I wanted to add some custom fields to devise authentication, so I followed a tutorial and did some changes. I unpacked the devise gem, added the fields to the views, and devise controller. I added the fields "first_name" and "last_name" to my users table. The changes didn't work. So I didn't want to spend much time on that, so I wanted to move on, I removed all the code I added to the devise gem sourcecode, created a migration to remove first_name, and last_name from users. Everything looked fine, I can move about on the site and everything. But as soon as I try to sign out, I get this error:
In the command line, the error also says "can't verify CSRF token auhtenticity"
This is the code I have in my layout view navbar for the user to sign out:
<% if user_signed_in? %>
<li><%= link_to "Sign out", destroy_user_session_path, method: :delete %></li>
<%else%>
<li>
<%= link_to "sign up" , new_user_registration_path %>
</li>
<li>
<%= link_to "Log in", new_user_session_path%>
</li>
<%end%>
I restarted the server and all that. The user is still signed in. I can't do anything to sign out. Is there a way to fix this?
To destroy a user session in devise, you have to do the following:
<%= link_to "Logout", destroy_user_session_path, :method => :delete %>
the hash ':method' will trigger delete action and sign the user out and destroy current session. Make sure your pointing to your "destroy_user_session_path", or the path you specified. You should be able to see what the name of the path is by using "rails routes" or "rake routes" command depending on what version of rails you're using.
Hope this helps.
Related
I have Devise set up in my Rails application, but my sign out link:
<%= link_to "Sign out", destroy_user_session_path, method: :delete %>
is not working. The correct HTML seems to be generated:
<a rel="nofollow" data-method="delete" href="/users/sign_out">Sign out</a>
but there is no DELETE request being logged by Rails, only a 'GET /user/sign_out', which then throws an exception. What could be causing this?
Edit:
I've now discovered if I use button_to instead of link_to this works, so the issue certainly seems to be with the DELETE call not being generated client-side.
Situation:
I want to destroy the current session in Rails, and am currently signed into an admin model setup via devise.
I thought it would be enough to input site.io/admins/sign_out into the URL, but this assumes a GET request and doesn't work.
No route matches [GET] "/admins/sign_out"
A method: :delete request needs to be made to destroy the session.
Can something be done like site.io/admins/sign_out{action:delete}?
UPDATE
Per request, this is the route related to admin.
devise_for :admins
try this:
<%= link_to "Sign Out", destroy_admin_session_path, :method => :delete %>
To log out with devise you need to POST to /admins/sign_out. I use rails link_to to help with this.
<%= link_to "Log Out", destroy_admin_session_path, method: :delete %>
You could also do it without ERB or link_to
<a rel="nofollow" data-method="delete" href="/admins/sign_out">Log Out</a>
For user model, just replace admin with user
<%= link_to "Log Out", destroy_user_session_path, method: :delete %>
or
<a rel="nofollow" data-method="delete" href="/users/sign_out">Log Out</a>
Source: https://github.com/plataformatec/devise/wiki/How-To:-Add-sign_in,-sign_out,-and-sign_up-links-to-your-layout-template
No you can not manually type in the link on the browser and log it out because in the browser you can't specify PUT POST or Delete.If you define the logout path as GET Method you can directly enter the path and log it out as browser by default gives a GET method. you can do it on Rest Client like postman like below
http://localhost:3000/users/sign_out.html
select method as DELETE
If you inject site.io/admins/sign_out forcefully.
It will send you to the show action of the controller with Parameters: {"id"=>"sign_out"}. Because It assumes that, it is a show action rather than calling the Delete function.
So, I think it is not possible, to forcefully use delete method directly from URL.
I have two models, User and Profile, with user_id used as a foreign key to link them. I'd like to put a conditional statement in my footer that looks to see if the current user has a profile. If they do they will see a link to the edit page and, if they don't, to the create/new page.
I tried finding a solution online and I think using the presence_in?(object) method might work but, as a newbie, I don't quite get the syntax.
This is what I have so far if someone can help me get to the finish line :)
<% if current_user.id (something something) %>
<li><%= link_to "Edit Profile", edit_profile_path(:id => current_user) %></li>
<% else %>
<li><%= link_to "New Profile", new_profile_path %></li>
<% end %>
If my question is unclear please let me know and I'll provide a link to my Github page
You can simply do <% if current_user.profile.present? %> to check whether user's profile exists or not. You need have has_one association in User model to get this working e.g has_one :profile
I have followed the Devise Wiki to create a very basic admin setup by adding a admin column to my User table in a boolean format.
I have been into my table (through SQlite administrator) and assigned one of my users to be an admin.
I am then have the following code in my view:
<% if user_signed_in? %>
<% if current_user.admin? %>
<%= link_to "Admin Job Post", new_user_job_path(current_user.id) %>
<% else %>
<%= link_to "Post a new job", new_user_job_path(current_user.id) %>
<% end %>
<% else %>
<%= link_to "Post a new job", new_user_session_path %>
<% end %>
The issue I am having is that my app is only ever returning my <%= link_to "Post a new job", new_user_job_path(current_user.id) %> even when logged in with an admin user.
It would be great to get a solution on this because I have tried several variations and can't get it to work.
Thanks in advance for your help!
I'm not sure of the entirety of your code, but I have a similar setup, but I used the following to show a link once a user is logged in as an Admin (I used 'try' due to the fact that it is outside of a 'user_logged_in' check).
<% if current_user.try(:admin?) %>
<li>AdminLink</li>
<% end %>
Are you sure that you made the user an admin?
To make the user admin you should have run the following commands
User.find(#id_of_user_you_want_to_make_admin)
User.admin = true
User.save!
<% if current_user.present? && current_user.has_role?(:admin) %>
<li><%= link_to 'Some Cool Admin Feature', cool_admin_path %></li>
This is what you're looking for if you're using Rails 4 with Devise 2.x. Note the () around :admin aren't necessary, I included them for clarity here as the '?' after the method seems to throw people that are new to ruby.
Another way to give admin privileges is to simply use <% if current_user.try (:email) == "admin#example.com" %> That always works for me. That way you don't have to worry about the whole system.
I have a very basic sign up and log in setup running and all I want to know if how to add a link at the very top of my root page that displays 'Log in' or 'Sign out' depending on whether the user is logged in or not.
I have tried various methods I have found on here but can't seem to get them to work as they often create undefined method errors.
What is the simplest way to create this?
Many thanks in advance for your help.
Tom
if you have a session variable where you save the id of the current user (i call it user_id) you could do it like this:
<% if session[:user_id] %>
<!-- user is logged in -->
<%= link_to logout_path %>
<% else %>
<!-- user is not logged in -->
<%= link_to login_path %>
<% end %>
that is what you have to change:
config/routes.rb:
resources :users
# login stuff
controller :sessions do
get "login" => "sessions#new"
post "login" => "sessions#create"
delete "logout" => "sessions#destroy"
end
app/views/sessions/new.html.erb:
# replace this line
<%= form_tag new_session_path do %>
# with
<%= form_tag login_path do %>
the login link is now:
<%= link_to "Login", login_path %>
the logout link:
<%= link_to "Logout", logout_path, :method => :delete %>
Not much of an answer but this Railscast was very helpful to me in learning about how authentication works in rails. The Railscast is Twitter login specific using OmniAuth but the process is much the same. He includes the dynamic links you asked about in his code.
http://railscasts.com/episodes/241-simple-omniauth