I'm trying to prevent rails from exposing the devise_token_auth registration route so that admins can only be created from the console.
My admin.rb looks like this:
class Admin < ActiveRecord::Base
devise :database_authenticatable, :confirmable,
:recoverable, :trackable, :validatable,
:omniauthable
include DeviseTokenAuth::Concerns::User
end
I'm not sure what I should put in my config/routes.rb to prevent rails from exposing the route.
Removing :registerable ,:omniauthable and :confirmable from the model should do the trick.
Try adding this to your routes as well:
mount_devise_token_auth for 'Admin', at: 'admin_auth', :skip => [:registrations]
Related
I am developing an app in Rails that will be integrated with facebook at the beginning of the session, but as I test the code, I get the following error.
uninitialized constant Users
I'm using Devise and omniauth-facebook
devise.rb
config.omniauth :facebook, "App ID", "App Secret", callback_url: "http://localhost:3000/users/auth/facebook/callback"
model/User.rb
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable, :omniauthable,
omniauth_providers: %i[facebook]
end
routes.rb
devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
root 'main#home'
I am using rails in its latest version (5.2.1) and ruby 2.5.1
with this code you should already establish a connection
I am running Rails 5.1 with Devise 4.2.1.
I have configured Devise confirmable:
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :trackable, :validatable
I have set the routes:
devise_for :users
I have generated views, and customized the sign up and confirmation.
I have also generated controllers, but not customized these, and don't refer to them in routes.
I have set authendicate user in my App Controller:
class ApplicationController < ActionController::Base
#Login user
before_action :authenticate_user!
When a user signs up he is redirected to sign in and not to confirmations/new.html.erb
What am I doing wrong?
I'm using rails_admin along with the devise gem, looks like everything is working fine with dashboard but whenever I switch to user it throw uninitialized constant User::Authentication raise NameError. new("uninitialized constant #{candidates.first}", candidates.first) error. https://i.stack.imgur.com/DWOP4.png This is my error screenshot. Any help will be appreciated.
Below is my user.rb file,
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_many :posts
has_many :comments
has_many :authentications
end
I struggled with this today while trying to namespace a model, and found that the basic search filters were to blame;
The problem was resolved as soon as I added a new filter; I'd say it's because adding a new filter removed the basic filters that created the issue... (here is an explanation on how to do it : https://activeadmin.info/3-index-pages.html)
I hope this will be useful.
I want to add a timeoutable model to devise after my initial configuration.
I enabled the config/initializers/devise.rb:
config.timeout_in = 30.minute
But where do I actually add the devise :timeoutable model?
After you install devise you need to configure model using built in generator
rails generate devise MODEL
example rails generate devise User. See this section
https://github.com/plataformatec/devise#user-content-getting-started
Once you have that inside app/models/user.rb you can add desired modules
class User < ApplicationRecord
devise :timeoutable, :database_authenticatable, :registerable,:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable
end
Hope it helps
I have two devise models: User and Member
As such, I'm specifying authentication keys on the models themselves instead of in the Devise initializer.
Member.rb
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :authentication_keys => [:email, :subdomain]
I also override
def self.find_for_authentication(conditions={})
debugger
conditions[:account_id] = Account.find_by_subdomain(conditions.delete(:subdomain)).id
super(conditions)
end
Unfortunately, when authentication_keys has multiple keys, my find_for_authentication method doesn't appear to be firing. Works fine when I specify just one key. Any thoughts?
subdomain should have been a request_key since it's part of the request.
request_keys => [:subdomain]