I'm using devise for user authentication. I would like to create a component to be able to respond to a user logging in. Does devise have user events or something similar?
You can check out the pages here: Devise Wiki Pages. You can do things like redirect to certain pages. Additionally, when someone is logged in, so you can always check the current_user method provided by devise and see if it returns nil or a user.
Specifically look at redirecting on signin/signout. You can redirect to a controller action that does what you want.
Related
We use devise on our rails app in order to deal with sign-in and authentication. Basically, the process is quite straightforward: you sign up, get the confirmation email with the link pointing to a route such as path/page/confirm/token. Once authenticated, the user is redirected to page/login in order to enter his login/password and access the service.
Right now, we would like to login automatically the user that clicks this link right after he reaches the page/confirm/token.
I've been investigating, and it seems like a method that was initially used by people after devise 3.1 to have this behavior:
config.allow_insecure_sign_in_after_confirmation = true
I was planning to use this in the initializers/devise.rb, but unfortunately it also seems like it have disappear from devise methods, I ran these commands on console to check:
gem install devise
pry
require 'devise'
Devise.methods
... no allow_insecure_sign_in_after_confirmation method there.
I might try to do this manually in the confirmation controller with something custom like:
def show
u = User.find_by(confirmation_token: params[confirmation_token])
sign_in(u)
end
But unfortunately, again, it's not working as expected.
Any input is appreciated.
I am new to ruby and rails and so far I managed to setup user management using devise. Right now I am trying to integrate support for mobile Android and iOS apps. So far it is possible for them to login and logout and get an authentication token. But in addition to that I would also like them to be able to register.
Now, as I understand it I have to do a post to
http://localhost:3000/users/sign_up
How does this post look like? And how do I get a JSON response? I found this on stackoverflow.
"utf8=✓&authenticity_token=n5vXMnlzrXefnKQEV4SmVM8cFdHDCUxMYWEBMHp9fDw%3D&user[email]=asd%40fasd.org&user[password]=321&user[password_confirmation]=1233&commit=Sign+up"
Unfortunately this does not work - I am getting the message "Bad request". I also do have a couple of questions about this example. What is the authenticity_token for? How do I get one? This is not the devise token authentication I guess as the user is not even in a position to have one at this point.
Also, after a successful login I would like to bundle the "registration successful" message with a generated devise authentication token. So I guess I have to somehow extend devise`s existing registration controller.
Thank you very much in advance!
Devise already has all this setup. Based on your signup path, I infer that you mounted Devise onto http://localhost:3000/users. Devise includes all the controllers and views that are required, including the log in form, the sign up form, the email confirmation form and the password reset forms.
GET http://localhost:3000/users/sign_up is actually a form for users to signup at. The form on that page will POST to http://localhost:3000/users/, which goes to Devise's registration controller's create action.
Assuming there is no action/view already at /users/sign_up, the sign up form should be there, go check if it is there (assuming you set up devise_for correctly in your routes.rb file).
I'm using Devise with multiple scopes (in this case, a user scope and an admin scope) and admins are able to 'become' a user using the approach on the Devise wiki. This works well, except that I have one particular page that requires the use of an auth token that causes a problem with a session logged in under both a user and admin scope. The page generates a POST to a controller that requires a user to be logged in using the user auth token. The POST succeeds, but afterwards, the admin scope has been signed out. (Meaning that admin_signed_in? returns false.) Other pages that execute POSTs to the same controller without requiring the auth token work as expected without logging out the admin scope.
I suspect that something is going on with token_authenticatable where the authentication of any scopes other than the one associated with that specific token are logged out. I've searched for references in the devise gem source to both the devise sign_out and warden logout methods that could be invoked as part of the token_authenticatable functionality and wasn't able to find anything.
This is happening with Devise 1.3.4. Any help is appreciated.
In case anyone else is looking for a solution to this, I found that the before_filter/after_filter approach I described in the comment to my question seems to work fine. I think that a better, more general solution to this would be to make a change to the devise gem and underlying calls to warden, but didn't have time to make those changes for this particular problem yet.
Normally, when a controller action requires authentication due to the authenticate_user! before filter, the user gets redirected to /users/sign_in.
Is it possible to redirect the user to a different log in page? One that I build, it's my own controller and action for just displaying the forms. It's called log_in_or_register so you can imagine what it does.
Here's how you set a different page on authentication failure:
https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated
Does the wiki article help?
https://github.com/plataformatec/devise/wiki/How-To:-Change-the-default-sign_in-and-sign_out-routes
I'm using devise on rails 2.3 and need to have a form that is available both public and private - for logged in users and those who are not logged in. Both users should see it, but only logged in users can post the form.
I would like to achieve that when an anonymous user has filled it and posts the form, then devise shows him the login page, he logs in and the contents of the form are posted.
Right now when I make the create action (to which the form posts itself) private, then devise would show him the login screen and remember where he came from - save the url to
session[:return_to] and it redirects him back to the form.
Is there some other way than monkeypatching devise to do that?
I believe that Devise you will not be able to get Devise to post to a location on a successful login without some hacking of Devise.
However, since you are saving the url in the session, you could easily also save the post data in the session as well, then just check for it when you are redirected back. Also make sure that you delete it from the session once it has been used.