Related
I recently upgraded my application to rails 7 and now a bunch of my tests are failing with the below error.
ActionDispatch::Request::Session::DisabledSessionError: Your application has sessions disabled. To write to the session you must first configure a session store
I am suspecting this has something to do with devise.
Below is the code that is causing issues.
def login_user(user)
post "/api/v2/login", :params => { :username => user.username, :password => user.password }
assert_response :success, response.body
json = JSON.parse(response.body)
{:authentication_token => json["user"]["authentication_token"]}
end
If I remove the line config.api_only = true from the application.rb file then the test cases pass without any hitch but I can't really remove that line due to other issues. Does anybody a proper solution for this issue ?
I found a similar question: Rails 7 API only app requiring session store with Devise
where it's suggested to add following to your config/application.rb :
config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies
config.middleware.use config.session_store, config.session_options
based on this issue on github
I am developing a Rails 4 app using the Active Admin gem for the administration back end. Active Admin in turn uses Devise for user authentication. Now, when I try to deploy the app using capistrano on the VPS server, I get the below error:
rake aborted!
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = '-- secret key --'
A Google search does not do much for this error. Any suggestions why it is throwing an error? Should I add the secret key to devise initializer, as I cannot find any place to set such config key in initializers/devise.rb?
I ran bundle update this morning and started getting the same error.
I added it as a line in config/initializers/devise.rb and the error was fixed.
This seems to be the commit which introduced it.
What worked for me on Rails 4.1 and Devise 3.2.4 is in config/initializers/devise.rb:
config.secret_key = ENV['DEVISE_SECRET_KEY'] if Rails.env.production?
As of Devise 3.2.3 for Rails 4+ applications the key setting location defaults to YourAppName::Application.config.secret_key_base found in config/initializers/secret_token.rb
This solved my problem:
Add the code below to your config/initializers/devise.rb file.
config.secret_key = '-- secret key --'
Replace '-- secret key--' with your own key. I recommend storing it in an ENV variable for security purpose.
As per changelog:
Devise will use the secret_key_base on Rails 4+ applications as its secret_key. You can change this and use your own secret by changing the devise.rb initializer.
I went to config/secrets.yml and changed the production value.
Before:
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
After:
production:
secret_key_base: string of charaters
Of course, that should be set to the environment variable, which I will set later, but this at least got it running. I got my string by using bundle exec rake secret.
Could it be, that you did not run rails g devise:install?
Running rails generate devise User without the previous command does cause this problem.
In config/initializers/devise.rb I put:
config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env.production?
Because if you put:
$ heroku config
You'll see a secret_key_base for the mode production.
I solve my initializer problem with this ugly approach:
config.secret_key = 'some1234keyq23' if Rails.env == 'production'
in config/initializers/devise.rb
It now works in production as well as in development !
I cloned my repository onto a new machine from git. The
config/secrets.yml
file was on my .gitignore list, so that file didn't exist, and Devise doesn't create the file.
I added the file, then re-ran
rails generate devise MODEL
and it worked.
Check if your config\initializers\secret_token.rb has:
YourAppName::Application.config.secret_token
It should be:
YourAppName::Application.config.secret_key_base
I has same issue. The problem was caused by these lines in routes.rb:
devise_for :users, :skip => [:registrations]
as :user do
get 'users/edit' => 'devise/registrations#edit', :as => 'edit_user_registration'
put 'users' => 'devise/registrations#update', :as => 'user_registration'
get '/users/sign_out' => 'devise/sessions#destroy'
end
I commented them and after that i run:
$ rails generate devise:install
And it has evaluated perfectly. And after that I uncommented routes.
Well, I have been following this post and tried almost everything here.
I have added the key to devise.rb. But I was still getting the same error.
Maybe a stupid answer, but all I had to do was to push the devise.rb key to the repository.
Fix:
In the production server:
sudo -H nano /etc/environment
Then in the file add:
export SECRET_KEY_BASE="yourkey"
export DEMO03_DATABASE_PASSWORD="yourpass"
to set this permanently, and system wide (all users, all processes) add set variable
In the local project devise.rb file:
config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env.production?
Technical details:
Ubuntu 16.04
Devise (4.2.0)
rails 5.0.1
capistrano (3.7.1)
Ran into the same trouble with Rails 5.2.0 and Devise 4.4.1
Drop the following into /config/initializers/devise.rb
config.secret_key = Rails.application.credentials.secret_key_base
Trying to give a somewhat more complete answer to the ones above:
As mentioned in the devise_auth_token gem's documentation
...Additionally, you can configure other aspects of devise by manually
creating the traditional devise.rb file at
config/initializers/devise.rb. Here are some examples of what you can
do in this file:
Devise.setup do |config|
# The e-mail address that mail will appear to be sent from
# If absent, mail is sent from "please-change-me-at-config-initializers-devise#example.com"
config.mailer_sender = "support#myapp.com"
# If using rails-api, you may want to tell devise to not use ActionDispatch::Flash
# middleware b/c rails-api does not include it.
# See: http://stackoverflow.com/q/19600905/806956
config.navigational_formats = [:json] end
I had the same problem, and like metioned here, I created the devise initializer, and add the config.secret_key = ENV['DEVISE_SECRET_KEY'] line to it.
I do not know right solution but it's working. You can try it. I was cloned my project from my GitLab account and when I run in my local server, I have an error Message:
rake aborted!
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = '-- secret key --'
Open config/initializers/devise.rb and add this line
config.secret_key = '<%= ENV["SECRET_KEY_BASE"] %>'
This code line is solved my problem.
I am developing a Rails 4 app using the Active Admin gem for the administration back end. Active Admin in turn uses Devise for user authentication. Now, when I try to deploy the app using capistrano on the VPS server, I get the below error:
rake aborted!
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = '-- secret key --'
A Google search does not do much for this error. Any suggestions why it is throwing an error? Should I add the secret key to devise initializer, as I cannot find any place to set such config key in initializers/devise.rb?
I ran bundle update this morning and started getting the same error.
I added it as a line in config/initializers/devise.rb and the error was fixed.
This seems to be the commit which introduced it.
What worked for me on Rails 4.1 and Devise 3.2.4 is in config/initializers/devise.rb:
config.secret_key = ENV['DEVISE_SECRET_KEY'] if Rails.env.production?
As of Devise 3.2.3 for Rails 4+ applications the key setting location defaults to YourAppName::Application.config.secret_key_base found in config/initializers/secret_token.rb
This solved my problem:
Add the code below to your config/initializers/devise.rb file.
config.secret_key = '-- secret key --'
Replace '-- secret key--' with your own key. I recommend storing it in an ENV variable for security purpose.
As per changelog:
Devise will use the secret_key_base on Rails 4+ applications as its secret_key. You can change this and use your own secret by changing the devise.rb initializer.
I went to config/secrets.yml and changed the production value.
Before:
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
After:
production:
secret_key_base: string of charaters
Of course, that should be set to the environment variable, which I will set later, but this at least got it running. I got my string by using bundle exec rake secret.
Could it be, that you did not run rails g devise:install?
Running rails generate devise User without the previous command does cause this problem.
In config/initializers/devise.rb I put:
config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env.production?
Because if you put:
$ heroku config
You'll see a secret_key_base for the mode production.
I solve my initializer problem with this ugly approach:
config.secret_key = 'some1234keyq23' if Rails.env == 'production'
in config/initializers/devise.rb
It now works in production as well as in development !
I cloned my repository onto a new machine from git. The
config/secrets.yml
file was on my .gitignore list, so that file didn't exist, and Devise doesn't create the file.
I added the file, then re-ran
rails generate devise MODEL
and it worked.
Check if your config\initializers\secret_token.rb has:
YourAppName::Application.config.secret_token
It should be:
YourAppName::Application.config.secret_key_base
I has same issue. The problem was caused by these lines in routes.rb:
devise_for :users, :skip => [:registrations]
as :user do
get 'users/edit' => 'devise/registrations#edit', :as => 'edit_user_registration'
put 'users' => 'devise/registrations#update', :as => 'user_registration'
get '/users/sign_out' => 'devise/sessions#destroy'
end
I commented them and after that i run:
$ rails generate devise:install
And it has evaluated perfectly. And after that I uncommented routes.
Well, I have been following this post and tried almost everything here.
I have added the key to devise.rb. But I was still getting the same error.
Maybe a stupid answer, but all I had to do was to push the devise.rb key to the repository.
Fix:
In the production server:
sudo -H nano /etc/environment
Then in the file add:
export SECRET_KEY_BASE="yourkey"
export DEMO03_DATABASE_PASSWORD="yourpass"
to set this permanently, and system wide (all users, all processes) add set variable
In the local project devise.rb file:
config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env.production?
Technical details:
Ubuntu 16.04
Devise (4.2.0)
rails 5.0.1
capistrano (3.7.1)
Ran into the same trouble with Rails 5.2.0 and Devise 4.4.1
Drop the following into /config/initializers/devise.rb
config.secret_key = Rails.application.credentials.secret_key_base
Trying to give a somewhat more complete answer to the ones above:
As mentioned in the devise_auth_token gem's documentation
...Additionally, you can configure other aspects of devise by manually
creating the traditional devise.rb file at
config/initializers/devise.rb. Here are some examples of what you can
do in this file:
Devise.setup do |config|
# The e-mail address that mail will appear to be sent from
# If absent, mail is sent from "please-change-me-at-config-initializers-devise#example.com"
config.mailer_sender = "support#myapp.com"
# If using rails-api, you may want to tell devise to not use ActionDispatch::Flash
# middleware b/c rails-api does not include it.
# See: http://stackoverflow.com/q/19600905/806956
config.navigational_formats = [:json] end
I had the same problem, and like metioned here, I created the devise initializer, and add the config.secret_key = ENV['DEVISE_SECRET_KEY'] line to it.
I do not know right solution but it's working. You can try it. I was cloned my project from my GitLab account and when I run in my local server, I have an error Message:
rake aborted!
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = '-- secret key --'
Open config/initializers/devise.rb and add this line
config.secret_key = '<%= ENV["SECRET_KEY_BASE"] %>'
This code line is solved my problem.
I currently have a setup where I force SSL or http where I need it with this before_filter in my application controller:
def force_ssl
if params[:controller] == "sessions"
if !request.ssl? && Rails.env.production?
redirect_to :protocol => 'https://', :status => :moved_permanently
end
else
if request.ssl? && Rails.env.production?
redirect_to :protocol => 'http://', :status => :moved_permanently
end
end
end
What I'd like to do is to use https://secure.example.com when using SSL but keep using http://example.com when not using SSL. Is there a way I can switch between the hostnames depending on whether I'm using SSL?
First I'll show how to force SSL in current and earlier versions of Rails, then at the end I've posted how to use HTTP and HTTPS in Parallel with each other, which is what I think your looking for.
Rails >= 3.1
Simply use config.force_ssl = true in your environment configuration.
# config/application.rb
module MyApp
class Application < Rails::Application
config.force_ssl = true
end
end
You can also selectively enable https depending on the current Rails environment. For example, you might want to keep HTTPS turned off on development, and enable it on staging/production.
# config/application.rb
module MyApp
class Application < Rails::Application
config.force_ssl = false
end
end
# config/environments/production.rb
MyApp::Application.configure do
config.force_ssl = true
end
Rails < 3.1
Just in case you have any projects that are not Rails 3.1 and want the same feature. Enable HTTPS by adding the following line to your environment configuration.
config.middleware.insert_before ActionDispatch::Static, "Rack::SSL"
Note that I’m passing Rack::SSL as string to delegate the loading of the class at the end of the Rails application initialization. Also note the middleware must be inserted in a specific position in the stack, at least before ActionDispatch::Static and ActionDispatch::Cookies.
Don’t forget to define Rack::SSL dependency in your Gemfile.
# Gemfile
gem 'rack-ssl', :require => 'rack/ssl'
Enabling HTTPS and HTTP in parallel
Rack::SSL has a very interesting and undocumented feature. You can pass an :exclude option to determine when to enable/disable the use of HTTPS.
The following code enables Rack::SSL and all its filters only in case the request comes from a HTTPS connection.
config.middleware.insert_before ActionDispatch::Static, Rack::SSL, :exclude => proc { |env| env['HTTPS'] != 'on' }
Both the following URLs will continue to work, but the first one will trigger the Rack::SSL filters.
https://secure.example.com
http://example.com
I am on rails 2.3.5 and have the latest Ruby installed and my application is running well, except, GMail emails.
I am trying to setup my gmail imap connection which has worked previously but now doesnt want to know.
This is my code:
# Be sure to restart your server when you modify this file
# Uncomment below to force Rails into production mode when
# you don't control web/app server and can't set it the proper way
# ENV['RAILS_ENV'] ||= 'production'
# Specifies gem version of Rails to use when vendor/rails is not present
RAILS_GEM_VERSION = '2.3.5' unless defined? RAILS_GEM_VERSION
# Bootstrap the Rails environment, frameworks, and default configuration
require File.join(File.dirname(__FILE__), 'boot')
Rails::Initializer.run do |config|
# Gems
config.gem "capistrano-ext", :lib => "capistrano"
config.gem "configatron"
# Make Time.zone default to the specified zone, and make Active Record store time values
# in the database in UTC, and return them converted to the specified local zone.
config.time_zone = "London"
# The internationalization framework can be changed to have another default locale (standard is :en) or more load paths.
# All files from config/locales/*.rb,yml are added automatically.
# config.i18n.load_path << Dir[File.join(RAILS_ROOT, 'my', 'locales', '*.{rb,yml}')]
#config.i18n.default_locale = :de
# Your secret key for verifying cookie session data integrity.
# If you change this key, all old sessions will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
config.action_controller.session = {
:session_key => '_base_session',
:secret => '7389ea9180b15f1495a5e73a69a893311f859ccff1ffd0fa2d7ea25fdf1fa324f280e6ba06e3e5ba612e71298d8fbe7f15fd7da2929c45a9c87fe226d2f77347'
}
config.active_record.observers = :user_observer
end
ActiveSupport::CoreExtensions::Date::Conversions::DATE_FORMATS.merge!(:default => '%d/%m/%Y')
ActiveSupport::CoreExtensions::Time::Conversions::DATE_FORMATS.merge!(:default => '%d/%m/%Y')
require "will_paginate"
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.smtp_settings = {
:enable_starttls_auto => true,
:address => "smtp.gmail.com",
:port => 587,
:domain => "XXXXXXXX.XXX",
:authentication => :plain,
:user_name => "XXXXXXXXXX.XXXXXXXXXX.XXX",
:password => "XXXXX"
}
But the above just results in an SMTP auth error in the production log.
I have read varied reports of this not working in Rails 2.2.2 but nothing for 2.3.5, anyone got any ideas?
Thanks,
Danny
Use action mailer optional tls