How can I sign a user out without their session (i.e. they're not the current_user).
I've tried the sign_out(user) controller helper, but that seems to sign out the current_user regardless of the user it's passed.
I can't seem to find a relationship between the sessions table and the users table either.
I'd appreciate any help.
try sign_out #user
where #user is the user instance which admin wants to logout
Related
I have a panel with many registered users. I want a link for each user, when I click on the link, I log in that account, without the password.
As the resellers systems do. The reseller admin log in the account of the customer account (Parallels Plesk do it).
All the users were registered with Devise.
Is that possible?
yes. it's possible. just call the same method you call to create a session for the user. the link would be something like (you'll need to make sure the path agrees with the one you're using):
Sign In
with something like this in the controller:
def sign_in_as_user
if current_user.admin?
user = User.find(params[:user_id])
sign_in(user)
redirect_to '/wherever'
else
redirect_to '/'
end
end
I'm using Devise for user authentication in a rails application, and so certain routes are wrapped in a authenticate tag to allow access only to users who are logged in.
authenticate :user do
post '/user/orders/new', to: 'user/orders#new', as: :new_user_order
end
For example, when a user tries to create a new order when they're not logged in, they're redirected to a sign in page.
What I want is for the user to be directed to the new order page after logging in.
Currently, we're using request.referrer which redirects the user back to the page they were on before trying to create a new order. I can't seem to figure out a way of getting the path they were targeting before being sent to sign in.
Anybody know how I could do this?
Thanks
You need to provide a before filter for user authentication in the controller and not mention it in routes . Just put the following code in the controller and it should redirect to sign-up if the user isn't logged in -
before_filter :authenticate_user
You need to override Devise's after_sign_in_path_for(resource_or_scope) method, you can do it in application controller
def after_sign_in_path_for(resource_or_scope)
# new_order_path
end
Hope that helped!
You can persist the last url - in session[:bookmark] and by doing something like this -
prepend_before_filter :set_bookmark
def set_bookmark
session[:bookmark] = request.url
end
And within SessionsController, you can use value of session[:bookmark] if it exists or after_sign_in_path_for
I'm trying to update an attribute for the current_user after signing out with devise.
If I use after_sign_out_path_for(resource) the current_user is nil.
When I use Warden::Manager.before_logout works fine just when there is an user signed in.
I have problems with this because I have an API and a client in the same application (client creates, updates, delete, etc through the API)
Is there another way to do it? Maybe a custom action?
Just an idea.
Store the user id in a cookie.
In the after_sign_out_path_for(resource) method, find the user object from this cookie and change the attribute.
def after_sign_out_path_for(resource)
user = User.find(cookies[:user_id])
user.update_attributes(some_attribute: false)
root_path
end
I am using Devise gem for authentication. In my users table there is a status column for active and inactive status. What i want to do is something of type in application controller:
before_filter :check_user_status
def check_user_status
if #current_user.status == "inactive"
#destroy user session
redirect_to new_session_path
end
User will be able to access any controller if he is active otherwise he should be redirected to login page. I want this to be in application controller so that check_user_status be executed first before any controller action.
You should check out the active_for_authentication? method to realize this. Look at the documentation to find out more details and an example.
I'm using Restful Authentication and I'd like to be able to log in as different users on our site to investigate issues they may be having ("see what they see"). Since all passwords are encrypted I obviously can't just use their passwords.
So, how can I force a session to be logged in as a specific user?
In your sessions_controller add action impersonate like this:
def impersonate
user = User.find(params[:id])
logout_killing_session!
self.current_user = user
flash[:notice] = t(:logged_in)
redirect_to root_url
end
Then in your routes extend session resource with the member impersonate:
map.resource :session, :member => {:impersonate => :post}
Finally, somewhere in your admin views add a button to each user called "Impersonate". It will have to look something like this (assuming that user is in local variable user):
<%= button_to "Impersonate", impersonate_session_path(:id => user.id) %>
Using this approach you also avoid overriding any tracking data such as time of the last login, etc.
P.S. Don't forget to require admin for impersonate action in sessions controller.
Simply override session[:user_id] with the id of the user you want to be. One easy way is to have the user log in as an admin and then give them a drop-down of usernames. When they submit the form, have the controller set session[:user_id] and then reload current_user. The admin will then 'become' that user.