I am new to Rails and stuck over here..could you please help me to solve this.
console
Started POST "/users/sign_in" for ::1 at 2020-03-25 11:46:10 +0530
Processing by Users::SessionsController#create as HTML
Parameters: {"authenticity_token"=>"seSNKhVVbrFM+XALvQExwMNxI1KY74or3Cy6Y0wYnU7RLjC6uuaM057jKmQ73a0g84qQNnOVREL0RZ6AuarGQA==", "user"=>{"email"=>"yadu#g.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
================================
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? ORDER BY "users"."id" ASC LIMIT ? [["email", "yadu#g.com"], ["LIMIT", 1]]
↳ app/controllers/users/sessions_controller.rb:16:in `create'
Completed 401 Unauthorized in 248ms (ActiveRecord: 0.3ms | Allocations: 1519)
Started GET "/users/sign_in" for ::1 at 2020-03-25 11:46:10 +0530
Processing by Users::SessionsController#new as HTML
Rendering devise/sessions/new.html.erb within layouts/application
Rendered devise/shared/_links.html.erb (Duration: 1.0ms | Allocations: 525)
sessions_controller.rb
class Users::SessionsController < Devise::SessionsController
before_action :configure_sign_in_params, only: [:create]
# GET /resource/sign_in
def new
super
end
# POST /resource/sign_in
def create
logger.debug "================================ #{configure_sign_in_params}"
super
end
# DELETE /resource/sign_out
def destroy
super
end
private
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_in_params
devise_parameter_sanitizer.permit(:sign_in) { |u| u.permit( :email, :password ) }
# params.require(:user).permit(:email, :password, :remember_me)
end
end
routes.rb
devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth',sessions: 'users/sessions'}
resources :users
resources :product_categories
config/initializers/devise.rb
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
config.mailer_sender = 'please-change-me-at-config-initializers-devise#example.com'
config.case_insensitive_keys = [:email]
config.strip_whitespace_keys = [:email]
config.stretches = Rails.env.test? ? 1 : 11
config.reconfirmable = true
# Invalidates all the remember me tokens when the user signs out.
config.expire_all_remember_me_on_sign_out = true
config.password_length = 6..128
config.email_regexp = /\A[^#\s]+#[^#\s]+\z/
config.timeout_in = 30.minutes
config.reset_password_within = 6.hours
config.omniauth :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'], scope: 'public_profile,email'
config.omniauth :github, ENV['GITHUB_APP_ID'], ENV['GITHUB_APP_SECRET'], scope: 'user,public_repo'
config.omniauth :google_oauth2, ENV['GOOGLE_APP_ID'], ENV['GOOGLE_APP_SECRET'], scope: 'userinfo.email,userinfo.profile'
config.omniauth :twitter, ENV['TWITTER_APP_ID'], ENV['TWITTER_APP_SECRET']
end
Issue
I can register a user successfully, but cannot log in using that user. It shows 401 unautherized at the time. It appears that the parameter arrives in the configuration_sign_in_params method, but the return value of the configuration_sign_in_params method is empty.
All these issues are started from when i set login with social accounts ...Before that everything were fine .
Related
I'm using a customised devise sessions controller to manage my user sessions, however whenever I try sign in as an existing user, my log in functionality doesnt work, it just returns the sign in form, and the server returns this message:
Started POST "/users/sign_in" for 127.0.0.1 at 2015-10-27 13:19:46 +0200
ActiveRecord::SchemaMigration Load (0.4ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"lLtGottAklgEmCS2Y04FFZw3vAtd6EHkKOQMBCOJ4B6yeuFvN34j4OhYz9vd0SzW+gAwCI7GobMs20ubug24Fw==", "user"=>{"cell_number"=>"0798900606", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.6ms) SELECT "users".* FROM "users" WHERE "users"."cell_number" = $1 LIMIT 1 [["cell_number", "0798900606"]]
Completed 401 Unauthorized in 45ms (ActiveRecord: 2.5ms)
Processing by Users::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"lLtGottAklgEmCS2Y04FFZw3vAtd6EHkKOQMBCOJ4B6yeuFvN34j4OhYz9vd0SzW+gAwCI7GobMs20ubug24Fw==", "user"=>{"cell_number"=>"0798900606", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
Rendered users/sessions/new.html.slim within layouts/application (60.1ms)
Rendered application/_analytics.html.slim (4.7ms)
Rendered application/_environment_indicator.html.slim (2.5ms)
Rendered application/_preloader.html.slim (2.4ms)
Rendered application/_flashes.html.slim (3.7ms)
Category Load (0.7ms) SELECT "categories".* FROM "categories" WHERE "categories"."uuid" IS NULL LIMIT 1
Completed 200 OK in 746ms (Views: 660.3ms | ActiveRecord: 0.7ms)
My Sessions Controller looks like this:
class Users::SessionsController < Devise::SessionsController
before_action :configure_sign_in_parameters
def new
super
end
def create
#user = User.find_by(cell_number: params[:user][:cell_number])
super
end
private
def after_sign_in_path_for(resource)
root_path
end
def configure_sign_in_parameters
devise_parameter_sanitizer.for(:sign_in).push(:cell_number, :password)
end
end
My routes look like this:
Rails.application.routes.draw do
### Admin
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
### User
devise_for :users, controllers: { :registrations => "users/registrations",
:sessions => "users/sessions",
:passwords => "users/passwords" }
devise_scope :user do
namespace :vodacom do
namespace :users do
get "/register", to: 'registrations#new'
get "/create", to: 'registrations#create'
end
end
end
end
And my sign in form looks like this:
h2 Normal Log in
= simple_form_for #user, url: user_session_path(#user) do |f|
div class="form-inputs"
= f.input :cell_number, required: true, autofocus: true
= f.input :password, required: true
= f.input :remember_me, as: :boolean if devise_mapping.rememberable?
div class="form-actions"
= f.button :submit, "Log in"
Any clue what i'm doing wrong? My application controller specifies that a user should be authenticated before any action.
I figured out what I was doing wrong, my user model does not have an email attribute, rather it has a cell_number attribute. So since i'm using devise, devise defaults "email" as the authentication key for the model. In order to fix this i had to specify cell_number as an authentication key in my User model:
devise :database_authenticatable,
:registerable,
:recoverable,
:rememberable,
:registerable,
:authentication_keys => [:cell_number]
Trying to signup in my RoR webapp give me the Devise Message "Auth token has already been taken"
Also, the webapp have an API and works fine, doesn't give any message, this only happen when I'm trying to use the HTML view.
user_controller.rb
before_action :set_user, only: [:show, :edit, :update, :destroy]
# DELETE /users/:id.:format
def destroy
# authorize! :delete, #user
#user.destroy
respond_to do |format|
format.html { redirect_to root_url }
end
end
private
def set_user
#user = User.find(params[:id])
end
def user_params
accessible = [ :name, :email ]
accessible << [ :password, :password_confirmation ] unless params[:user][:password].blank?
params.require(:user).permit(accessible)
end
User.rb
validates :auth_token, uniqueness: true
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
before_create :generate_authentication_token!
def generate_authentication_token!
begin
self.auth_token = Devise.friendly_token
end while self.class.exists?(auth_token: auth_token)
end
logs
Started GET "/users/sign_up" for 127.0.0.1 at 2015-06-30 09:31:46 -0500
Processing by Devise::RegistrationsController#new as HTML
Rendered devise/registrations/new.html.haml within layouts/application (12.9ms)
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."deleted_at" IS NULL AND "users"."auth_token" IS NULL LIMIT 1
Rendered layouts/_navigation_links.html.haml (2.1ms)
Rendered layouts/_navigation.html.haml (3.4ms)
Rendered layouts/_messages.html.haml (0.2ms)
Completed 200 OK in 132ms (Views: 117.0ms | ActiveRecord: 1.5ms)
Started POST "/users" for 127.0.0.1 at 2015-06-30 09:32:00 -0500
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"20w9AXmACwggvPocKfLBdrxQRasT5OiaC7niuzooBBm3BAp8xkN6VLWyxZLRoLIpFPEIIdkxZRd9CCwsJxkeUA==", "user"=>{"email"=>"hola#x.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
(0.1ms) BEGIN
User Exists (0.4ms) SELECT 1 AS one FROM "users" WHERE "users"."auth_token" = '' LIMIT 1
User Exists (0.3ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = 'hola#x.com' LIMIT 1
(0.1ms) ROLLBACK
Rendered devise/registrations/new.html.haml within layouts/application (3.2ms)
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."deleted_at" IS NULL AND "users"."auth_token" IS NULL LIMIT 1
Rendered layouts/_navigation_links.html.haml (1.5ms)
Rendered layouts/_navigation.html.haml (2.1ms)
Rendered layouts/_messages.html.haml (0.2ms)
Completed 200 OK in 232ms (Views: 134.4ms | ActiveRecord: 1.2ms)
Started GET "/assets/jquery/jquery-bb5529929fa5581a780a38ecb7470f2c.js?body=1" for 127.0.0.1 at 2015-06-30 09:32:00 -0500
Follow the following
1) Open Rails console
rails console
2) Get the total count of users
user = User.all
user.count
this should be 1
3) Get the user and check the auth token
user = User.last
user.auth_token
auth token would be an empty string which is the reason your command is failing as the user doesn't have valid auth token
4) Create a valid auth token for the user
user.auth_token = Devise.friendly_token
user.save
It would create a valid auth token for the user and save it
5) Now you can run your commands and it would work perfectly
Cheers! :)
It's probably because you already have users in your db without auth_token,
use Devise.friendly_token to update those users with a token
I first discovered an issue where it didn't appear as if the user is getting logged in with this logic:
_header.html.erb:
<% if user_signed_in? %>
<li><%= link_to "Log out", destroy_user_session_path, method: :delete %></li>
<% else %>
<li><%= link_to "Sign in", new_user_session_path %></li>
<% end %>
Then I tried adding this to application_controller.rb:
before_filter :authenticate_user!
And I kept getting looped back to the login page (even with valid credentials).
It appears as if my user sessions aren't working — although I can see on my RailsAdmin console that the sign in count and last sign in date are showing as if they are logging in.
Here's my user.rb:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :omniauthable, :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable
belongs_to :company
has_and_belongs_to_many :productlines
end
And my routes.rb:
Rails.application.routes.draw do
mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
devise_for :users, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }
root 'productlines#index'
end
And omniauth_callbacks_controller.rb:
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google_oauth2
#user = User.from_omniauth(request.env["omniauth.auth"])
if #user.persisted?
flash.notice = "Signed in through Google"
sign_in_and_redirect #user
return
else
session["devise.user_attributes"] = #user.attributes
flash.notice = "You are almost Done! Please provide a password to finish setting up your account"
redirect_to new_user_registration_path
end
end
end
Update: Here is my application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
skip_before_filter :verify_authenticity_token, :if => Proc.new { |c| c.request.format == 'application/json' }
before_filter :productline
def productline
#productlines = Productline.all
end
end
Every time I sign in, I'm rerouted back to the root_path and the "Sign In" link still appears.
Edit: Here is the log output when I click Sign In:
Started POST "/users/sign_in" for ::1 at 2015-07-06 23:20:15 -0400
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"6Eh4Qw3qErGmsppatErFZYhTOZHs8DhCOMXqGAMrBzRdTd72L5rIGAChLDvnI/GzOv1kQsyL43o/B6AQQtnk4Q==", "user"=>{"email"=>"broy#bullhorn.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? ORDER BY "users"."id" ASC LIMIT 1 [["email", "b#gmail.com"]]
(0.1ms) begin transaction
SQL (0.3ms) UPDATE "users" SET "last_sign_in_at" = ?, "current_sign_in_at" = ?, "sign_in_count" = ?, "updated_at" = ? WHERE "users"."id" = ? [["last_sign_in_at", "2015-07-07 03:17:08.826634"], ["current_sign_in_at", "2015-07-07 03:20:15.963289"], ["sign_in_count", 93], ["updated_at", "2015-07-07 03:20:15.964239"], ["id", 4]]
(1.5ms) commit transaction
Redirected to http://localhost:3000/
Completed 302 Found in 73ms (ActiveRecord: 2.1ms)
Started GET "/" for ::1 at 2015-07-06 23:20:15 -0400
Processing by ProductlinesController#index as HTML
Productline Load (0.1ms) SELECT "productlines".* FROM "productlines"
Rendered productlines/index.html.erb within layouts/application (2.1ms)
Rendered layouts/_header.html.erb (1.7ms)
Completed 200 OK in 48ms (Views: 47.3ms | ActiveRecord: 0.1ms)
Started GET "/" for ::1 at 2015-07-06 23:20:16 -0400
Processing by ProductlinesController#index as HTML
Productline Load (0.2ms) SELECT "productlines".* FROM "productlines"
Rendered productlines/index.html.erb within layouts/application (104.8ms)
Rendered layouts/_header.html.erb (1.1ms)
Completed 200 OK in 155ms (Views: 154.1ms | ActiveRecord: 0.2ms)
Do you want to put an exception in first on your authenticate user? That way it is not trying to run an authentication before current_user/#user/etc has even been set. For example if your root is index:
before_action :authenticate_user!, :except => [:index]
Then - be sure to have the better_errors gem and throw in some nonsense jibberish in your if user_signed_in? statement, refresh the page to trigger the console in the browser. See if #user or current_user or what you are using got set at all in the first place. I would then debug backwards from there.
https://github.com/charliesome/better_errors
Finally here is a stackoverflow link I came upon with a similar issue and a few answers below:
Rails devise: user_signed_in? not working
I have installed devise gem in my app for registration. I have same issue like this question
I have generated Doctor model by
rails generate devise Doctor
And here is doctor.rb
class Doctor < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
I also generated controller by rails generate devise:controllers doctors
class Doctors::RegistrationsController < Devise::RegistrationsController
before_filter :sign_up_params, only: [:create]
before_filter :account_update_params, only: [:update]
#
# # GET /resource/sign_up
# def new
# super
# end
##
## # POST /resource
# def create
# super
# end
##
## # GET /resource/edit
# def edit
# super
# end
##
## # PUT /resource
# def update
# super
# end
##
## # DELETE /resource
# def destroy
# super
# end
protected
def sign_up_params
params.require(:doctor).permit(:first_name, :last_name, :email, :password, :password_confirmation, :gender, :contact_no, :about_me, :certification, :exp_summary, :username)
end
#
def account_update_params
params.require(:doctor).permit(:first_name, :last_name, :email, :password, :password_confirmation, :current_password , :gender, :contact_no, :about_me, :certification, :exp_summary, :username)
end
# protected
# You can put the params you want to permit in the empty array.
#def configure_sign_up_params
# devise_parameter_sanitizer.for(:sign_up) << :first_name, :last_name, :gender, :contact_no, :about_me, :certification, :exp_summary, :username
#end
# You can put the params you want to permit in the empty array.
#def configure_account_update_params
# devise_parameter_sanitizer.for(:account_update) << :first_name, :last_name, :gender, :contact_no, :about_me, :certification, :exp_summary, :username
#end
# The path used after sign up.
# def after_sign_up_path_for(resource)
# super(resource)
# end
# The path used after sign up for inactive accounts.
# def after_inactive_sign_up_path_for(resource)
# super(resource)
# end
end
I have written in routes.rb file devise_for :doctor, :controllers => { sessions: "doctors/sessions"}.
Here is my logs from terminal after submitting Sign_up form
Started POST "/doctor" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"8Dd5u5Qq+kLyAI+RaEuoSyjsxteHw4VBndQC+W5yjy0=", "doctor"=>{"username"=>"Test5", "first_name"=>"John", "last_name"=>"Smith", "contact_no"=>"8787878787", "gender"=>"true", "email"=>"john#smith.com", "about_me"=>"Test", "certification"=>"Test", "exp_summary"=>"Test", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
Unpermitted parameters: username, first_name, last_name, contact_no, gender, about_me, certification, exp_summary
(0.2ms) BEGIN
Doctor Exists (0.3ms) SELECT 1 AS one FROM `doctors` WHERE `doctors`.`email` = BINARY 'john#smith.com' LIMIT 1
SQL (0.2ms) INSERT INTO `doctors` (`created_at`, `email`, `encrypted_password`, `updated_at`) VALUES ('2014-12-04 11:22:20', 'john#smith.com', '$2a$10$as.WAOu05ET7RUtnsdTC2ucqotK5Ls2Z6iKWI.wW3gSuIwohYfoTW', '2014-12-04 11:22:20')
(116.8ms) COMMIT
(0.1ms) BEGIN
SQL (0.3ms) UPDATE `doctors` SET `current_sign_in_at` = '2014-12-04 11:22:20', `current_sign_in_ip` = '127.0.0.1', `last_sign_in_at` = '2014-12-04 11:22:20', `last_sign_in_ip` = '127.0.0.1', `sign_in_count` = 1, `updated_at` = '2014-12-04 11:22:20' WHERE `doctors`.`id` = 7
(56.6ms) COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 254ms (ActiveRecord: 174.5ms)
Started GET "/" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Processing by HomeController#index as HTML
Doctor Load (0.3ms) SELECT `doctors`.* FROM `doctors` WHERE `doctors`.`id` = 7 ORDER BY `doctors`.`id` ASC LIMIT 1
Rendered home/index.html.erb within layouts/application (0.0ms)
Completed 200 OK in 32ms (Views: 30.5ms | ActiveRecord: 0.3ms)
Started GET "/assets/application.css?body=1" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Started GET "/assets/home.css?body=1" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Started GET "/assets/jquery.js?body=1" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Started GET "/assets/jquery_ujs.js?body=1" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Started GET "/assets/turbolinks.js?body=1" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Started GET "/assets/application.js?body=1" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Started GET "/assets/home.js?body=1" for 127.0.0.1 at 2014-12-04 16:52:20 +0530
Why my custom fields are not saved? Where I do mistake?
Update
Controller Structure:
controllers
-> doctors
-> confirmations_controller.rb
-> omniauth_callbacks_controller.rb
-> passwords_controller.rb
-> registrations_controller.rb
-> sessions_controller.rb
-> unlocks_controller.rb
-> application_controller.rb
-> home_controller.rb
EDITED:
Okay! You were trying to override the devise controllers which is not required in your case. Follow these simple steps:
rails g model Doctor
Create your fields except email and password. Devise will take care of that.
rails g devise:install
rails g devise Doctor
In your ApplicationController:
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :address, :phone, :email) }
end
Please try to do like following. Hopes it work for you. :)
class RegistrationsController < Devise::RegistrationsController
def create
devise_parameter_sanitizer.for(:sign_up) << [:first_name, :last_name]
super
end
end
I have been following Ryan Boland's excellent Rails multitenancy tutorial, but have run into a snag with devise_invitable. I am using...
Rails 4.1.5
devise 3.3.0
devise_invitable 1.3.6
Postgresql
I create a new account and user/account owner on a chosen subdomain (mysubdomain.lvh.me:3000), from which I can send a user invitation just fine. I open the invitation link in an incognito Chrome session to ensure I am not logged in or have any current session. Upon clicking on the invitation link, I am redirected to the sign in page (mysubdomain.lvh.me:3000/users/sign_in) and see a flash notice: "The invitation token provided is not valid!"
I am using a very simple mailer view (app/views/devise/mailer/invitation_instructions.html.erb)...
<%= link_to 'Accept invitation', accept_invitation_url(#resource, :invitation_token => #token) %>
As you can see, I ensured the use of #token, as described here.
Upon creating the invitation, I have confirmed the invitation token is saved to the database (in this case for hey#test.com - d1801fd8df78bd8cd125d5d8091fdc6a72c8f8faf4136cb282d497ec612195e9). I have confirmed this matches the token on invitation lookup upon acceptance request (see below traces). Still, it redirects to user sign in page rather than completing sign up, and also displays in the trace log "Filter chain halted as :resource_from_invitation_token rendered or redirected". The user remains uncomfirmed in the end after this transaction.
Any ideas on what might be going wrong for me here? I am including logs, my application controller, and my devise config below...
Here is the trace log for the invitation creation:
Started POST "/users/invitation" for 127.0.0.1 at 2014-09-07 01:28:33 +0800
Processing by Devise::InvitationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"BiIQ95wwdQz3CJ0+OoLOE9xHHvxhloHsRHrxsqf1D2Q=", "user"=>{"email"=>"hey#test.com"}, "commit"=>"Invite User"}
User Load (4.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 ORDER BY "users"."id" ASC LIMIT 1
Account Load (0.4ms) SELECT "public"."accounts".* FROM "public"."accounts" WHERE "public"."accounts"."subdomain" = 'mysubdomain' LIMIT 1
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."email" = 'hey#test.com' ORDER BY "users"."id" ASC LIMIT 1
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = 'd1801fd8df78bd8cd125d5d8091fdc6a72c8f8faf4136cb282d497ec612195e9' ORDER BY "users"."id" ASC LIMIT 1
(0.1ms) BEGIN
SQL (0.5ms) INSERT INTO "users" ("created_at", "email", "invitation_created_at", "invitation_sent_at", "invitation_token", "invited_by_id", "invited_by_type", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING "id" [["created_at", "2014-09-06 17:28:34.296123"], ["email", "hey#test.com"], ["invitation_created_at", "2014-09-06 17:28:34.294987"], ["invitation_sent_at", "2014-09-06 17:28:34.294987"], ["invitation_token", "d1801fd8df78bd8cd125d5d8091fdc6a72c8f8faf4136cb282d497ec612195e9"], ["invited_by_id", 1], ["invited_by_type", "User"], ["updated_at", "2014-09-06 17:28:34.296123"]]
(2.2ms) COMMIT
Rendered devise/mailer/invitation_instructions.html.erb (1.3ms)
Devise::Mailer#invitation_instructions: processed outbound mail in 23.5ms
Sent mail to hey#test.com (26.0ms)
Date: Sun, 07 Sep 2014 01:28:34 +0800
From: please-change-me-at-config-initializers-devise#example.com
Reply-To: please-change-me-at-config-initializers-devise#example.com
To: hey#test.com
Message-ID: <...>
Subject: Invitation instructions
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Accept invitation
Redirected to http://mysubdomain.lvh.me:3000/users
Completed 302 Found in 888ms (ActiveRecord: 10.0ms)
Here is the trace upon following the invitation link...
Started GET "/users/invitation/accept?invitation_token=3GXDmi7NntDRdhvo57q5" for 127.0.0.1 at 2014-09-07 01:28:38 +0800
Processing by Devise::InvitationsController#edit as HTML
Parameters: {"invitation_token"=>"3GXDmi7NntDRdhvo57q5"}
User Load (0.6ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = 'd1801fd8df78bd8cd125d5d8091fdc6a72c8f8faf4136cb282d497ec612195e9' ORDER BY "users"."id" ASC LIMIT 1
Redirected to http://mysubdomain.lvh.me:3000/users/sign_in
Filter chain halted as :resource_from_invitation_token rendered or redirected
Completed 302 Found in 5ms (ActiveRecord: 0.6ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2014-09-07 01:28:38 +0800
Processing by Devise::SessionsController#new as HTML
Account Load (0.4ms) SELECT "public"."accounts".* FROM "public"."accounts" WHERE "public"."accounts"."subdomain" = 'mysubdomain' LIMIT 1
Rendered devise/shared/_links.erb (0.7ms)
Rendered devise/sessions/new.html.erb within layouts/application (4.4ms)
Completed 200 OK in 21ms (Views: 16.6ms | ActiveRecord: 1.3ms)
Here is my application_controller for good measure...
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :load_schema, :authenticate_user!, :set_mailer_host
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :company, :email, :password, :password_confirmation, :remember_me, :image, :image_cache)}
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:first_name, :last_name, :company, :email, :password_confirmation, :current_password, :image, :image_cache)}
end
private
def load_schema
Apartment::Database.switch('public')
return unless request.subdomain.present?
if current_account
Apartment::Database.switch(current_account.subdomain)
else
redirect_to root_url(subdomain: false)
end
end
def current_account
#current_account ||= Account.find_by(subdomain: request.subdomain)
end
helper_method :current_account
def set_mailer_host
subdomain = current_account ? "#{current_account.subdomain}." : ""
ActionMailer::Base.default_url_options[:host] = "#{subdomain}lvh.me:3000"
end
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
def after_invite_path_for(resource)
users_path
end
end
Here is my Devise initializer (config/initializers/devise.rb), I have added the line "config.allow_insecure_token_lookup = true" to see if this helps, but to no avail...
Devise.setup do |config|
config.mailer_sender = 'please-change-me-at-config-initializers-devise#example.com'
require 'devise/orm/active_record'
config.case_insensitive_keys = [ :email ]
config.strip_whitespace_keys = [ :email ]
config.skip_session_storage = [:http_auth]
config.stretches = Rails.env.test? ? 1 : 10
config.reconfirmable = true
config.expire_all_remember_me_on_sign_out = true
config.password_length = 8..128
config.sign_out_via = :delete
config.allow_insecure_token_lookup = true
end
I'd prefer to comment but I have only 36 points and am not allowed so here's an incomplete answer:
this is the code from devise_invitable InvitationsController which is redirecting your request
def resource_from_invitation_token
unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
set_flash_message(:alert, :invitation_token_invalid)
redirect_to after_sign_out_path_for(resource_name)
end
end
in your rails console try running:
token = '3GXDmi7NntDRdhvo57q5' #the token sent in the invitation email
User.find_by_invitation_token(token, true)
and see if that returns your User. It probably won't but maybe this will bring you closer to an answer. I hope so.