I have been trying to sign in after signing out on my application using devise but I am having an issue with the cookies I think because I have to refresh my web page in order to sign in again. I tried using activerecord-session_store gem and I follow the steps to configure it. I mean, I installed the gem, I generated the recommended migration on the gem documentation and generated the table using rake db:migrate command, I also changes the session_store.rb file but I feel that I am missing something to make it work since I tried it and the same happens. Please help me if you feel I am missing something or if you have other solution for this problem. Many thanks in advance
You are probably getting a "Can't verify CSRF token authenticity" error. Can you check your server logs?
In your ApplicationController please add the following and check if you get an error.
protect_from_forgery with: :exception
Related
Using the devise_token_auth gem, I am making a rails-based API in which I am trying to reset my password using email.
On opening the email with reset link, I get this Error:
uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt
The code points to Api::V1::Overrides::PasswordsController#edit
tokens[client_id] = {
token: BCrypt::Password.create(token),
expiry: expiry
}.merge!(token_extras)
What can I do to make my reset link to go onto my reset form?
I am following this for PasswordsController action
Tried checking github but there no one actually has faced this sort of error and I cannot rectify it.
P.S. I am not an experienced Ruby developer.
Probably just missing the bcrypt gem, e.g. add this in your Gemfile:
gem 'bcryt`
I'm pretty new to rails and I'm beginning with rails-api.
Right now i'm trying to add authentication through doorkeeper using resource owner password credentials.
But when im going to the /oauth/applications page to set a new app to add my frontend for exemple, i get an error about an authenticity token:
ActionController::InvalidAuthenticityToken in Doorkeeper::ApplicationsController#create
As it's a page implemented in the doorkeeper gem itself, isn't it suppose to work by itself?
Does any one know what's going on and how to solve it?
Thank you guys
This is due to the forgery protection enabled by default by rails.
If you're working on an API only, my guess is that you can simply turned it off in the environment file (test/developpement/production.rb) by adding this line :
config.action_controller.allow_forgery_protection = false
Cheers.
It's an incompatibility with rails-api and doorkeeper.
My project are being started and based on this and other things, I've chose grape instead of rails-api. It works for me!
If you can do this, I can't help you now!
tip: Enjoy with grape!
I have created an ember-cli project (v 0.1.12) with ember.js (v 1.8.1) and Rails. Than I tried to install:
https://www.npmjs.com/package/ember-cli-simple-auth-token
but when I run the login POST the server responds to me with this error:
Can't verify CSRF token authenticity.
I notice that it sends only username and password, without token. What's going on here?
The short answer is that you can fix that issue in the development setting by disabling CSRF tokens all together. You wouldn't use that in production but you can at least disable it to confirm that the issue gets fixed. In the application_controller.rb file, remove: protect_from_forgery line. Also go to your session_store.rb file in initializers and set:
# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :disabled
Once you get things working, you can re-add the protect_from_forgery line as so:
protect_from_forgery with: :null_session
I've installed the gem Pundit in my Rails app, and have followed the instructions in the README carefully.
However, when I use authorize in any of my controllers, I get the error message "undefined method 'authorize' for .
Also, when I try to use "policy" in a view, I get the error "undefined method 'policy'".
It's as if Pundit weren't installed at all!
I've included Pundit in my Application Controller.
I have an ApplicationPolicy file with all of my policies, then policy files for each type of record that inherit from the Application Policy.
For some reason, I can't paste any of my code into this question, so I'm hoping I've included enough information!
I'd appreciate any thoughts.
I have recently used pundit and it worked like a charm.
your error messages makes me infer that you've not run install
rails g pundit:install or your policies file are not in correct directories.
or if they are then Just restarting the server should fix this. Hopefully.
For me, I was missing include Pundit at the top of my ApplicationController. Adding that line fixed it.
You need to generate a default policy file for your application with the pundit:install generator.
rails g pundit:install
create app/policies/application_policy.rb
I'm using OmniAuth with Devise to allow users to login with facebook or to create a normal account with a username and password. When I originally set it all up I used the excellent directions from Railscasts. Everything was working very nicely for 2+ months but just the other day the facebook login stopped working. OmniAuth sends you away to the authentication with facebook and then returns with: http://localhost:3000/auth/failure?message=invalid_response
Google has no suggestions on what causes this error or how to fix it and the OmniAuth docs don't either. I've tried digging through their code as well but the only mention of this error I've found is this, in /oa-oauth/lib/omniauth/strategies/oauth.rb:
rescue ::MultiJson::DecodeError => e
fail!(:invalid_response, e)
end
Has anyone ever seen this error!? Know what it is or how to fix it?! This is keeping me from launching this application so any help would be very very appreciated!
Thanks,
JG
I've been running into this error in the same situation. Devise is rescuing an unrelated Exception and handling it as an auth failure. I preempted Devise by handling the exception in the controller:
# authentications_controller.rb
def create
omniauth = request.env["omniauth.auth"]
# Blah
# blah
# Blark!
rescue Exception => e
# Just spit out the error message and a backtrace.
render :text => "<html><body><pre>" + e.to_s + "</pre><hr /><pre>" + e.backtrace.join("\n") + "</pre></body></html>"
For anyone else that finds this via google, heroku_backup_task was the culprit for me. When we add that to our gemfile, OmniAuth decoding fails leading to this error. I assume it's some json conflict.
Not sure why it doesn't happen on 1.9.2, but I can confirm that upgrading to 1.9.2 fixes it, but can cause other issues in your app if all your gems don't play nice, and downgrading heroku appears to be a no-go. I'm going to have to destroy and re-create my app now that I've discovered the issue.
Ok,
I'm not sure why this has worked but it has so I'll post here in the effort to help someone else that ends up with this issue.
I upgraded my app to use ruby 1.9.2 (way of the future!) and bang, it just worked again. No idea why but hey sometimes that's just the way it goes.
Upgrading was really easy though. I was sparked into upgrade action by this dhh tweet & found this and this to be really helpful resources in making sure your 1.8.7 code will work in 1.9.2. Props to heroku as well for making it so easy to upgrade an app.
I have had same problem and, I think I find out the solution.
In Tutorial, RailsCast #235 gives authentications_controller.rb
def create
auth = request.env["rack.auth"]
current_user.authentications.find_or_create_by_provider_and_uid(auth['provider'],
auth['uid'])
flash[:notice] = "Authentication successful."
redirect_to authentications_url
end
but,
auth = request.env["rack.auth"]
is no longer exists in omniouth 0.2.3
auth = request.env["omniauth.auth"]
is correct.
OK, so, sorry to post to such an old question, however having followed the Railscasts tutorial for this I was getting the same error. I have come to the conclusion that the error handling of the omniauth-twitter gem is causing the confusion, because it hides the underlying errors. I solved the problem by adding the omniauth-facebook gem to my app and authenticating with this. This quickly uncovered the root error in my app, which was that I had put the User.create_with_omniauth method into the user controller rather than the model, a newbie error but easy to resolve. My error was easy, and somewhat irrelevant, by using the facebook gem, the error handling allowed me to understand the problem and resolve quickly. If you are struggling with this problem, try facebook or another provider and see if you can get to the root problem more easily, and certainly avoiding some of the more complex issues such as upgrades to ruby!