I need to have a custom mechanism for signing in using Devise with Rails 4. So I found the sign_in method in Devise's test helpers section of their documentation:
sign_in #user # sign_in(resource)
But is that the proper way to sign someone in from the web? In particular, will it do all the things Devise does when a user signs in, like recording the date/time stamps, IP addresses, sign in counts, etc? Or is this just for testing purposes?
Devise offers a bunch of helpers, two of which are these:
sign_in(resource_or_scope, *args)
sign_in_and_redirect(resource_or_scope, *args)
You can use these from any controller.
If using sign_in already works for you but leaves the user on a blank page, check your logfile to see if there is a redirect going on, and where it redirects to. Or just make the redirect explicit by using the second of the helpers above.
References:
https://stackoverflow.com/a/8123646/2034097
It is the proper and standard way to programatically sign a user in. Looking at the devise login code sessions#create you can see they use this method as well.
Long story short: Yes, sign_in #user does all the things that devise would normally do when a user signs in. It could be useful, for example, allowing an Administrator to sign in as one of their users.
How To: Sign in as another user if you are an admin
Related
I'm using Rails 4.0 and Devise 3.3.0
I have two sign_in flows I'd like to provide. One that is the usual sign_in and another that transfers a bunch of photos a guest_user uploaded to the current_user's account. I have the functionality working for each of these so that isn't a problem.
For the guest -> signed_in flow, I basically want to sign the user in and then transfer the content.
It looks like:
def sign_in_and_save (resource_or_scope, *args)
super
move_content guest_user, current_user
end
The problem is I'm not sure how to tell Devise to use this method for this scenario instead of the usual sign_in flow. I could modify the current sign_in method, but I would still have to pass a parameter in the form (I'm assuming) to tell the method there is a special case.
The views are the same. In scenario 1 I display: Sign In and scenario 2 I display: Sign In and Save in the navigation.
Is there a preference and why and how would I go about it?
I have three Devise User types: Admin, User and Subscriber. I would like to ensure that if a User signs in (or registers), any current_admin or current_subscriber is signed out, and likewise for each of the other user types, so essentially only a single user type can be signed in at one time.
It doesn't seem that Devise handles this out of the box. Handling this in a subclassed sessions controller doesn't seem like the correct approach as this would not work in cases where a user was signed in after registration.
It appears that Devise:DatabaseAuthenticatable::after_database_authentication might be appropriate. But this means exposing Devise ..._signed_in? to each user type model. And this doesn't really belong in a model anyway.
# Post authentication hook
def after_database_authentication
sign_out current_user if user_signed_in?
sign_out current_subscriber if subscriber_signed_in?
end
However placing the logic in a subclass of the Devise::SessionsController isn't much good as this will never get run during/after registration.
How should I handle this?
In admin section, I'm showing a list of currently logged in users.
Now admin can select one or more user/users and destroy their session(logout them).
I'm not able to figure where to start from,please help me.
You can use the sign_out method in the controller action by passing in the user object:
# Make sure only admins can do this
def sign_out_user
#user = User.find(params[:id])
sign_out #user
end
More info here:
http://rubydoc.info/github/plataformatec/devise/master/Devise/TestHelpers%3asign_out
Considering users is the collection of your required users,
for user in users
sign_out user
end
It should solve your issue.
Hope it helps :)
The sign_out method provided by Devise won't help. I know the documentation says that it will logout the "resource" you requested, but if you dig into the gems themselves (devise and warden) you'll find that when you give it an object, like a user, it merely figures out what scope (ie, :user) that object belongs to, and it logs out that entire scope.
A scope in Devise is a namespace for logins. You might have a Customer model that requires logins, but also a Vendor model that also requires logins, and you'd use different scopes for those. Most applications only use a single scope, tied to the User model.
You're probably using :cookie_store for your session storage, which is the Rails default. In this case, it isn't possible to log out any single user except yourself. Devise stores your login info in the session, which is stored in a cookie, and not in your database. Their browser has the credentials, so you can't directly remove that.
How can I create a method that will navigate the visitors to a registration path before (s)he signs in or signs up?
Use a before_filter on your controllers to ensure that users are signed in, with the default action of redirect to registration if they are not.
There is a Gem called Devise which is very useful for authentication and is well worth the effort of learning it.
Another good place to go is http://ruby.railstutorial.org/ruby-on-rails-tutorial-book
This will give you an excellent grounding in Rails
I know that in the config/locales I can change the text used with the Rails Devise gem for various flash messages (sign_in/sign_out/etc).
My question is, can I make that conditional based on perhaps a variable or something.
Currently during sign_out process, Devise will automatically put a flash message for a successful sign out. There are times in my app when I force the user to logout (e.g. their membership expired). I currently force the logout, but then it's popping up with the "Signed out successfully." I want keep that message when in fact they do sign out themselves, but put a notice up about their membership if the app forces them out.
I think there is a better idea is you should need to override controller of devise and then set any flash message as you wish.
this will help you
Override devise registrations controller