I'm working on a Rails-based API. I recently started attempting to version it. (I'm using the Versionist gem, in case it matters) One version ('v2') uses Devise and Omniauth to authenticate users through Facebook/Twitter.
I want all the routes associated with this version to have the appropriate version prefix (so users/:username/foo becomes v2/users/:username/foo, etc.), but I've already found out that putting devise_for inside the api_version block prevents the Devise helpers (current_user, user_signed_in?, etc.) from working, so it continues to live outside the block:
routes.rb:
devise_for :user, :path => '', :controllers => {:omniauth_callbacks => 'users/omniauth_callbacks'}, :skip => [:registrations, :confirmations, :sessions, :passwords]
api_version(:module => "V2", :path=>"v2") do
resources :authentications, :only => [:update, :destroy]
devise_scope :user do
post 'login' => 'sessions#create', :as => 'user_session'
get 'logout' => 'sessions#destroy'
post 'password' => 'devise/passwords#create'
put 'password' => 'devise/passwords#update'
end
end
Everything seemed great... except the Devise-generated omniauth routes:
rake routes output:
user_omniauth_authorize /auth/:provider(.:format)
user_omniauth_callback /auth/:action/callback(.:format)
Now, some google-fu revealed that there's a devise configuration setting for this, so I added the following to our devise initializer (config/initializers/devise.rb):
Devise.setup do |config|
config.omniauth_path_prefix = 'v2/auth'
end
Now, rake routes produces paths that look sensible:
user_omniauth_authorize /v2/auth/:provider(.:format) v2/users/omniauth_callbacks#passthru {:provider=>/(?!)/}
user_omniauth_callback /v2/auth/:action/callback(.:format) v2/users/omniauth_callbacks#(?-mix:(?!))
However, when I attempt to access this route by calling api.localhost/v2/auth/facebook, I get a routing error:
ActionController::RoutingError (No route matches [GET] "/v2/auth/facebook")
Any idea what's going on here?
You are missing the provider name in the routes so they don't match the facebook part in /v2/auth/facebook. The correct route destination should look something like v2/users/omniauth_callbacks#(?-mix:facebook).
Have you specified the provider in the user model?
devise_for ..., :omniauthable, :omniauth_providers => [:facebook]
For the record, I'm using Rails 3.2 and Devise 3.0 and the altered route seems to work (I haven't gone further yet to see if something else will break).
Related
I want to add OpenID authentication in my web. To do that I have follow several tutorials and used several plugins and gems and finally I manage to do something with devise_openid_authenticatable gem. I also have normal login/password authentication, Facebook authentication and Twitter authentication. Those three work perfectly.
Now I'm trying to override Devise's Session Controller , but when I do it, the normal login/password stops working. The error I get is:
ActiveRecord::RecordNotFound in Sessions#create
Couldn't find User without an ID
The rest of the authentication forms work OK, even the sign up works perfect. It's only the login/password authentication method...
I use Rails 3.0.1, Ruby 1.8.9 and Devise 1.4.9
routes.rb
MAWeb::Application.routes.draw do
[...]
devise_for :admins
devise_for :users, :controllers => {:registrations => 'registrations', :sessions => 'sessions'}
match '/users/openid' => 'users#openid_sign_in'
match 'openid/sign_in' => 'openid#sign_in', :as => :openid_sign_in
get 'openid/create'
match '/auth/:provider/callback' => 'authentications#create'
match '/auth/failure' => 'authentications#failure'
resources :subscription_contact_datas
resources :subscription_preferences do
collection do
post :create_with_params
end
member do
get 'delete_tag'
end
get 'fill_event_id', :on => :member
end
resources :event_states
resources :subscription_profiles do
collection do
put :update_profiles
end
end
resources :event_criteria_options
resources :subscriptions do
collection do
get :options_for_event_criteria
end
end
resources :event_criterias
resources :categories
resources :user_infos do
member do
get 'edit'
end
end
resources :events
resources :users do
member do
get 'showUserActivity'
end
end
resources :admins
resources :subscriptions_from_poi
root :to => "home#index"
namespace :user do
root :to => "users#index"
end
namespace :admin do
root :to => "admins#index"
end
*registrations controller's override works perfectly
EDIT: Added the most of the routes. The ones I omited are not important in my opinion.
I've followed the Devise wiki to switch the login route from /users/sign_in to /login. My routes file looks like this:
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
devise_scope :user do
get '/login' , :to => 'devise/sessions#new' , :as => :login
delete '/logout', :to => 'devise/sessions#destroy', :as => :logout
end
and my user model has this
class User < ActiveRecord::Base
devise :omniauthable, :database_authenticatable
end
I have a common scenario where a user is logged out, tries to access a restricted page, and then redirected to log himself in.
However, when that user is redirected, devise sends them to /users/sign_in path instead of /login.
The only way I could make the redirection to the /login url work is by adding this to the top of my routes.rb:
match "/users/sign_in" => redirect('/login')
which adds a redirect to my application, which in turn messes up tests - whenever I do something like this:
current_url.should == login_path
I get an error saying the expected path was "/login" and the actual was "/users/sign_in".
Did I miss something here - what's an elegant way to work around it? thanks.
side note
I only use :omniauthable to authenticate, but I added :database_authenticatable to devise configuration to force it to go to a dedicated login page.
Otherwise, devise always directs to the root path, so it would seem. If you know of a better way to do that, please - chime in.
I'm trying to implement facebook authentication in my app following this guide
I've followed all the steps but get the following error after hitting login.
Unknown action
The action 'facebook' could not be found for Devise::OmniauthCallbacksController
I've created the file omniauth_callbacks_controller in controllers/users. It has a facebook method defined. Any idea how I should debug?
Adding my routes file -
Myapp::Application.routes.draw do
get "static_pages/home"
get "static_pages/help"
get "static_pages/about"
devise_for :users do
resources :posts
end
root :to => 'static_pages#home'
devise_for :users, controllers: {omniauth_callbacks: "omniauth_callbacks"}
end
If you look at the guide it specifies this line for your routes file:
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
where you have:
devise_for :users, controllers: {omniauth_callbacks: "omniauth_callbacks"}
see the difference?
I am assuming that your users will be able to login and logout, edit profile, register with facebook or register with email and also you may add Confirmable to devise if you want. You should have extra columns in users table. Something like adding extra fields into your user model first.
rails g migration AddFieledsToUser provider:string uid:string image:string
then run rails db:migrate
Check your users table ensure you have these 3 columns above
Also I am assuming that you you have correctly configured initializers/devise.rb like so: config.omniauth :facebook, 'APP_ID', 'APP_SECRET_KEY', scope: 'email', info_fields: 'email, name' after you've properly created the facebook app. Also assuming you have properly created and configured your omniauth_callbacks_controller.rb based on the gems gem 'omniauth', '~> 1.6' and gem 'omniauth-facebook', '~> 4.0' in your gem file successfully. Just make sure you have all these steps done.
In your routes.rb you can add this:
devise_for :users,
path: '',
path_names: {
sign_in: 'login',
sign_out: 'logout',
edit: 'profile',
sign_up: 'registration'
},
controllers: {
omniauth_callbacks: 'omniauth_callbacks',
}
I think this is the part you have missed. You can also name the routes whatever you want. Just saying.
I ran into a similar problem with tutorials. Check the capitalization of
F in facebook in users/omniauth_callbacks_controller.rb I was using a capital "Facebook" but it was looking for lowercase "facebook"
I'm trying to write tests for authentication with Twitter and Facebook. I am using Devise and Omniauth. When I try it out it works correctly, but I can't get the tests to pass for it.
I'm following instructions, but it isn't in depth enough for me, plus I'm doing things a little differently (already have some code base). I have a custom controllers for omniauth_callbacks and registrations.
My problem is that when I run the tests it says:
(::) failed steps (::)
No route matches "/oauth/authorize" (ActionController::RoutingError)
<internal:prelude>:10:in `synchronize'
(eval):2:in `click_link'
./features/step_definitions/web_steps.rb:57:in `/^(?:|I )follow "([^"]*)"$/'
features/link_twitter.feature:19:in `And I link twitter'
Failing Scenarios:
cucumber features/link_twitter.feature:16 # Scenario: User links twitter
Where is this /oauth/authorize route coming from and how do I handle that?
It does not look like it is getting to my OmniauthCallbacksController. It follows the link and then dies. I think it has to do with Omniauth's call back method during test mode, but I'm not sure how to change / manage that.
Update: Here are my routes for Devise.
devise_for :users, :controllers => {
:omniauth_callbacks => "users/omniauth_callbacks",
:registrations => 'registrations',
:passwords => 'passwords',
:sessions => 'sessions',
:confirmations => 'confirmations'
} do
match 'confirmations/unconfirmed' => 'confirmations#unconfirmed', :as => :unconfirmed
match 'confirmations/send_advisor_confirmation/:id' => 'confirmations#unregistered_advisor_confirmation', :as => :send_advisor_confirmation
get '/users/auth/:provider' => 'users/omniauth_callbacks#passthru'
end
I forgot to put the following into env.rb
# features/support/env.rb
OmniAuth.config.test_mode = true
For more information read about the testing here.
Consider this as a challenge rather than its general approach. The reason I mention this is because, it is generally preferred to incorporate admin-accessible features into the public facing site. This is what's required:
Devise model for Users, visitors accessing the public facing site
Devise model for Admins
Namespace or scope the admin 'area' to /admin. Admins can only login from this route.
Users can sign up directly from the site's public facing landing page; they are not forced to visit /users/sign_up as per the default devise generated route.
Consider overriding the default devise controllers
Thanks,
Mike.
The following seems like I've made some progress in the right direction; this at least provides identical out-of-the-box devise functionality for both users and admins, with the custom routing,
match 'admin', :controller => 'admin'
namespace :admin do
# to be updated later...
end
devise_for :users
#devise_for :admins, :path => "admin" # this works but uses the default
# Devise::SessionController
devise_for :admins,
:controllers => {
:sessions => "admin/sessions",
:passwords => "admin/passwords",
:registrations => "admin/registrations" }, :path => "admin",
:skip => [:sessions, :passwords, :registrations] do
get 'admin/sign_in' => 'admin/sessions#new', :as => :new_admin_session
post 'admin/sign_in' => 'admin/sessions#create', :as => :admin_session
get 'admin/sign_out' => 'admin/sessions#destroy', :as => :destroy_admin_session
get 'admin/sign_up' => 'admin/registrations#new', :as => :new_admin_registration
get 'admin/account' => 'admin/registrations#edit', :as => :edit_admin_registration
post 'admin/account' => 'admin/registrations#create', :as => :admin_registration
get 'admin/cancel' => 'admin/registrations#cancel', :as => :cancel_admin_registration
put 'admin/account' => 'admin/registrations#update'
delete 'admin/account' => 'admin/registrations#destroy'
post 'admin/password' => 'admin/passwords#create', :as => :admin_password
get 'admin/password/new' => 'admin/passwords#new', :as => :new_admin_password
get 'admin/password/edit' => 'admin/passwords#edit', :as => :edit_admin_password
put 'admin/password' => 'admin/passwords#update'
end
Ideas?
caveat: in this example, I've included the :registerable devise module in the Admin model just for testing during development. The sign_up route will, ultimately, be removed.
Much searching yielded (mind the pun) the following blog post that seems to indicate overriding a devise controller requires the re-mapping of all its specified 'HTTP verbs' as it were; this makes sense as unmapped ones would be handled by the default devise controller.
If anyone has more experience working with multiple devise models and the separated admin approach, I would be very much interested in your thoughts and suggestions!