This gem ("devise_token_auth") is used for token authentication for applications using JSON APIs for front-end development.
Can we use this gem for server side rendering? If yes, then how to add the token from a previous response to the current request?
I don't know if this is still a pressing matter for you, but I'd like to throw in some advice.
For your API you can throw in devise_token_auth and it will do what everything you need for authentication there.
And if you need authentication with server-side rendering of pages (such as login forms, reset password forms, etc.) just throw in regular devise too. It will work with your exact same User model and table, and there will be little friction to get things up and running with the same resources you use with devise_token_auth.
Gemfile
#autentication and authorization
gem 'devise', '~> 3.5', '>= 3.5.6'
gem 'devise_token_auth', '0.1.37'
Then run
bundle
Run the installer for devise:
rails generate devise:install
Then generate your user model:
rails generate devise User
Install devise_token_auth now:
rails g devise_token_auth:install User "auth"
And make sure your database is migrated:
rake db:migrate
I think devise_token_auth may overwrite your user model, I'm not certain, but if it does, keep the migrations for devise_token_auth only and ignore the migrations for Devise.
Then make sure your routes.rb matches this:
Rails.application.routes.draw do
devise_for :users
root "home#index"
namespace :api, defaults: { format: :json } do
namespace :v1 do #I namespace my routes
mount_devise_token_auth_for "User", at: "auth"
end
end
end
devise_for must come before mount_devise_token_auth.
Then just refer to the official devise and devise token auth documentation to get both solutions working for you.
Hope this helps anyone who reaches this point and has a need to authenticate users on mobile app and on browser web app.
Related
Does anyone know how to integrate Active Admin with Authlogic (I'm using authlogic_ldap_authenticatable gem to authenticate to AD)? I know Active Admin uses Devise, so what changes should I make to Active Admin for it to work with Authlogic? Thanks in advance.
Note: I used Rails 3.2.8 and Active Admin 0.5.0 when I did this.
Here's one way to do it:
First, update Gemfile by adding gem activeadmin, and run the rails generate active_admin:install. These are as instructed in the Active Admin README.
Typically there's already a User model that uses Authlogic, and if you plan to use that, remove all files for the new Admin User that Active Admin has generated by default:
db/migrate/*_create_admin_users.rb (migration file)
app/models/admin_user.rb
spec/models/admin_user_spec.rb
Remove Devise-specific files:
config/locales/devise.en.yml
config/initializers/devise.rb
Remove the Devise reference in config/routes.rb.
There's a generated file app/admin/admin_user.rb. You can reuse it by renaming the file to user.rb, register User in it instead of AdminUser, and remove indices on columns specific to Devise. Or, you can just delete the file altogether, and just create your own from scratch.
Update the following in your Active Admin config (see config/initializers/active_admin.rb):
config.authentication_method
config.current_user_method
config.logout_link_path
The default config.authentication_method is :authenticate_admin_user. Set it to whatever before filter method you use for requiring an admin user, e.g. :require_admin. The default config.current_user_method is :current_admin_user. A typical Rails app that uses Authlogic might have a :current_user method for this. And config.logout_link_path should be set to your path for logging out, e.g. :logout_path.
You may need to modify these instructions according to your case.
I got an API that I have developed using Rails 3 and Devise. I am using tokens (token_authenticatable) for authentication for requests made to the API from a client. I want to be able to switch between users in the requests just be replacing the token.
I heard about a setting called :stateless_token (boolean) but I cannot figure out where to put this setting. Is there another way?
If found the token_authenticatable here:
https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/token_authenticatable.rb
If found info about the stateless_token here:
http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable
stateless_token is deprecated as of now. This is the new form (it allows more auth strategies to be stateless):
# config/initializers/devise.rb
config.skip_session_storage = [:token_auth]
You can also edit the file /config/initializers/devise.rb and put (or uncomment, if already there) the following line:
config.stateless_token = true
It should be an option in your devise_for line in the routes file.
devise_for :users, :stateless_token => true
Let me know if that works,
In this page of documentation for devise it says that "TokenAuthenticatable adds the following options to devise_for:" with stateless token being one of them.
Also here is a link to the devise_for documentation
I am trying to split my current Ruby on Rails 3 web-application and it's web-services (API). My web-application is running on Heroku and implements API as a namespaced route within my application. For example /events returns a HTML page and /api/v1/events returns a JSON data.
According to some best practices, I want to split those into two different applications. I have chosen Sinatra to implement the API application. It works now for simple requests where authentication is not required.
My Ruby on Rails 3 application is using Devise to authenticate users. There's also ability to login with Facebook account. Now what I want to achieve, is HTTP Basic Authentication of users (including registration) through my Sinatra-based API by using Warden.
What is the best way to do that? Or maybe I can use something different then Warden?
Keep in mind that I am not very familiar with Rack :)
I was able to get it working. There were a few main aspects:
Get Devise working with Rails (Devise is a Rails app, won't work
without it)
Setup the mapping (route) on Rack level to support both Rails and Sinatra
Share the sessions between Rails and Sinatra
Setup Warden and make it available to Sinatra
Here is most relevant part of code from /config.ru:
#
# ...
# Rest with Rails
map "/" do
run MyApp::Application
end
# Anything urls starting with /slim will go to Sinatra
map "/slim" do
# make sure :key and :secret be in-sync with initializers/secret_store.rb initializers/secret_token.rb
use Rack::Session::Cookie, :key => '<< see, initializers/secret_store.rb >>', :secret => '<< copy from initializers/secret_token.rb >>'
# Point Warden to the Sinatra App
use Warden::Manager do |manager|
manager.failure_app = AppMain
manager.default_scope = Devise.default_scope
end
# Borrowed from https://gist.github.com/217362
Warden::Manager.before_failure do |env, opts|
env['REQUEST_METHOD'] = "POST"
end
run AppMain
end
See, http://labnote.beedesk.com/sinatra-warden-rails-devise for a complete solution.
My rails 3.0.3 app uses devise gem (1.1.5) for authentication and before I wasn't using the :registerable module. I have since added that to enable users to sign up. I then implemented my own registration controller which extends Devise::RegistrationsController. Now when I visit the url /users/sign_up. I get "Missing template error" because rails doesn't find the registration views under app/views. I had generated the devise views using rails generate devise_views which means that my registration views are under app/views/devise/. When I copy the views to app/views/ folder it works. This doesn't seem very DRY. Is there a way of telling rails to use the views in app/views/devise?
thanks,
Kibet.
The easiest way is to add a line in \config\application.rb
config.paths['app/views'] << "app/views/devise"
I have a webservice -somewhere- to validate passwords and stuff, and a module using SAVON that makes the corresponding questions in order to verify someone. The thing is, I don't have the login to work with my module. I was trying to use DEVISE to work with it, but I can't figure out how to do it yet.
Does anybody know a good gem that can work and take advantage of SAVON in order to make login validations?
I don't know of any gem that works with SAVON but you can use find_for_database_authentication of Devise
def self.find_for_database_authentication(conditions)
where('users.rut = ?', conditions[:rut]).first
end
For more detail, see RoR Devise: Sign in with username OR email