I am using Devise gem in my application and it work fine.
I use omniauth to authenticate Twitter users, and when user types in http://www.mydomain.com/addtwitter user will be redirected to Twitter authentication page.
In devise gem, by default when user loads the page /auth/twitter it takes user to authorization page. So to customize this i added below code in my routes.rb file.
match "/addtwitter" => redirect("/auth/twitter")
But i would like to make the /addtwitter functionality only to the logged in user.
How do i achieve this without actually creating a controller/action in rails?
is this even possible?
In devise, you can specify routes that only apply to logged in users.
authenticated :user do
match "/addtwitter" => redirect("/auth/twitter")
end
Related
I'm building an app which have two user models: user and user_admin, user_admin is provided with activeadmin via devise and user was created with devise too. I created main page, some resources, and admin page, now I want to restrict access to any admin page via cancan. So to summarize:
User is on main page, then go to same other page, devise redirect him to sign_in
after sign in user can browse pages, but if he will want to go on /admin cancan should be give him 404 or give access to admin pages
only if he has admin role, then he must sign in with another
user_admin account.
So how I can describe in ability restriction to admin pages, some problems are:
I don't know where is Admin::DashboardController#index thus I can't check here role and make redirect to 404
Also Active admin is generating dynamically routes so I can't use that either.
How can I make it working?
Situation: I am building a Rails app that will serve as a central authentication system for a couple of in-house applications. The app will SSO into these other applications.
So, the path of the user will be https://site-a.com, which will redirect to https://site-b.com (this is the one running Rails w/ Devise and Pundit). The user will authenticate there.
I need to take that user back to https://site-a.com.
Everything I've seen with Devise is that it can redirect, but only to routes within the application.
Please be gentle.
Devise can redirect the user to anywhere after they signs in.
The straightforward way to do that is override the after_sign_in_path_for method in controllers:
class ApplicationController < ActionController::Base
def after_sign_in_path_for(resource)
"http://site-a.com/"
end
end
For more information about after_sign_in_path_for, please see How To: redirect to a specific page on successful sign in.
If you have not yet have a clear idea about how to build a SSO system with Devise, you might want to take a look on this article: Multiple Applications with Devise, Omniauth and Single Sign On.
I have developed two rails applications app1 and app2, they have their own user controller and model and own ability.rb file and own devise gem. I want all of them share a common user controller and user model and ability.rb file so that anyone irrespective of the application goes through the same authentication system.
In this context I have read the post Rails: Devise Authentication from an ActiveResource call and How to add authentication before filter to a rails 3 apps with devise for user sign up and sign in?. But I am sorry, I could not figure out how to modify their individual routes.rb file so that all the authentication requests redirected to it and I would like to know if I have to make another application for only management of user for that purpose.
You might use omniauth gem to provide one application to manage its users through the second one (like a Facebook connect, for example). This app's sign in action would just be a redirect to the second one's sign in page.
In this case, however, you would have 2 different user tables, which might need synchronization, but for just a simple authentication that could work.
I'm using devise for user authentication. I would like to create a component to be able to respond to a user logging in. Does devise have user events or something similar?
You can check out the pages here: Devise Wiki Pages. You can do things like redirect to certain pages. Additionally, when someone is logged in, so you can always check the current_user method provided by devise and see if it returns nil or a user.
Specifically look at redirecting on signin/signout. You can redirect to a controller action that does what you want.
I am new to ruby and rails and so far I managed to setup user management using devise. Right now I am trying to integrate support for mobile Android and iOS apps. So far it is possible for them to login and logout and get an authentication token. But in addition to that I would also like them to be able to register.
Now, as I understand it I have to do a post to
http://localhost:3000/users/sign_up
How does this post look like? And how do I get a JSON response? I found this on stackoverflow.
"utf8=✓&authenticity_token=n5vXMnlzrXefnKQEV4SmVM8cFdHDCUxMYWEBMHp9fDw%3D&user[email]=asd%40fasd.org&user[password]=321&user[password_confirmation]=1233&commit=Sign+up"
Unfortunately this does not work - I am getting the message "Bad request". I also do have a couple of questions about this example. What is the authenticity_token for? How do I get one? This is not the devise token authentication I guess as the user is not even in a position to have one at this point.
Also, after a successful login I would like to bundle the "registration successful" message with a generated devise authentication token. So I guess I have to somehow extend devise`s existing registration controller.
Thank you very much in advance!
Devise already has all this setup. Based on your signup path, I infer that you mounted Devise onto http://localhost:3000/users. Devise includes all the controllers and views that are required, including the log in form, the sign up form, the email confirmation form and the password reset forms.
GET http://localhost:3000/users/sign_up is actually a form for users to signup at. The form on that page will POST to http://localhost:3000/users/, which goes to Devise's registration controller's create action.
Assuming there is no action/view already at /users/sign_up, the sign up form should be there, go check if it is there (assuming you set up devise_for correctly in your routes.rb file).