I would like to secure the rails_admin pages using the sorcery gem. According to this SO answer, the way to do this is as follows:
# config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authenticate_with do
# Use sorcery's before filter to auth users
require_login
end
end
# app/controllers/application_controller.rb
class ApplicationController
# Overwrite the method sorcery calls when it
# detects a non-authenticated request.
def not_authenticated
# Make sure that we reference the route from the main app.
redirect_to main_app.login_path
end
end
This overrides sorcery's default method for handling no login. The overriding does work in my app, but when I visit the rails_admin pages, I get the following error:
undefined local variable or method `root_path' for #<RailsAdmin::MainController.
so the overriding is not working in the rails_admin code. I am mounting rails_admin at the bottom of my routes file with
# config/routes.rb
...
mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
How do I fix this?
It is because the rails_admin controller is not inheriting from my application controller. There is a rails_admin configuration setting that sets this inheritance, i.e.
#config/initializers/rails_admin.rb
RailsAdmin.config do |config|
...
config.parent_controller = 'ApplicationController'
end
Related
I have two devise models, user and admin, When user and admin login through login form, then will redirect to /admin
I have read the rails_admin wiki, but it seems just about configuration about single devise model, Can I define multi warden scope like following:
RailsAdmin.config do |config|
config.authenticate_with do
warden.authenticate! scope: [:user,:admin]
end
config.current_user_method(&:current_user)
config.current_admin_method(&:current_admin)
end
You can add more than one devise model. Here is an example (with a checksum authentication):
# initilizer/devise.rb
Devise.setup do |config|
config.warden do |manager|
manager.strategies.add :admin, Admin::ChecksumAuthenticatable
end
end
You class Admin::ChecksumAuthenticatable (for example) needs to inherit from ::Devise::Strategies::Base. Then define all methods you want and overwrite authenticate! method:
def authenticate!
admin = Admin.from_checksum_for_auth!(checksum)
# from_checksum_for_auth! is defined on Admin model and check checksum validity
success! admin
end
I'm having a problem creating an Engine in Rails.
I want to create an engine that uses Devise to share over all my other applications.
I followed the Getting Started guide for Engines at rails website:
http://edgeguides.rubyonrails.org/engines.html
Created an application, required my engine... everything runs just fine.
Then, I run into Devise (I've already installed Devise direct in an application before, but not in an engine) but when I try to use it, by acessing any controller that inherits the before_action authenticate_user! I get this message:
http://i.imgur.com/dIIxgwU.jpg
I really don't understand (I'm starting in Ruby, I'm a CakePHP guy), the route is set, but it can't find it (?).
engine/config/initializers/devise.rb
Devise.setup do |config|
...
config.router_name = :doisbit
config.parent_controller = 'Doisbit::ApplicationController'
end
engine/config/routes.rb
Doisbit::Engine.routes.draw do
...
devise_for :users, class_name: "Doisbit::User", module: :devise
...
end
engine/lib/doisbit/engine.rb
module Doisbit
class Engine < ::Rails::Engine
isolate_namespace Doisbit
end
end
engine/lib/doisbit.rb
require 'doisbit/engine'
require 'devise'
...
engine/doisbit.gemspec
...
Gem::Specification.new do |s|
...
s.add_dependency "devise"
end
engine/app/controllers/application_controller.rb
module Doisbit
class ApplicationController < ActionController::Base
before_action :authenticate_user!
end
end
application/config/routes.rb
Rails.application.routes.draw do
...
mount Doisbit::Engine, at: "/doisbit"
end
application/config/environments/development.rb
Rails.application.configure do
...
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
end
application/Gemfile
...
gem 'doisbit', path: "C:/.../doisbit"
...
EDIT
Just noticed by accessing /doisbit/users/sign_in I get the form. (duh)
i.imgur.com/anTRK2d.jpg
But... still... by default it routes to /users/sign_in when i'm not logged in.
What I'm missing?
I have a a decorator in my Rails 4 project:app/decorators/course_decorator.rb
Inside course_decorator.rb, I want to define a method that will display a link if a condition is satisfied.
For instance, I am doing:
class CourseDecorator
def initialize(course)
#course = course
end
def view_button
if user_signed_in?
link_to "View", #course
end
end
I am using Devise gem for user authentication, and user_signed_in? is a helper provided by Devise.
When trying to use the view_button method in my view, I get no method error. The error is something in the lines of undefined method 'user_signed_in?' for #Course:0x007fcc7ccb8310
I think this is happening because decorator is calling user_signed_in? method on Course object. How can I properly implement user_signed_in? method in this case?
From the Devise wiki here:
Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your
test/test_helper.rb file:
class ActionController::TestCase
include Devise::TestHelpers
end
If you're using RSpec, you can put the following inside a file named spec/support
/devise.rb or in your spec/spec_helper.rb:
RSpec.configure do |config|
config.include Devise::TestHelpers, type: :controller
end
I'm trying to install the Rails Admin Gem using Sorcery for authentication instead of Devise.
Rails admin does provide a hook that you can use to attach your own authentication method. Here is the example they provide in their docs (using warden):
config.authenticate_with do
warden.authenticate! :scope => :admin
end
config.current_user_method { current_admin }
I'm guessing that inside the block I need to reference the before_filter that Sorcery uses to authenticate users, which would be require_login.
However, when I try that and I try to visit /admin when logged out, I get a routing error:
No route matches {:action=>"new", :controller=>"sessions"}
This probably happens because I am being redirected within the engine rather than in the main app.
How can I set this up correctly?
# config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authenticate_with do
# Use sorcery's before filter to auth users
require_login
end
end
# app/controllers/application_controller.rb
class ApplicationController
# Overwrite the method sorcery calls when it
# detects a non-authenticated request.
def not_authenticated
# Make sure that we reference the route from the main app.
redirect_to main_app.login_path
end
end
#config/initializers/rails_admin.rb
RailsAdmin.config do |config|
...
config.parent_controller = 'ApplicationController'
end
If you use Sorcery with Cancancan gem, you should also add config.current_user_method(&:current_user) in your config/initializers/rails_admin.rb file, or you'll get the error: You are not authorized.
I want to add "is_admin?" filter to ActiveAdmin initializer. In which file should I define the "is_admin?" method?
# == Controller Filters
#
# You can add before, after and around filters to all of your
# Active Admin resources from here.
#
config.before_filter :is_admin?
In your app/controllers/application_controller.rb