Trying to login with another account, i found that on login not asks again for a gmail account.
My action/method is this
class Users::SessionsController < Devise::SessionsController
def destroy
super
cookies.delete :_myapp_session
end
end
It comes here as delete method in routes.rb
When i delete all cookies from browser, i can login watching the gmail page.
If i login with another account stills loading the data from the other account.
I use Devise with omniauth and Mongoid instead ActiveRecord
Problem was that user not created before as properly fields needed on
model like uid and provider
Related
I am using Devise gem for login/logout of the users. When a user logs in in two browsers, and then logs out from one of them, the other browser is still active. I want the user to be logged out in all browsers when they log out from one. How can I do that?
Add a session_token column to your devise model (e.g. User) and override Devise #authenticatable_salt method to contain your session token:
class User < ApplicationRecord
def authenticatable_salt
return super unless session_token
"#{super}#{session_token}"
end
def invalidate_all_sessions!
update_attribute(:session_token, SecureRandom.hex)
end
end
You can now invalidate the session cookie by resetting the session_token of a user, when he/she logs out:
class Users::SessionsController < Devise::SessionsController
def destroy
current_user.invalidate_all_sessions!
super
end
end
I am creating a website using rails and I have started using the devise gem. I have added a sign out link to my homepage which works, but I want to route the user back to the login page after they sign out. At this moment after the user signs in they are offered a sign out link which signs them out but they remain at the page. How do I make it so that they are sent back to the login page after they sign out? Thanks.
You can change the redirect path in ApplicationController using Devise's after_sign_out_path_for method...
class ApplicationController < ActionController::Base
private
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
end
I've created a Rails 4 app using the rails-api gem. I have my application controller which inherits from ActionController::API.
My routes file:
namespace :api do
namespace :v1 do
devise_for :users
resources :friends
end
end
I have a user model which I have ran a migration to add devise attributes. The user model also has attributes which are not specific to devise, such as first_name and last_name.
I then have a token_authentication model which stores the users token.
I'd like to use the current version of Deivse for the registration / sessions / authentication of users in my app.
My question is how can I use Devise registration controllers / session controllers to accept JSON format, create a user / session and send a JSON response. I want to enforce user authentication on every request to the API, except for a User create action. I'd need to be able to add in my token code in to Devise so that on the creation of users it also created a token, and on the sessions / authentication it checked for the token.
Any help or suggestions would be greatly appreciated.
If there's any additional info I can provide to help understand my issue, please let me know.
Many thanks
Lee
I used to do like this.
First you need override the devise controller.
# Override the devise session and registration controller to do like this.
resource.generate_auth_token!
Then write your own authenticate method.
# Authenticate user.
def current_user
#current_user ||= User.where(private_token: token).first
end
def authenticate!
render json:{error:'401 Unauthorized!'},status: 401 unless current_user
end
But then i found the devise_token_auth. I think they do better.
I'm using Janrain to handle user sessions in my Ruby on Rails app. It appears to be working, however, I don't know how to tell if a user is logged in or not or access the current user's information. After the user signs in, is there a session variable created?
Assuming you are referring to Janrain Social Login(Engage), once the user authenticates through a Social Provider the widget gets a Janrain OAuth token that is valid for 60 minutes. You can use that token to retrieve the user's profile data through this API end point: (https://{your-engage-domain.com}/api/v2/auth_info).
Janrain Social Login does not maintain any log in state related session data. It simply facilitates authentication and normalizes the retrieval of user profile data from multiple authentication providers. Once a successful authentication event happens it is up to your server to validate the authentication token and then establish any form of authorization session related work.
Most Social Providers return access tokens that are valid for 30-60 days.
try 'current_user' variable, it works in most of the rails authentication libs, e.g.:
#in the erb file:
<% current_user = session[:user_id] %>
# or in the rb file:
class MusicController < ApplicationController
before_filter :authenticate_user! # just like devise
def index
# same methods and api as devise.
return if signed_in? and current_user.email
end
end
# put this method in application_controller.rb
def current_user
#current_user ||= User.find_by_id(session[:user_id])
end
more details refer to this example: https://github.com/hatem/janrain-engage-demo
I'm using devise as registration engine in my rails 3.1 app. How can i prevent users from accessing some pages when they are logged in? I need to disable devise registration and some custom pages? Is there any way to implement this?
Devise automatically handles redirecting logged in users away from the sign in and sign up actions. If you would like to do this for other pages you would need to use controller before filters or an authorization solution such as CanCan.
You could quickly do a controller filter to redirect logged in users like so in a controller:
def SomeController < ApplicationController
before_filter :redirect_logged_in_user, :only => :action_to_prevent
private
def redirect_logged_in_user
redirect_to your_redirect_path if current_user
end
end
Devise is authentication system. To control users access to some pages you need authorization. For example, https://github.com/ryanb/cancan