Rails Active Admin password without devise? - ruby-on-rails

On my rails app, it didn't use Devise because there is no need for registration. But I've added Active Admin to let my team create post etc.
But Devise isn't install so Active Admin is installed without password login for the admin page.
How can I add a login page for the active admin page ?

Use config.authentication_method = :authenticate_admin_user! and config.current_user_method = :current_admin_user in initializer settings. So, you need to define methods authenticate_admin_user! && current_admin_user in ApplicationController or change these methods names
Explanation: http://activeadmin.info/docs/1-general-configuration.html

Related

Setting up automatic password with Devise

I have setup Devise, I have set up the below code in my user.rb file
def self.create_auto_password
generated_password = Devise.friendly_token.first(8)
self.create(password: generated_password, password_confirmation: generated_password)
end
How can I get into the Devise registration controller to then call my new method which I have set up to auto generate a password?
You can access the devise controllers after installing Devise by running the following on your command line:
rails generate devise:controllers
This will generate a 'Devise' folder in your controllers folder. You can then modify the controllers as needed. It sounds like you would like to modify the registration controller to add the auto-setting password.
You can find more docs on their .git page here: https://github.com/plataformatec/devise

Defining Admins Rails

How can I define a method between Users and Admins? I am using Omniauth Twitter for my users but there are actions that I want to make sure users can not do if they are not admins. I have bundled the gem Active admin but because I am not using devise, any user can currently access the Admin dashboard.
If it were me, I'd create a role attribute on your User model, and have it default to say "customer" or whatever a default user is, but have the ability to set some user's role to "admin". You should be able to set that using Active Admin's edit page. Than create a custom method on your User model, or maybe create a helper method, whatever you prefer...something like:
def admin?
if self.role == "admin"
true
else
false
end
That way you wrap sensitive info (like info on your dashboard) in a user.admin? if statement.
if user.admin?
..display stuff..
end
Or check out this: http://activeadmin.info/docs/13-authorization-adapter.html

Optional password during authentication with Devise

If I've got a rails application and I'd like to add authentication to with Devise, how would I allow users who have a null password in the database to sign in without one?
I'm interested in hearing answers along the lines of the lifecycle and what files I'd have to author to get it done.
Step 1: Allow the record to be saved.
Step 2: Sign in the record
To allow the record to be saved, you'll want to do validations yourself. I describe here how to do custom validations: http://jessewolgamott.com/blog/2011/12/08/the-one-where-devise-validations-are-customized/ .... In your case, you'll want to remove the password validations.
To sign in the record, you'll need to have a custom sign in path. You can override the devise sessions controller, but this could do the trick:
class SessionsController < ApplicationController
def create
user = User.find_by_email!(params[:session][:email])
sign_in user
redirect_to root_path
end
end
It turns out, Devise is built on Warden. This means that I only have to create my own custom Warden strategy:
https://github.com/hassox/warden/wiki/Strategies

Devise separate sign out for two different models

I have two models User and Admin(with RailsAdmin) that use Devise. I sign in as user and then sign in as admin. But the result of signing out from one of that models is signing out of two models at the same time. How can I fix it?
Please, help :)
The problem was in one string in config/initializers/devise.rb:
Default:
# Configure sign_out behavior.
# Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
# The default is true, which means any logout action will sign out all active scopes.
# config.sign_out_all_scopes = true
Need:
config.sign_out_all_scopes = false
The scope of Devise is the entire application -- you sign in to the site, not a model. Perhaps you want to add the distinction of roles - a user may have one or more roles that allow them certain privileges. Devise just gets you an authenticated user. Consider a gem such as CanCan which provides support for "role based authorization".

Devise - Setting the scope when authenticating

I'm using devise for authentication. How can I set the sign-in scope? For example, say I only want to authenticate the user for the scope:
User.where(:active => true)
Am I being clear? It's simple, but I can elaborate more if needed.
(I realize there is a lockable module, but my actual scope isn't for active users, it's more like current_site.users, where the current_site is based off the domain)
Just overwrite these two methods in your User model to check if the active flag is true:
# Called by Devise to see if an user can currently be signed in
def active_for_authentication?
active? && super
end
# Called by Devise to get the proper error message when an user cannot be signed in
def inactive_message
!active? ? :deactivated : super
end
And in your devise.en.yml, add the proper error message:
devise:
failure:
deactivated: "Luke, I'm your father and your account was locked!"
You could use default_scope... but that might get in your way.
Why not override devise's find_for_database_authentication method? See the wiki.

Resources