warden authentication returning 401 - ruby-on-rails

warden.authenticate!(auth_options)
working fine for these params:
{"utf8"=>"✓",
"authenticity_token"=>"5BMAUoZLUEgPZBVOAcQ8lFD4+pumP9kEvvXyelbnjeO36AZJQt2oRlraicQ6quvh/dccS0ELUkxjACgFcWFYAg==",
"user"=>{"email"=>"vijay#xyz.com", "password"=>"xyz",
"phone"=>"9443429932"}, "action"=>"create", "controller"=>"sessions",
"format"=>"json", "session"=>{"user"=>{"email"=>"vijay#xyz.com",
"password"=>"xyz", "phone"=>"9443429932"}}}
but failing for these:
{"utf8"=>"✓",
"authenticity_token"=>"/ly2phwfsD3HEVkHK39ajYQGv6R4uj2z3B+3eiZEU0qtp7C92IlIM5KvxY0QEY34KSlZdJ+OtvsB6m0FAcKGqw==",
"user"=>{"phone"=>"9443429932", "password"=>"xyz",
"email"=>"vijay#xyz.com"}, "action"=>"create",
"controller"=>"sessions", "format"=>"json",
"session"=>{"user"=>{"phone"=>"9443429932", "password"=>"xyz",
"email"=>"vijay#xyz.com"}}}
The data is the same in both cases except for the order.
Stuck with this for long.
here is the log:
Started POST "/users/sign_in.json" for 127.0.0.1 at 2017-04-10
10:53:07 +0530 Processing by SessionsController#create as JSON
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"XVMbYLTgv4eFbv9pX5lJD3U6DHF17o18rVIjqQLo4skOqB17cHZHidDQY+Nk95562BXqoZLaBjRwp/nWJW43KA==",
"user"=>{"phone"=>"9443429932", "password"=>"[FILTERED]"},
"session"=>{"user"=>{"phone"=>"9443429932",
"password"=>"[FILTERED]"}}} User Load (0.3ms) SELECT users.* FROM
users WHERE users.id = 12422916 AND (invitation_token is null)
LIMIT 1 Completed 401 Unauthorized in 15ms

Found the issue.
warden is reading the params from request.params
I have edited the params, but it was not reflecting in request.params.
request.params[:user].merge!(params[:user])
This fixed the issue.

Related

Debuging Devise in simple Rails app

I configure Devise gem for Rails and in code it seems look OK but when I'm trying to register new user I have the problem.
In register form Devise show notice:
Please review the problems below:
but that's all. Nothing specific message. Where I should looking for first? How to debug something like this?
Any suggestions?
Log from rails server:
Started POST "/auth/register" for 127.0.0.1 at 2014-09-14 17:09:13
+0200 Processing by Devise::RegistrationsController#create as HTML Parameters: {"utf8"=>"✓",
"authenticity_token"=>"iRsLU68tBckSzK1tupMoXZQlGw7xOuzMlfuiIVVs+rc=",
"user"=>{"email"=>"test#test.com", "password"=>"[FILTERED]",
"password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
(0.2ms) BEGIN User Exists (0.4ms) SELECT 1 AS one FROM "users"
WHERE "users"."email" = 'test#test.com' LIMIT 1 (0.2ms) ROLLBACK
Rendered devise/shared/_links.haml (0.5ms) Rendered
devise/registrations/new.html.haml within layouts/application (15.9ms)
Completed 200 OK in 121ms (Views: 24.2ms | ActiveRecord: 0.8ms)
And when I try log in:
Started POST "/auth/login" for 127.0.0.1 at 2014-09-14 17:10:23 +0200
Processing by Devise::SessionsController#create as HTML Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"iRsLU68tBckSzK1tupMoXZQlGw7xOuzMlfuiIVVs+rc=",
"user"=>{"email"=>"test#test.com", "password"=>"[FILTERED]",
"remember_me"=>"0"}, "commit"=>"Sign in"} User Load (0.7ms) SELECT
"users".* FROM "users" WHERE "users"."email" = 'test#test.com' ORDER
BY "users"."id" ASC LIMIT 1 Completed 401 Unauthorized in 2ms
Processing by Devise::SessionsController#new as HTML Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"iRsLU68tBckSzK1tupMoXZQlGw7xOuzMlfuiIVVs+rc=",
"user"=>{"email"=>"test#test.com", "password"=>"[FILTERED]",
"remember_me"=>"0"}, "commit"=>"Sign in"} Rendered
devise/shared/_links.haml (0.4ms) Rendered
devise/sessions/new.html.haml within layouts/application (9.8ms)
Completed 200 OK in 106ms (Views: 15.4ms | ActiveRecord: 0.0ms)
I debug these things by inspecting the object.errors
In this case, try to
raise #user.errors.inspect
Somewhere after the save in the create method

401 Unauthorized using devise after adding theme

I have the error Completed 401 Unauthorized in 99.0ms after adding a template in rails 3.2 app and i was signing in from /users/sign_in URL.
Also, i did not change anything like authenticate by "name" but using the defaults authentication by email address.
Does anyone encounter this problem when signing in?
The error is:
Started POST "/users/sign_in" for 127.0.0.1 at 2014-08-05 12:04:19 +0800
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<removed>", "user"=>{"email"=>"zaihan#clixster.net", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
ESC[1mESC[35mUser Load (1.0ms)ESC[0m SELECT `users`.* FROM `users` WHERE `users`.`email` = 'zaihan#clixster.net' LIMIT 1
Completed 401 Unauthorized in 14.0ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<removed>", "user"=>{"email"=>"zaihan#clixster.net", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Rendered devise/sessions/new.html.erb within layouts/application (38.0ms)
Rendered layouts/_navigation.html.erb (1.0ms)
Rendered layouts/_footer.html.erb (1.0ms)
I have found the solution. Make sure you do not have
attr_accessor :password
or your password field for devise in database would be empty.

devise error message when wrong username/password

My problem is that I do not see any error messages when Devise sign in failed. When this happens I got redirected to Devise::SessionsController#new which is not setting any errors
Started POST "/users/sign_in" for 127.0.0.1 at 2014-08-17 06:30:59 +0300
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"4ZgT4DtyyNYNGHRbwCVASolL3CQEqIeMtPlOOy7EBik=", "user"=>{"username"=>"setdddd", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Войти"}
Completed 401 Unauthorized in 3ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"4ZgT4DtyyNYNGHRbwCVASolL3CQEqIeMtPlOOy7EBik=", "user"=>{"username"=>"setdddd", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Войти"}
[]
Rendered devise/shared/_links.erb (0.1ms)
Rendered devise/sessions/new.html.erb within layouts/application (40.0ms)
Rendered application/_header.erb (0.5ms)
Rendered application/_footer.erb (0.0ms)
Completed 200 OK in 50ms (Views: 47.8ms | ActiveRecord: 0.0ms)
So the question is are there any switches in devise configuration that allow me to show error message to user, not just a redirect?
Are you outputting your flash messages where appropriate? It looks like devise sets flash[:notice] and flash[:alert] depending on the situation (i.e. failed login, etc). It's up to you to ensure that you output those values to your page. See the devise README for more details.

Devise with jquery-mobile, how handle error messages?

In app with (Gemfile ):
gem "devise", ">= 2.1.2"
gem 'rails', '3.2.8'
gem 'jquery_mobile_rails'
Before add jquery-mobile, all works fine, when enter invalidad data i got the page with a error message and log :
Started POST "/users/sign_in" for 127.0.0.1 at 2012-11-28 12:01:13 -0500
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"jLtHS2q0wO+tgswm9VM2/EiuTiq7J9Wwp8d65t/RSGE=", "user"=>{"email"=>"", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Completed 401 Unauthorized in 0ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"jLtHS2q0wO+tgswm9VM2/EiuTiq7J9Wwp8d65t/RSGE=", "user"=>{"email"=>"", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Rendered devise/shared/_links.html.erb (0.8ms)
Rendered devise/sessions/new.html.erb within layouts/application (3.2ms)
Rendered layouts/_navigation.html.erb (0.5ms)
Rendered layouts/_messages.html.erb (0.0ms)
Completed 200 OK in 29ms (Views: 28.9ms)
After add jquery-mobile, when login with correct data works fine, but with invalid data i get 401 and dont redirect noting . In the http response (view with firebug ) show only the message with the error like "invalid email" (not html code nor json) and jquery-mobile show "Error loading page".
Started POST "/users/sign_in" for 127.0.0.1 at 2012-11-27 21:32:45 -0500
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"EYx56pui4v6trcuzmXQuhzY2BDHwqrADepKuySx9ub0=", "user"=>{"email"=>"test#test.net", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Completed 401 Unauthorized in 0ms
I have default devise controller and default views generated.
How handle errors message of devise with jquery mobile ?
Only not use ajax with jquery-mobile and devise for default.
In config/initializers/devise.rb
# If http headers should be returned for AJAX requests. True by default.
config.http_authenticatable_on_xhr = false
Another solution is to add
:html => {:data => {:ajax => 'false'}}
to the form in question so jQM doesn't hijack it and turn it into an ajax request.
Please see my full answer for the same question https://stackoverflow.com/a/14595607/64669

RoR Rails 3 Devise::SessionsController fails to authenticate existing user

I'm starting the app at http://localhost:3000/users/sign_in
accept user / password; posting
device fails to authenticate my user and jumps into #new
#new render sign_in again, so I am in a loop.
here is the log:
Started POST "/users/sign_in" for 127.0.0.1 at 2011-10-30 17:49:33 -0700
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"NhVu4CQwhatever+CAErP19YVIkz0lIz3qEERac=", "user"=>{"email"=>"abc#def.com", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Sign in"}
Then it runs the SQL to fetch the user. copy/pate to postgresql, the 'select' fetch my user record. it definitely exists**
[1m[35mUser Load (5.0ms)[0m SELECT "users".* FROM "users" WHERE "users"."email" = 'abc#def.com' LIMIT 1
The next log entry: jumps to #new - as if the user do not exist
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"NhVu4CQwhatever+CAErP19YVIkz0lIz3qEERac=", "user"=>{"email"=>"abc#def.com", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Sign in"}
Rendered devise/sessions/new.html.erb within layouts/application (4.0ms)

Resources