I have a Rails 3.2 app with Devise for authenticating users.
On local development mode, the Sign-out link is not working. It redirects me to home page instead of showing Sign-in page and the session is not destroyed. But on Heroku, clicking on Sign-out link properly logs me out and shows me the Sign-in page destroying the user session.
In application .haml layout page, the link to Sign-out page is:
= link_to "Sign Out", destroy_user_session_path, :method => :delete
Related routes:
devise_for :users, :controllers => { :sessions => 'sessions' }
new_user_session GET /users/sign_in(.:format) sessions#new
user_session POST /users/sign_in(.:format) sessions#create
destroy_user_session DELETE /users/sign_out(.:format) sessions#destroy
I have inherited the Devise::SessionsController to SessionsController in my app as below:
class SessionsController < Devise::SessionsController
layout 'devise_layout'
end
Now the weird case is that, after the session is expired which is default 30 minutes, I log in again and click on Sign-out link, it redirects me back to Sign-in page.
All works fine on Heroku, it fails on local. I am unable to figure it out what is happening on local.
I don't think I am doing anything wrong here because same is deployed to Heroku and is working fine there. What's wrong with development mode on local?
Oops...answering late.
Anyway, I was able to figure out the issue. Actually the app is subdomain based. So I used lvh.me:3000 for testing on local as localhost:3000 doesnt support subdomain.
The workaround is to set subdomain as "lvh.me" in session_store.rb.
domain: 'lvh.me'
Related
I had to secure the login view (with the simple email/password form).
I'm using devise. The thing is the sign in error messages get lost somewhere (probably redirections from http to https I guess).
I tried to do the following on my application controller:
after_filter :set_devise_flash_messages, :if => :devise_controller?
def set_devise_flash_messages
if resource.errors.any?
flash[:error] = flash[:error].to_a.concat resource.errors.full_messages
flash[:error].uniq!
end
end
private :set_devise_flash_messages
but it's not working either.
Any ideas?
Thanks!!!
So, I was missing something.
I had secured the 'new' action for the devise/sessions controllers, but I wasn't securing the 'create' action. So that was causing the loss of flash messages (in between the re directions of that action's protocol).
Cheers!
I've just updated Omniauth from 0.2.6 to 1.1.1 in order to use the developer strategy. I've made my login link point to /auth/developer if the environment is development and /auth/facebook if production.
The Facebook strategy still works. When using the developer strategy, the link goes to the built-in Omniauth sign in page but returns a 404 when clicking sign in. This model does not use Devise.
Routes file
get "/auth/:provider/callback" => "sessions#create"
.
.
.
get '*a', :to => 'errors#routing'
Omniauth initializer
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, [etc.]
provider :developer if Rails.env.development?
end
Log
Started GET "/auth/developer" for 127.0.0.1 at 2012-12-19 16:23:04 +0200
Started POST "/auth/developer/callback" for 127.0.0.1 at 2012-12-19 16:23:10 +0200
ActionController::RoutingError (No route matches "/auth/developer/callback")
Ran into this today in a new rails 4 application, I'm currently using this route as a workaround:
match '/auth/:provider/callback', to: "sessions#create", via: [:get, :post]
I have configured basic authentication (in controller)
above everything in controller file:
before_filter :check_logged_in, :only => [:edit, :update, :destroy]
On the bottom of the file:
private
def check_logged_in
authenticate_or_request_with_http_basic("Ads") do |username, password|
username == "admin" && password == "apple"
end
end
It works like a charm, but there is one thing I don;t understand - when I provide username and password it stays logged in for a long period of time and when I click on 'delete' or 'update' for specific entries I'm not getting prompted again. I thought something went wrong, but when I opened another browser - it prompted me again, but only once, I didn;t have to authenticate for the rest.
Then I thought it was a cookie issue, but nothing changed even though I deleted all the cookies in Chrome. So I got a couple of questions:
Is there any way to say for how long I'm going to be authenticated?
Is there any way to be prompted for authentication everytime I click on the resource mentioned here - :check_logged_in, :only => [:edit, :update, :destroy] ?
HTTP basic authentication doesn´t use cookies. The login information is sent with every HTTP request to the specified web server. You are logged in until you close your web browser or delete all active logins.
I'm using Devise and OmniAuth (Facebook) in a Rails 3 app. I just started noticing this behavior recently.
When a user signs in, he is redirected to his dashboard, however, the characters "#_" are being appended to the url. The only thing I can think of now is a conflict between the routes created by:
resources :users
and
# User Authentication
devise_for :users,
:singular => :user,
:controllers => {:registrations => 'registrations'} do
get 'logout' => 'devise/sessions#destroy'
end
Is this only happening with Facebook? If so it is probably related to: https://developers.facebook.com/blog/post/552/. Notice how Facebook outlines that they changed the session redirect handling to append a #_=_ to responses. I'm not sure why this was done, however you may be able to fix it by supplying an explicit redirect url.
Devise 1.2 ruby on rails
I'm having difficulty testing sign up. When the user clicks sign up, they're logged in and i should see a flash message. This works but my test fails. Not sure why. How does sign up work? is there some sort of internal redirect that happens? This step fails:
Then I should see "You have registered successfully. If enabled, a confirmation was sent your e-mail."
Confirmation is not enabled in my user model.
Tehcnically, you shouldn't feel the need to unit test the devise mechanism--the gem itself is well-tested. I can understand wanting to make sure it is behaving the way you configured it though, so:
Devise definitely redirects after a successful authentication. It will set the flash message and then redirect either to what you set as the root in your routes file, or if you attempted to access a page within the site and got redirected to the login page, it will redirect you back to the page you were trying to access.
For your test, try testing that you get redirected to what you set as root in your routes.rb fil. I.e. in the devise instructions, it says to set it like
root :to => "home#index"
So, in your test try something like this:
require 'spec_helper'
describe YourController do
include Devise::TestHelpers
before (:each) do
#user = Factory.create(:user)
sign_in #user
end
describe "GET 'index'" do
it "should be successful" do
get 'index'
response.should be_success
end
it "should redirect to root" do
get 'index'
response.should redirect_to(root_url)
end
end
You can add your flash message test to this as well. Hope this helps!