log in page on submit
user is redirected back to form on successful log in
repopulate form on load (Question asks how to do this step)
user finally submits their form.
With steps 2-4 omitted if the user is logged in.
I'm sorry, but I see your question more as a symptom of an underlying UI issue than a rails question.
If only logged in users can post questions, then why display the text box?
If a user is going to have log in any way, why not get that out of the way first. An even better solution is to integrate the log in and form.
Something like this in the view:
<% form_for :question do |form| %>
<% unless logged_in? %>
<% fields_for :session do |session_form|%>
<%= session_form.label :login %>
<%= session_form.text_field :login %>
<%= session_form.label :password %>
<%= session_form.password_field :password %>
<%end%>
<%end%>
<%= form.text_area :question %>
<%end%>
And in the controller
def new
...
unless params[:session].nil?
self.current_user = User.authenticate(params[:session][:login], params[:session][:password])
end
if logged_in?
flash[:notice] = "Logged in successfully"
else
flash[:error] = "Incorrect username and or password."
end
if logged_in? && #question.save
.... process successful entry
else
... process unsuccessful entry
end
end
Edit: Mohamad's raises the question of reusing this pattern across multiple controllers and forms. So the answer was updated to address reuse of this pattern.
To simplify this for reuse, you could put this block in a helper function that is referenced in the before_filter for actions that require it.
def login
unless params[:session].nil?
self.current_user = User.authenticate(params[:session][:login], params[:session][:password])
if logged_in?
flash[:notice] = "Logged in successfully"
else
flash[:error] = "Incorrect username and or password."
end
end
end
as in:
before_filter :login => :only [:new , :edit, :update, :delete]
On the view side, it shouldn't be too hard to construct a new variant of form_for that embeds the session parameters. Maybe form_for_with_session?
As for handling an unsuccessful response, I would suggest helper function that takes a block of code. Sorry I don't have time to write out or test one for you.
You keep it in the session. So after logging in, when the user goes back to asking his question, you see there's already something in session.
And you can directly display it.
def create
if current_user # Implement this method in your auth framework
#question = Question.new(params[:question] || session.delete[:question])
# (the usual stuff you'd do to save)
else
session[:question] = params[:question]
redirect_to :controller => :sessions, :action => "new"
end
end
Then, after your user creation and authentication stuff is all done in your login action, just make sure you POST back to this create action if session[:question] is defined.