When a user logins into my page it redirects them to the sign-in page without error. It actually logs them in but for some reason it won't redirect to the user's show page.
I have this, which as worked in other cases, in my application controller:
def after_sign_in_path_for(user)
user_url(user)
end
here is the link to my repo https://github.com/samwat2/Ships-Project
I'm new to rails and I'm not quiet sure this isn't working! When it has before...
From looking at your repo, you added the two custom fields :first_name and :last_name to the registration form, and you validate the presence of those attributes. If you have added these validations after creating some users, and try to login with a user that misses some of these fields, devise will encounter a validation error when saving the user and redirect back to the login form, even though the authentication itself was successful.
Try making the users valid by filling the missing attributes, and the login should behave again as intended.
Related
I'm looking for a way to use a URL provided as a parameter in the POST request to create a user as the confirmation URL for confirming my Devise user model. The use case is that I have a rails application acting as an API for a frontend react app (setup using webpack) and I want the URL in the confirmations instructions email sent to the user to link to the frontend app, which would then send an API request to the backend to manually confirm the user, instead of the user visiting my backend API URLs themselves.
I want it so that the backend could potentially be used with other clients in the future, so the URL to be used must be variable. Currently I'm trying to pass it in the API request to create the user, and then somehow I would need a way to get this variable into the Devise mailer.
The end goal looks something like this:
# app/views/devise/mailer/confirmation_instructions.html.erb
<p>Welcome <%= #email %>!</p>
<p>You can confirm your account email through the link below:</p>
<p><%= link_to 'Confirm my account', #custom_confirmation_url ? "#{#custom_confirmation_url}#{#token}" : confirmation_url(#resource, confirmation_token: #token) %></p>
where #custom_confirmation_url is the variable holding the value of the URL passed into the POST request to register a new user.
I was potentially thinking of simply redirecting the user to my frontend after the confirmation, with something like this but I don't see how I'd make it work with multiple frontend clients, if I went that route.
I'm open to thoughts on whether or not this approach is even worth considering, or if there's a more stylistically correct way of accomplishing this.
Authenticate user by link (Laravel 5.3)
I'm trying to authenticate user when he follows a special link.
I find the user by the link parameters and authenticate him like this
Auth::loginUsingId($client->id);
After that Auth::user() returns the user I needed, that's all fine.
But when I trying to acccess user's profile page it redirects me to /login.
If I log in in browser using the same user's credentials I can see the profile page.
Seems that it doesn't save info to session.
What have I missed?
I have seen that if you output anything before Auth::attempt() (same as loginUsingId) it does not work. Make sure you have no echo statements, dd, print, or anything else before or after you attempt the login. But, this should work for you:
Say, for this example that your URL is somedomain.com/autoLogin?userid=1
public function autoLogin(Request $request){
$id = $request->userid;
$user = Account::find($id);
Auth::login($user);
}
This will persist the session.
i'm implementing a form based authentication for my web application.
i created some users in the JDBCrealm on TomEE server and allow only particular users to access the protected jsf pages.
Now authentication works perfectly and if there is a username password mismatch it is redirected to the error page.
the problem i'm facing here is, if i try to login with the user already available in the JDBCrealm who is not authorised to access the protected the page im getting 403 error.
When I come back and try again get to protected pages i can't again login. Is it because information about my login is remembered in session and I have to invalidate session?
Even if I don't login ?
EDIT:
i ask about at forum: http://openejb.979440.n4.nabble.com/Bug-in-security-TomEE-td4665009.html
and i think its the best answer for my question
instead of trying to implement this yourself take a look to something like spring security, it provides most of the options you will need and if you need to extend it is easy as well
I have an ember app accessing a Rails API with devise for authentication, more or less following the ember-auth-demo github project.
Everything works, but in my testing I've noticed that if I sign in and out and then try to register a new account, rails complains with:
Filter chain halted as :require_no_authentication rendered or redirected
Completed 302 Found in 2ms (ActiveRecord: 0.2ms)
Googling has revealed that this is to prevent authenticated users from creating new accounts, which seems like a sound policy I shouldn't necessarily circumvent.
However, it's curious because my front-end ember app is not in an authenticated state. Looking at my local cookie store, remember_token is successfully destroyed on signout. However the session cookie is still hanging around. If I manually destroy that, then everything is back to working as expected, the user is not considered authenticated by the back-end app and processes the request normally.
For brevity, the relevant files are in this gist: https://gist.github.com/DVG/5975064 , but my sign_out functions are here:
#EmberAuth Signout Method
App.ApplicationController = Ember.Controller.extend
signOut: ->
App.Auth.signOut()
App.Auth.destroySession()
#Rails SessionsController#destroy
def destroy
return missing_params unless params[:auth_token]
resource = resource_class.find_by_authentication_token(params[:auth_token])
return invalid_credentials unless resource
resource.reset_authentication_token!
render json: {user_id: resource.id}, status: 200
end
The issue was I was storing the token in the session. Had to disable it with:
config.skip_session_storage = [:http_auth, :token_auth]
in the devise initializer
I have a weird problem when I try to use door_keeper gem with rails app. The problem occurs when I use Oauth2 gem to get the token. But at the part I have url :
http://0.0.0.0:3000/oauth/authorize?response_type=code&client_id=199f27a02764f1ef1d31c2860b83ef93c0cc3dc26886d2b3d76b8ef1e935f3ae&redirect_uri=http%3A%2F%2F0.0.0.0%3A3000%2Fcallback
it doesn't redirect to the page we authorize and get token but it redirects directly to http://0.0.0.0:3000
what's the problem I have here, it should redirect to application authorize page first, shouldn't it ?
The authorization page requires some user to be logged in. You set up that in the resource_owner_authenticator block and it should look something like this:
resource_owner_authenticator do |routes|
# Put your resource owner authentication logic here.
# If you want to use named routes from your app you need
# to call them on routes object eg.
# routes.new_user_session_path
User.find(session[:user_id]) || routes.new_user_session_path
end
In this case, if the user is not in the session when it tries to access /oauth/authorize, it gets redirected back to new_user_session_path.
Only when the user was found from the session, you'll be able to see the authorization page.