I am using Rails (3.2.6) with devise (2.1.2) and have a controller where I would like to make sure users are authenticated before proceeding.
Optimistically, I tried...
module Spree
class MyAppController < Spree::BaseController
before_filter :authenticate_user!
...remainder of MyAppController code...
and I am NOT redirected to a login or sign-in page. I am redirected to the 'products' page, with a polite message at the top saying I need to sign-in or sign-up to continue.
What I would like to happen is that I am redirected to sign-up / sign-in and when that is completed successfully, the original controller path resumes.
Searching around, I have read that authenticate_user! from Devise interacts with Spree in such a way as to cause an infinite redirection, so something in Spree disables this, resulting in the lame behavior I describe above.
Has anyone managed to get this to work or have suggestions for a good work-around?
I have found a work around, but I am not an experienced enough Rails developer to know how reasonable this solution is.
I wrote a method to do the filtering and used it instead of authenticate_user!...
def require_authentication
unless current_user
# setting this in the session allows devise to return us to
# the original invocation path, once sign up / sign in is complete
session[:user_return_to] = request.env['PATH_INFO']
redirect_to new_user_session_url and return
end
end
did you try adding
before_filter :check_authorization
to your controller?
I think that may do what your looking for.
Thanks
Ash
Related
So, a returning user in my app who has ticked "Remember me" has to land in a different page inside the app instrad of the home page and being logged in there.
I went through the documentation but i cant find a function that does this.
I also struggle into make devise go to a different page when the user updates the profile and i use wrong methods for this. Can you give me the correct method and where to put it as well?
I tried using the method 'after_remembered' in my ApplicationController but it doesn't work while the method after_sign_in_path_for works!
Do i need to overwrite something?
Devise sets a remember_created_at value for the user if "Remember Me?" is selected. In the after_sign_in_path_for you could have it check for resource.remember_created_at and then perform the redirect there.
A quick example would be in app/controllers/application_controller.rb
def after_sign_in_path_for(resource)
resource.remember_created_at ? path_for_remember : path_not_for_remember
end
To handle redirects after updates you want to use the after_update_path_for which is set up the same way:
def after_update_path_for(resource)
some_path
end
we are currently relaunching a bigger website from PHP (Magento with a quite exhaustive forum) into a Rails-app while keeping the forum.
During this undertaking we will migrate quite a lot of content to new URLs, which means we'll have to 301 redirect a lot of them.
Now we all know about Apache/NGINX-rewrites. I also found https://github.com/jtrupiano/rack-rewrite for RACK.
But is there a good way to make 301-redirects administratable by our users with Rails? (I'm basically looking for a GEM or RACK-app, where our users can log in, then see and edit the existing redirects).
Thanks for any help.
You could store all redirects in a model with attributes "from" and "to". Then, you can manage this redirects from your admin area as you want.
Then, in your ApplicationController, you can wrap your actions in a around filter as it says here:
around_filter :catch_not_found
private
def catch_not_found
yield
rescue ActiveRecord::RecordNotFound
redirect = Redirect.where(from: request.original_fullpath).first
redirect_to "#{request.base_url}#{redirect.to}" if redirect
end
As a better alternative to https://stackoverflow.com/questions/25613825/rails-redirect-to-for-default-application-layout I need to validate with user interaction before other web site features become available.
Something like "when user_signed_in? yield to controllers and views if account_verified? otherwise redirect_to verify_account"
I'm guessing this would look like a before_action in ApplicationController... I'm going to try and hash it out. I'll post my answer here when I get it.
EDIT: I'm not verifying the devise login. That's already done. This is something totally different.
You can do this with devises authenticate_user!
So in your application_controller.rb
before_action :authenticate_user!
Which redirects to sign in if they aren't logged in
This solves it for me. Specify which controllers to exclude from before_filter
Also for my before_filter I needed to move the methods into a module in my lib folder since I was getting a Controller not initialized error. The error was from a self.mymethod within the controller being called as MyController.mymethod This doesn't work, hence moving it all into the lib folder inside a module.
I'm looking into RoR some way to: login into the system with DEVISE, (it's working), but i'm needing something than keeps always the view of this logged user, and avoid than this user looks another views.
http://xx.xx.xx.xx:3000/user/1
And this user cannot look the content of:
http://xx.xx.xx.xx:3000/user/2.
Please, sorry if this is a silly question, but, i was looking 2 days and i don't know how i can name this feature.
Thanks!
There are gems available for this Authorization. I prefer can can which is one of the best Authorization gems available
Here is the gem=> https://github.com/ryanb/cancan
And here is the rails cast tutorial using it=> http://railscasts.com/episodes/192-authorization-with-cancan
EDIT: If you want to manually implement this then you just need to make a method with following logic
def check_authorization
# Assuming user ID is coming in params[:id]
if current_user.id == params[:id]
return
else
# render or redirect to some page with access denied message
end
end
And call this method just before any action in which you want to check for authorization.
I have the following interesting problem. I've created a secondary login form. From that secondary form I want the user always to be redirected to the specific form. I believe Devise is handling redirects in the following function in ApplicationController:
def after_sign_in_path_for(resource)
# custom redirect stuff
end
What would be the best way to tell devise "if I am coming from the custom redirect path, always take me to some specific page and disregard what ever is in params[:redirect]". I was thinking of either inspecting referrer url string or storing stuff on the session, but I am not sure.
What would be the best way to achieve this behaviour? Any suggestions would be appreciated!
Inspecting Devise code, I found that it is possible by clearing out the session variable where Devise stores the return path:
session[:user_return_to] = nil # or some explicit path
Note: Assuming the authenticated model is user.rb