I use devise for rails 3.2 for authentication. I've changed the default routes from devise to:
devise_scope :user do
get 'signin' => 'devise/sessions#new', :as => :new_user_session
post 'signin' => 'devise/sessions#create', :as => :user_session
match 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session,
:via => Devise.mappings[:user].sign_out_via
end
Now my sign in and sign up form is on the root site. How can I avoid to access 127.0.0.1:3000/signin but grant access to only 127.0.0.1:3000
when i remove it, i will get an error message like this
oMethodError in Authentication#welcome
Showing /Volumes/Develop/login_app/app/views/authentication/welcome.html.erb where line #6 raised:
undefined method `user_session_path' for #<ActionDispatch::Routing::RoutesProxy:0x007ffb4d711a10>
Extracted source (around line #6):
i have sign_in und sign_up on the root site..looks like this
<h1>Hello</h1>
<h2>Sign in</h2>
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
<div><%= f.label :password %><br />
<%= f.password_field :password %></div>
<% if devise_mapping.rememberable? -%>
<div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
<% end -%>
<div><%= f.submit "Sign in" %></div>
<% end %>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
<%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
<% end -%>
<h2>Sign up</h2>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
<div><%= f.label :password %><br />
<%= f.password_field :password %></div>
<div><%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %></div>
<div><%= f.submit "Sign up" %></div>
<% end %>
now somebody can come and put 127.0.0.1/signin in the url and then it will show the sign_in form, i will avoid this, because it should show on the root site...
the same scenario like sing_up...
thanks
Related
rails g devise:views command generated that view
<h2>Sign up</h2>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :username %><br />
<%= f.text_field :username, :autofocus => true %></div>
<div><%= f.label :email %><br />
<%= f.email_field :email, :autofocus => true %></div>
<div><%= f.label :password %><br />
<%= f.password_field :password %></div>
<div><%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %></div>
<div><%= f.submit "Sign up" %></div>
<% end %>
<%= render "devise/shared/links" %>
My question is how does it work " form_for(resource, : as=>resource_name, ..."
resource is simple a record (or object) - with respect to Devise, it's usually something called User or similar. The rest of the parameters for form_for are options, detailed in the form_for docs.
I notice that both the :email and :username are calling for the email_field, which is a mistake.
I have a devise users table with a fully functioning sign in/up form.
What I was wondering was how to have that users form appear on a different table.
For example
users/sign_in works perfectly
but
I want to have that form appear on movies/index
Ive tried adding the form code to the movies/index but i get this error
undefined local variable or method `resource' for #<#<Class:0x00000102cbf0b8>:0x00000103bb6d78>
This is the sign in form
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
<div><%= f.label :email %>
<%= f.email_field :email, :autofocus => true %></div>
<div><%= f.label :password %>
<%= f.password_field :password %></div>
<% if devise_mapping.rememberable? -%>
<div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
<% end -%>
<div><%= f.submit "Sign in" %></div>
<% end %>
<%= render "devise/shared/links" %>
Thanks!
You can generate the views (I understand you already did that) and you can override the controllers, or, in your case, you can watch the controllers of Devise, take the code that you need, and in your view call a partial (from the Devise views).
I did something like that a few months ago, but what I did (that I don't fully suggest but I haven't find a better way) was to take the code from the Devise views, and copy the code in another view with some modifications:
<%= form_for(User.new, :as => "user", :url => session_path("user"), :remote => true) do |f| %>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
<div><%= f.label :password %><br />
<%= f.password_field :password %></div>
<div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
<div><%= f.submit "Sign in" , :class=>"blue_submit_degradiant", :id =>"sign_in_user"%></div>
<% end %>
It works, but the right way is to have a #user instead of User.new
My problem with devise.
I want to save private data of user without current_password.
And I want to remove some routes, leaving only the necessary.
routes.rb
devise_for :users, :controllers => { :registrations => "registrations" }, :skip => [:registrations]
as :user do
post "/users" => "devise/registrations#create", :as => :user_registration
get "/users" => "devise/registrations#new", :as => :new_user_registration
get "/users/edit" => "devise/registrations#edit", :as => :edit_user_registration
put "/users" => "devise/registrations#update"
end
I watched railscasts and add Registrations controller in my application
registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController
def update
#user = User.find(current_user.id)
# email_changed = #user.email != params[:user][:email]
password_changed = !params[:user][:password].empty?
successfully_updated = if password_changed
#user.update_with_password(params[:user])
else
#user.update_without_password(params[:user])
end
if successfully_updated
# Sign in the user bypassing validation in case his password changed
sign_in #user, :bypass => true
redirect_to root_path
else
render "edit"
end
end
end
My view edit.html.erb
<h2><%= t('users.edit_registration_data') %></h2>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<ul class="nav nav-tabs">
<li class="active" ><%= t('tabs.private_info') %></li>
<li><%= t('tabs.change_password') %></li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="profile">
<div><%= f.label :name, t('form.name') %><br />
<%= f.text_field :name %></div>
<div><%= f.label :phone_number, t('form.phone_number') %> <%= t('form.phone_notice' )%><br />
<%= f.text_field :phone_number, :maxlength => 10 %></div>
<div><%= f.label :area_id, t('form.area') %><br />
<%= f.text_field :area_id %></div>
<div><%= f.label :city_id, t('form.city') %><br />
<%= f.text_field :city_id %></div>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
</div>
<div class="tab-pane" id="password">
<div><%= f.label :password, t('users.form.new_password') %> <i>(<%= t('users.notifications.leave_password') %>)</i><br />
<%= f.password_field :password, :autocomplete => "off" %></div>
<div><%= f.label :password_confirmation, t('users.form.new_password_confirmation') %><br />
<%= f.password_field :password_confirmation %></div>
<div><%= f.label :current_password, t('users.form.current_password') %> <i>(<%= t('users.notifications.need_current_password') %>)</i><br />
<%= f.password_field :current_password %></div>
</div>
</div>
<br><br><br>
<div><%= f.submit t('users.update') %></div>
<% end %>
<%= link_to t('users.back'), :back %>
But when I update any data, except for the password, the application still asks for the current password.
controller: devise/registrations
action: update
1 error prohibited this user from being saved: Current password can not be empty
devise_for :users, :skip => [:registrations]
as :user do
post "/users" => "devise/registrations#create", :as => :user_registration
get "/users" => "devise/registrations#new", :as => :new_user_registration
get "/users/edit" => "devise/registrations#edit", :as => :edit_user_registration
put "/users" => "registrations#update"
end
I am trying to use the client_side_validations gem with Devise to validate devise registrations form.
Validations work fine with everything else just not the Devise generated form.
I added the relevant :validate => true but the validations only work when I hit submit not on tab like they do on every other form.
<h2>Sign up</h2>
<hr />
<%= form_for(resource, :validate => true, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :username %>
<%= f.text_field :username %></div>
<div><%= f.label :email %>
<%= f.email_field :email %></div>
<div><%= f.label :password %>
<%= f.password_field :password %></div>
<div><%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation %></div>
<br />
<div><%= f.submit "Sign up", :class => "btn btn-primary btn-large" %></div>
<% end %>
<%= render "links" %>
Argc, argv! I am using Rails 3.2.1, the latest release of the gem is incompatible with 3.2 hence the nightmare. Using 3.2.0.beta.2 fixes the problems. Thanks!
Try to put the :validates => true on your fields directly, like this :
<h2>Sign up</h2>
<hr />
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<div>
<%= f.label :username %>
<%= f.text_field :username, :validate => true %>
</div>
<div>
<%= f.label :email %>
<%= f.email_field :email, :validate => true %>
</div>
<div>
<%= f.label :password %>
<%= f.password_field :password, :validate => true %>
</div>
<div>
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation, :validate => true %>
</div>
<br />
<div>
<%= f.submit "Sign up", :class => "btn btn-primary btn-large" %>
</div>
<% end %>
<%= render "links" %>
change the line
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
to
<%= form_for(#user, :url => registration_path(resource_name), :validate => true) do |f| %>
I haven't used client_side_validations gem extensively yet. But from the look of it, it needs to have data-validate="true" in the form (and form elements) tags.
Do you find it in the output html form like:
<form novalidate="novalidate" method="post" data-validate="true" action="/some_actions" >
If you don't find it, you might want to write your form_for like this:
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), {:validate => true}) do |f| %>
Does it help?
To use an stable version use 3.0.3 that was the latest stable version supporting rails 3.2.x
My devise routes are:
devise_scope :user do
get "/login" => "devise/sessions#new"
get "/logout" => "devise/sessions#destroy"
get "/register" => "devise/registrations#new"
end
And my Devise Registration from is:
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
<div><%= f.label :password %><br />
<%= f.password_field :password %></div>
<div><%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %></div>
<div><%= f.submit "Sign up" %></div>
<% end %>
But the form tag is rendered as:
<form accept-charset="UTF-8" action="/" class="user_new" id="user_new" method="post">
I think, however, it should be the register controller.
Any ideas?
Thanks y'all,
j
According to the documentation, you're missing the :to argument. It should be:
devise_scope :user do
get "/login", :to => "devise/sessions#new"
get "/logout", :to => "devise/sessions#destroy"
get "/register", :to => "devise/registrations#new"
end