On my rails app I would like to force all users to sign-in when they next visit the site, rather than being remembered. I understand that I have to delete a cookie but which one and how do I do this?
I'm using rails 3.2 and devise 2.2.1.
Thanks for your help.
Use devises sign_out function, and build a private method in your application controller that forces it when a request is made. In your ApplicationController
class ApplicationController < ActionController::Base
before_filter :force_sign_out!
private # avoid interference
def force_sign_out!
if user_signed_in?
sign_out(current_user)
end
end
end
You could even run a block on your before_filter
before_filter do
if # conditions
force_sign_out!
end
end
hope this helps!
-Brian
Related
I want to add a second filter after :authenticate_user!.
Currently, I have a typical setup in my base namespaced controller:
module Admin
class AdminController < ApplicationController
before_filter :authenticate_user!
end
end
But any variation on this, doesn't work: the redirect doesn't happen so the user still gets access when she shouldn't.
# Doesn't work
before_filter :admin_only
def admin_only
:authenticate_user!
end
# Doesn't work
before_filter do
:authenticate_user!
end
# Doesn't work
before_filter [:authenticate_user!]
If any of these variations would work, I could add my extra filtering code. What's going on?
just append your extra before filter method
before_filter :authenticate_user!, :my_extra_before_filter_method
authenticate_user! will be executed first, followed by your custom filter
UPDATE: you can also call before_filter twice
before_filter :authenticate_user!
before_filter :my_extra_before_filter_method
This answer to a similar question says the following:
Devise uses Warden under the hood
https://github.com/plataformatec/devise/blob/master/lib/devise/controllers/helpers.rb
So you can just add a new strategy in Warden to authenticate your users. See https://github.com/hassox/warden/wiki/Strategies
Do you want to add a second filter? Or maybe just override?
I'm trying to implement a devise sign in form in my nav bar header(twitter bootstrap), but it just tells me that resource isn't a defined method.
Do I need to somehow inherit the devise helper methods to achieve this?
When it comes to creating a custom sign in page, it doesn't have anything to do with your controller, it has to do with accessing things in your view, through the helper of helper methods. You want to add them to your application_helper.rb file. There is an overview of the method here:
https://github.com/plataformatec/devise/wiki/How-To:-Display-a-custom-sign_in-form-anywhere-in-your-app
In a nutshell, you basically want to add this to yours application_helper.rb
def resource_name
:user
end
def resource
#resource ||= User.new
end
def devise_mapping
#devise_mapping ||= Devise.mappings[:user]
end
I have used this a bunch of times in all my projects to make custom sign in forms in the navbar when I use twitter bootstrap. It works great and doesn't require you to change any other code anywhere else.
I want my doorkeeper views to use the application layout:
https://github.com/applicake/doorkeeper/wiki/Customizing-views
This contains routes and helper methods from the main application.
For the routes, I can prefix main_app to the path but for the helper method I get the following error:
undefined method `is_active?' for #<ActionDispatch::Routing::RoutesProxy:0xade808c>
<li class="<%= main_app.is_active?("high_voltage/pages", "api") %>"><%= link_to t('developers'), page_path('api') %></li>
Why is this? The helper is in app/helpers/application_helper.rb
If you generated the views and they are placed in app/views/doorkeeper/** then the engine still uses doorkeeper controllers.
To fix this, you have to include your helper(s) into the engine's ApplicationController. Let's say you have something like this:
app/helpers/application_helper.rb
module ApplicationHelper
def my_helper
"hello"
end
end
app/views/doorkeeper/applications/index.html.erb
<p>
<%= my_helper %>
</p>
This won't work until you include your application helpers into doorkeeper controllers. So in config/application.rb:
class YourApp::Application < Rails::Application
config.to_prepare do
# include only the ApplicationHelper module
Doorkeeper::ApplicationController.helper ApplicationHelper
# include all helpers from your application
Doorkeeper::ApplicationController.helper YourApp::Application.helpers
end
end
this is similar configuration when you want to customize the layout.
A helper method in application_helper.rb would not be a method for main_app.
The main_app variable is an object with a class/module of ActionDispatch::Routing::RoutesProxy.
main_app is a helper that gives you access to your application routes. main_app.page_path('api'), for example.
I'm assuming, with doorkeeper, you need to access the path you want; main_app.highvoltage_page_path('api').some_doorkeeper_active_method
This should hopefully, at least, send you in the right direction, see also:
http://edgeapi.rubyonrails.org/classes/Rails/Engine.html#label-Using+Engine%27s+routes+outside+Engine
Good luck.
Well, this question is very old, but I ran into exactly the same problem, and I have a solution. The one requested on Felipe Elias Philipp's answer.
You need to do a little "overwrite". Copy the doorkeepers' engine application_controller.rb file to your app into app/doorkeeper/. Then just change
module Doorkeeper
class ApplicationController < ActionController::Base
to
module Doorkeeper
class ApplicationController < ::ApplicationController
Which now makes doorkeeper use your ApplicationController which probably will have all the methods you need. Together with https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-views everything works splendidly.
For the majority of my site, I want to require login. But for two pages, I need to have a user be able to submit to the page without logging in.
Is there a way to override the
before_filter :authenticate_user!
which I put in the application controller?
In your desired controller, add:
skip_before_filter :authenticate_user!, :only => [:some_action, :another_action]
Read more about filters at Module ActionController::Filters::ClassMethods
before_filter :authenticate_user!, :except => [:action_name_1, :action_name_2]
I have set up Devise in a from-scratch new Rails3 application, and signup/signin/signout works fine.
Now, what is the standard way to make sure pages can only be viewed by people who are signed in?
Non-signed in people would be redirected to the homepage (except when they are on the signup page, of course).
Instead of putting it in each controller, couldn't you just put it in ApplicationController?
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :authenticate_user!
end
I put that in my application controller and now when I navigate to any page in my application, it redirects me to new_user_session_path or "users/sign_in."
I have found a solution! I just need to add this as the second line in each controller:
before_filter :authenticate_user!
For instance:
class MonkeysController < ApplicationController
before_filter :authenticate_user!
If you know any better solution, feel free to answer.