I'm having some troubles to set up Devise correctly with Engines.
In my engine I have:
config/initializers/devise.rb
config.router_name = :portal_core
config/routes.rb
devise_for :users, class_name: 'PortalCore::User', module: :devise
app/models/portal_core/user.rb
module PortalCore
class User < ApplicationRecord
...
devise :database_authenticatable, :trackable, :confirmable,
:recoverable, :rememberable, :validatable, :lockable
end
end
All my tests pass here.
Then, in one of my host apps I have:
config/routes.rb
devise_for :admin_users, class_name: 'AdminUser'
app/models/admin_user.rb
class User < ApplicationRecord
...
devise :database_authenticatable, :trackable,
:recoverable, :rememberable, :validatable
end
When I ran this test in the host app:
context "When not logged in" do
it "redirect to new user session when try to access index" do
process :index, method: :get, params:{}
expect(response).to redirect_to(new_admin_user_session_path)
end
end
I got this error: NoMethodError:
undefined method `portal_core' for # Devise::FailureApp:0x0000000008c9f1f0>
If I mount the engine routes in the host app:
mount PortalCore::Engine => '/portal_core'
Then I got this error: Expected response to be a redirect to http://test.host/admin_users/sign_in but was a redirect to http://test.host/.
And if I try to start the server, it keeps redirecting with 401 Unauthorized
Probably some configuration is missing, but I can't figure out what.
So, I don't know if this is the solution or just a workaround.
In the host app devise initializer I set the router_name to nil:
config.router_name = nil
And it worked.
Any other solution is welcome!
Thanks!
Related
Started to learn and develop rails - while it is pretty straight forward I got stuck changing the implementation of the /users/edit view and endpoint in the default configuration of devise.
My approach is pretty simple, all routes and logic for authentication, password resetting etc. get handled by devise and it's routes. My problem is that I want users to change their passwords and email via my custom /settings route and view. For me /users/edit just doesn't make sense and I want to remove it from the accessible routes and ideally use its logic for my custom route.
routes.rb
Rails.application.routes.draw do
devise_for :users
# Defines the root path route ("/")
root "home#index"
# SETTINGS
get "settings/profile" => "settings#profile"
get "settings/account" => "settings#account"
get "settings/billing" => "settings#billing"
get "settings/notifications" => "settings#notifications"
end
user.rb
class User < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable,
:confirmable, :lockable,
:trackable, :omniauthable
def remember_me
true
end
end
settings_controller.rb
class SettingsController < ApplicationController
before_action :authenticate_user!
def profile
end
def account
end
def billing
end
def notifications
end
end
I'm using Devise in my project. Why does it allow me to create User when I don't provide password_confirmation in request? When I provide password_confirmation other than password it doesn't allow me to create User. How to force providing password_confirmation in params?
# user.rb
class User < ApplicationRecord
devise :database_authenticatable,
:jwt_authenticatable,
:registerable,
:validatable,
jwt_revocation_strategy: JwtDenylist
end
# part of my routes.rb
devise_for :users,
path: 'api/v1/users',
controllers: {
sessions: 'api/v1/users/sessions',
registrations: 'api/v1/users/registrations'
}
I've never received this error until I tried to use oauth via a namespaced controller - not sure if it's a coincidence or there is an issue here. Any help is appreciated!
Here are some relevant code snippets.
routes.rb
devise_for :users,
class_name: 'Accounts::User',
path: 'accounts',
controllers: {
omniauth_callbacks: 'accounts/omniauth_callbacks',
registrations: 'accounts/registrations'
}
accounts/user.rb
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable, :omniauthable,
omniauth_providers: %i[facebook google_oauth2]
accounts/omniauth_callbacks_controller.rb
module Accounts
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
sign_in user_from_auth_hash
redirect_to root_url, notice: 'Facebook authentication successful.'
end
end
end
initializers/devise.rb
config.omniauth_path_prefix = '/accounts/auth'
config.omniauth :facebook, ENV['FACEBOOK_OAUTH_ID'],
ENV['FACEBOOK_OAUTH_SECRET']
Let me know if there's anything else to add. Thanks!
I'm trying to prevent rails from exposing the devise_token_auth registration route so that admins can only be created from the console.
My admin.rb looks like this:
class Admin < ActiveRecord::Base
devise :database_authenticatable, :confirmable,
:recoverable, :trackable, :validatable,
:omniauthable
include DeviseTokenAuth::Concerns::User
end
I'm not sure what I should put in my config/routes.rb to prevent rails from exposing the route.
Removing :registerable ,:omniauthable and :confirmable from the model should do the trick.
Try adding this to your routes as well:
mount_devise_token_auth for 'Admin', at: 'admin_auth', :skip => [:registrations]
I followed this guide step by step: http://railscasts.com/episodes/241-simple-omniauth
When I click the button that would take me on twitter, the result is this:
No route matches [GET] "/auth/twitter"
I made several attempts, watching the video in slow motion ... but the result is always the same
In the future, try to share your relevant code for debugging purposes. However, make sure you have the following.
In your routes, make sure you have something like
devise_for :users, :controllers => {:omniauth_callbacks => "users/omniauth_callbacks" ...
and in your, devise initializer
config.omniauth :facebook, facebook_app_id, facebook_app_secret,
{ :scope => 'yourscopeshere', :client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}} }
You need to comment out ':omniauthable' in your model used by the Devise gem (usually it's the model 'User' = the user.rb file):
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable # plus whatever other calls...
# :omniauthable
[...]
end
Using the ':omniauthable' call means loading devise/omniauth components (which cause conflicts with your omniauth setup).