I am working on ruby on rails, and using devise for authentication. By enabling :timeoutable session is timing out and redirecting to root_path after certain time. But I need to redirect to a different path like new_session_path. Is there any devise call back function for timeout redirect or some configuration for redirect path.
Please anyone help, Thanks in advance.
You can override the after_sign_out_path_for method. Add this method in your ApplicationController as a private method:
def after_sign_out_path_for(resource)
root_path
end
Take a look at devise wiki for details.
I have implemented the devise gem on my app and I want to redirect to a specific path after sign_up. I have this method in the registration_controller.rb but its does not work, it redirects to the root path instead of the specified path. I also have devise :confirmable set up but I'm delaying the sent confirmation email until later.
def after_sign_up_path_for(resource)
new_transaction_path(session[:registration_params])
end
And returns the following flash notice: translation missing: en.devise.registrations.store.signed_up_but
How can I make this work?
You must be over riding the method in another file. Try searching project wide for after_sign_in_path_for. I have the following in my application controller working perfectly:
class ApplicationController < ActionController::Base
def after_sign_in_path_for(*)
cms_path
end
end
Where cms_path is a named route in my routes file. If yours isn't working you must be over riding it somewhere else.
I got this to work by adding the following on the registration_controller.rb
def after_inactive_sign_up_path_for(resource)
new_transaction_path(session[:registration_params])
end
I am using Devise 3.2.0 for authentication and found an issue when I do the following:
tab 1: sign in to app
tab 2: go to any page in the app
tab 2: sign out (success)
tab 1: sign out (failure - see exception below)
Exception raised:
ActionController::InvalidAuthenticityToken in Devise::SessionsController#destroy
In the development log I see:
Can't verify CSRF token authenticity
And the top three lines of the stack trace are:
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.0.0) lib/action_controller/metal/request_forgery_protection.rb:163:in `handle_unverified_request'
actionpack (4.0.0) lib/action_controller/metal/request_forgery_protection.rb:170:in `handle_unverified_request'
devise (3.2.0) lib/devise/controllers/helpers.rb:198:in `handle_unverified_request'
How can I ensure successive sign outs don't raise an exception?
Here is whats happening,
When you initially signed out from tab 2, session and authenticity_token associated with the logged in user was destroyed.
When you try to sign out from tab 1, Devise again tries to destroy the session using the authenticity_token which was destroyed on tab 2.
Hence, you get the error ActionController::InvalidAuthenticityToken as devise fails to authenticate using the given authenticity_token.
You only get one unique session per sign in, if that gets destroyed you'll have nothing to destroy again.
EDIT
This behavior is not provided by Devise. If you wish to implement such behavior you will have to override SessionsController.
Create a sessions_controller.rb file in app/controllers/users directory
class Users::SessionsController < Devise::SessionsController
prepend_before_filter :verify_user, only: [:destroy]
private
## This method intercepts SessionsController#destroy action
## If a signed in user tries to sign out, it allows the user to sign out
## If a signed out user tries to sign out again, it redirects them to sign in page
def verify_user
## redirect to appropriate path
redirect_to new_user_session_path, notice: 'You have already signed out. Please sign in again.' and return unless user_signed_in?
end
end
Update routes.rb
devise_for :users, :controllers => { :sessions => "users/sessions" }
A simple solution to this problem could also be allowing sign outs via GET rather than DELETE. In devise.rb you can simply change to:
# The default HTTP method used to sign out a resource. Default is :delete.
config.sign_out_via = :get
paste this in the layout:
<%= csrf_meta_tags %>
If you are still having this issue as i did in Rails 5 and devise 4.4.1, in the app/controllers/application_controller.rb change
protect_from_forgery with: :exception
to
protect_from_forgery with: :null_session
hope it helps.
You can change strategy of verify csrf token.
In rails 3 the default strategy when verify is failed, is return a null session. In rails 4 was changed the strategy in application_controller to return a exception.
I solve this, changing in my application_controller.rb
class ApplicationController < ActionController::Base
- protect_from_forgery, with: :exception
+ protect_from_forgery
This way, use the default strategy.
This bug was fixed in devise 3.3.0.
see the change log for 3.3.0
see the file changes in pull request #2968
note already_signed_out in config/locales/en.yml
Kirti is exactly right. I've had this problem yesterday but with a custom authentication solution. If this is really a problem that you want to fix, you could figure out how to override Devise's signout action and add skip_before_filter :verify_authenticity_token for that action.
I have overwritten after_sign_in_path_for in my application controller as follows:
application_controller.rb
def after_sign_in_path_for resource
case resource
when User
blah
when Admin
blah
end
end
This works when the user signs in via the sign in page. But after_sign_in_path_for method doesn't get called at all when a user is signed in via Devise's Token Authenticatable module. The user gets taken to the root_path. How can I change this?
I'm using Rails 3.2.0, ruby 1.9.3p194 and Devise 2.1.2.
I would advise you to take a look at Devise's own ConfirmationsController, it looks to me like its calling after_sign_in_path_for, and the resource would be user I would assume. But it may take overriding that Controller with your own, so you could log the resource before you'll know for sure.
How do i redirect to a specific page on successful login and successful registration?
I tried this in my routes file but it still redirects to user/login
namespace :user do
root :to => "welcome#index"
end
tried the devise wiki how-tos but no success...
edit: using devise 1.1.rc1 and rails 3.0.5
You can override after_sign_in_path_for to redirect to specific location after sign_in using Devise.
Try this in your application_controller.rb
def after_sign_in_path_for(resource_or_scope)
dashboard_path
end
Where dashboard_path might be the path you want to redirect the user to after sign_in.