My app has "users" for the main app and "admin_users" and the /admin Namespace.
When I'm logged into the /admin Namespace as an admin_user, and click "log out" - Devise logs me out of both Namespaces. How can I ensure that Devise only logs me out of that Namespace?
Routes.rb
devise_for :users, skip: :all
as :user do
get 'signin', to: 'devise/sessions#new', as: :new_user_session
post 'signin', to: 'devise/sessions#create', as: :user_session
delete 'signout', to: 'devise/sessions#destroy', as: :destroy_user_session
end
devise_for :admins, skip: :all
as :admin do
get 'admin/signin', to: 'admin/devise/sessions#new', as: :new_admin_session
post 'admin/signin', to: 'admin/devise/sessions#create', as: :admin_session
delete 'admin/signout', to: 'admin/devise/sessions#destroy', as: :destroy_admin_session
end
authenticate :admin do
namespace :admin do
...
end
end
set config.sign_out_all_scopes = false in config/initializers/devise.rb.
# Set this configuration to false if you want /users/sign_out to sign out
# only the current scope. By default, Devise signs out all scopes.
config.sign_out_all_scopes = false
Related
I have a app using devise to login/out, and view/create profiles. As of yet users may create and delete profiles although there is only supposed to be one profile per user. I have set up my routes just about without problems until comes the SignOut/LogOut from the whole app. Ultimately the error log is all I can decipher, and seems that routes.rb needs some modification for this to work, but I am stumped. Here are the errors and routes.rb:
/log/production.log:
Started DELETE "/users/sign_out" for 127.0.0.1 at 2020-01-26 01:56:53 -0500
ActionController::RoutingError (No route matches [DELETE] "/users/sign_out"):
routes.rb
Rails.application.routes.draw do
devise_for :users, :controllers => {:sessions => "users/sessions" }
resources :profiles, only: [:new, :create, :edit, :update, :destroy]
devise_scope :user do
authenticated :user do
root to: 'profiles#index', as: :authenticated_root
get '/profiles/new' => 'profiles#new'
match '/profiles' => 'profiles#create', via: [:get, :post]
get '/profiles/:id' => 'profiles#show'
get '/profiles/:id/edit' => 'profiles#edit'
match '/profiles/:id' => 'profiles#update', via: [:get, :post]
delete '/profiles' => 'profiles#destroy', via: [:get, :post]
end
unauthenticated :user do
root to: 'devise/sessions#new', as: :unauthenticated_root
match '/users/sign_in' => 'devise/sessions#create', via: [:get, :post]
delete '/users/sign_out' => 'devise/sessions#destroy'
end
end
end
I read that using resources :users may affect devise sessions controller, in that I would need a UsersController, however haven't included resources :users in my routes, and/or for a similar error.
You placed the sign-out route in the unauthenticated block in your routes.rb
unauthenticated :user do
# ..
delete '/users/sign_out' => 'devise/sessions#destroy'
end
What doesn't makes sense, only authenticated users can sign out. Just move that method into the authenticated :user block above:
authenticated :user do
# ..
delete '/users/sign_out' => 'devise/sessions#destroy'
end
On rails 4, I am using devise to authenticate my users and I am also adding a facebook authentication...
I've followed thisdocumentation and I set up in my config var on heroku.
config.omniauth :facebook, "APP_ID", "APP_SECRET", callback_url: "CALLBACK_URL"
Now when I am on my url if I click on sign up with facebook link I arrive on facebook login page (as I am logged out from facebook) and when I clcik login I am redirected to this:
What is wrong?
Thanks for your help :)
here are my logs
at=info method=GET path="/users/auth/facebook/callback?code=AQBSQ125f8npBttjqtAZ4uN9M2-u_DaHqMdp2LJadvBUESXOP_u7q-OL_U0XDlrk836GuXu63OPXAerDTsG7xwgXSg93VgSEMxjs-L733DCsQ1zpoPBMxUgGIQLFb3QxQIqU544ymZuNsDEhdofUj58hrcjOOpg9fEZjQb3lvZqCd34mPt2MVPjQJJAMoe1Vo5n0Y1ozyhYjpSH2DfKTHsmK38ba_7TD8I48M47g0rItI55vvLkrogHLnpgf_NlHjgeHMXldPzsKgEybRM2ouR8S6zKNLsWRJlQ_TbJe_sYuRU85WNoJeAlRrHW-iiw1N4XHIxO2W-JTMG71jwqelSjrPM6c1kPzJbNu-zxjo1vNpQ&state=8a8f36fdd32be2f5931f05ac9176c6f5f5412ef9a8f84eeb" host=duclostutos.herokuapp.com request_id=7968a919-2170-4030-8a32-87d64299e5bf fwd="92.171.113.21" dyno=web.1 connect=0ms service=939ms status=404 bytes=1829
I could have a problem with my routes....
Rails.application.routes.draw do
devise_for :users, only: :omniauth_callbacks, controllers: {omniauth_callbacks: 'users/omniauth_callbacks'}
scope ":locale", locale: /#{I18n.available_locales.join("|")}/ do
get "/best_voted", to: "tutos#best_voted"
resources :tutos
namespace :users do
resources :tutos
end
resources :tutos, only: [:show]
resources :tutos do
member do
put "like", to: "tutos#upvote"
end
end
as :user do
get "/register", to: "devise/registrations#new", as: :register
get "/login", to: "devise/sessions#new", as: :login
get "/logout", to: "devise/sessions#destroy", as: :logout
get "/account", to: "users#show", as: :account
get "/login" , to: "devise/sessions#new", as: :new_user_session
post "/login" , to: "devise/sessions#create", as: :user_session
delete "/logout" , to: "devise/sessions#destroy", as: :destroy_user_session
end
devise_for :users, skip: [:sessions, :omniauth_callbacks]
resources :users
root "home#landing"
end
get '*path', to: redirect("/#{I18n.default_locale}/%{path}")
get '', to: redirect("/#{I18n.default_locale}")
end
You set the omniauth callbacks routes with this line
devise_for :users, only: :omniauth_callbacks, controllers: {omniauth_callbacks: 'users/omniauth_callbacks'}
You are overwriting your devise_for :users routes with this line.
devise_for :users, skip: [:sessions, :omniauth_callbacks]
Removing the callback routes.
In your terminal run rake:routes To see a full list of routes for your application.
I have put login and signup in one page and every thing works fine except when I encounter errors. Then the page redirects to their default pages and show errors there. In my case the login redirects me to the default domain.com/users/sign_in , but signup redirects me to domain.com/users.
routes.rb
Rails.application.routes.draw do
root 'visitor#index'
namespace :admin do
# get "/stats" => "stats#stats"
devise_scope :admin_user do
get '/stats/:scope' => 'stats#stats', as: :admin_stats
end
end
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
namespace :client do
get 'dashboard' => 'dashboard#index', as: 'dashboard'
# resources :verification, only: [:create, :index, :destroy]
get 'verification' => 'verification#index', as: 'verification'
match 'verification' => 'verification#upload', as: 'verification_upload', via: [:post, :patch]
end
devise_for :users, class_name: 'FormUser', controllers: { omniauth_callbacks: 'omniauth_callbacks', registrations: 'registrations' }
# devise_scope :user do
# root to: 'devise/registrations#new'
# end
end
you can use a CustomFailure class to control where the redirect goes if Devise fails to authenticate.
It's explained at this wiki page...
https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated
I'm trying to split my rails project in a front-end for regular users and a back-end for admins. Therefore i have created a namespace 'admin' so that i can easily control admin.After creating the admin namespace the I changed the routes from
Rails.application.routes.draw do
authenticated :user do
root to: 'dashboard#index', as: :authenticated_root
end
unauthenticated do
root to: "home#index"
end
match '(errors)/:status', to: 'errors#show', constraints: { status: /\d{3}/ }, via: :all
devise_for :users, skip: [:registrations]
as :user do
get 'my/profile/edit' => 'devise/registrations#edit', as: 'edit_user_registration'
patch 'my/profile' => 'devise/registrations#update', as: 'user_registration'
end
resources :users
resources :events do
patch :archive, :unarchive
end
end
to this
Rails.application.routes.draw do
namespace :admin do
authenticated :user do
root to: 'dashboard#index', as: :authenticated_root
end
unauthenticated do
root to: "home#index"
end
match '(errors)/:status', to: 'errors#show', constraints: { status: /\d{3}/ }, via: :all
devise_for :users, skip: [:registrations]
as :user do
get 'my/profile/edit' => 'devise/registrations#edit', as: 'edit_user_registration'
patch 'my/profile' => 'devise/registrations#update', as: 'user_registration'
end
resources :users
resources :events do
patch :archive, :unarchive
end
end
end
After these change I got this page
Rails::WelcomeController#index as HTML
Does anyone know how to do this?
If I understand what you ask, you want to put everything admin related into the admin namespace, but leave everything (for example, the root page) outside.
But in your routing example, you put everything inside the admin namespace, even the root page.
So generally, you want something like:
Rails.application.routes.draw do
namespace :admin do
# put admin stuff here
end
# put everything NOT in the admin interface outside your namespace
# you want a root route here. That's the page that'll be displayed by default
root to :your_root_stuff
# and if you have users who aren't admins, devise and authenticated routes too
# ... other stuff
end
I would like to make the homepage for an app (ie landing page) display a registration page. Unless the user is logged in - in which case they just find the "statuses" page.
Here are what I believe are the two relevant excerpts:
as :user do
get '/register', to: 'devise/registrations#new', as: :register
get '/login', to: 'devise/sessions#new', as: :login
get '/logout', to: 'devise/sessions#destroy', as: :logout
end
[...]
resources :statuses
get 'feed', to: 'statuses#index', as: :feed
root to: 'statuses#index'
Basically, I'm trying to get these two pages to swap their routes and route names. Unless, as mentioned, if someone is already signed in, then the landing page is the statuses page.
I only know a bit about this sort of thing, such as "get," and the URL aspects. If anyone could provide guidance, I'd be much obliged.
Here's the routes.rb file:
Treebook::Application.routes.draw do
resources :activities, only: [:index]
as :user do
get '/register', to: 'devise/registrations#new', as: :register
get '/login', to: 'devise/sessions#new', as: :login
get '/logout', to: 'devise/sessions#destroy', as: :logout
end
devise_for :users, skip: [:sessions]
as :user do
get "/login" => 'devise/sessions#new', as: :new_user_session
post "/login" => 'devise/sessions#create', as: :user_session
delete "/logout" => 'devise/sessions#destroy', as: :destroy_user_session
end
resources :user_friendships do
member do
put :accept
put :block
end
end
resources :statuses
get 'feed', to: 'statuses#index', as: :feed
root to: 'statuses#index'
scope ":profile_name" do
resources :albums do
resources :pictures
end
end
get '/:id', to: 'profiles#show', as: 'profile'
end
Why not just send the user to the statuses page, and redirect all users who are not signed in to the sign in?
class StatusesController
before_action :authorize!, only: :index
def index
#...
end
def authorize! # I believe this method is provided by devise
unless signed_in?
redirect_to new_user_session_path
end
end
end
# config/routes.rb
root 'statuses#index'