I'm using Devise and OmniAuth (Facebook) in a Rails 3 app. I just started noticing this behavior recently.
When a user signs in, he is redirected to his dashboard, however, the characters "#_" are being appended to the url. The only thing I can think of now is a conflict between the routes created by:
resources :users
and
# User Authentication
devise_for :users,
:singular => :user,
:controllers => {:registrations => 'registrations'} do
get 'logout' => 'devise/sessions#destroy'
end
Is this only happening with Facebook? If so it is probably related to: https://developers.facebook.com/blog/post/552/. Notice how Facebook outlines that they changed the session redirect handling to append a #_=_ to responses. I'm not sure why this was done, however you may be able to fix it by supplying an explicit redirect url.
Related
This gem ("devise_token_auth") is used for token authentication for applications using JSON APIs for front-end development.
Can we use this gem for server side rendering? If yes, then how to add the token from a previous response to the current request?
I don't know if this is still a pressing matter for you, but I'd like to throw in some advice.
For your API you can throw in devise_token_auth and it will do what everything you need for authentication there.
And if you need authentication with server-side rendering of pages (such as login forms, reset password forms, etc.) just throw in regular devise too. It will work with your exact same User model and table, and there will be little friction to get things up and running with the same resources you use with devise_token_auth.
Gemfile
#autentication and authorization
gem 'devise', '~> 3.5', '>= 3.5.6'
gem 'devise_token_auth', '0.1.37'
Then run
bundle
Run the installer for devise:
rails generate devise:install
Then generate your user model:
rails generate devise User
Install devise_token_auth now:
rails g devise_token_auth:install User "auth"
And make sure your database is migrated:
rake db:migrate
I think devise_token_auth may overwrite your user model, I'm not certain, but if it does, keep the migrations for devise_token_auth only and ignore the migrations for Devise.
Then make sure your routes.rb matches this:
Rails.application.routes.draw do
devise_for :users
root "home#index"
namespace :api, defaults: { format: :json } do
namespace :v1 do #I namespace my routes
mount_devise_token_auth_for "User", at: "auth"
end
end
end
devise_for must come before mount_devise_token_auth.
Then just refer to the official devise and devise token auth documentation to get both solutions working for you.
Hope this helps anyone who reaches this point and has a need to authenticate users on mobile app and on browser web app.
I want to login using twiter app for that i used gem 'omniauth-twitter' now please tell me whats app url in twitter when i want to use localhost:3000 i gave http://0.0.0.0:3000 as url
and in call back url my index page
like
localhost:3000/index
my app not able to redirect to twiiter page on click on this link
http://localhost:3000/auth/twitter
please some body help me .....
For the callback URL use http://127.0.0.1:3000 as base and specify the route to the controller that deals with omniauth information.
Example: http://127.0.0.1:3000/auth/twitter/callback
I'm also using twitter-omniauth for signing people up with twitter... these are the routes I'm using in routes.rb, relating to twitter-omniaouth:
match '/auth/twitter/callback' => 'sessions#create'
match '/signin' => 'sessions#new', :as => :signin
match '/signout' => 'sessions#destroy', :as => :signout
match '/auth/failure' => 'sessions#failure'
Hope it helps?
I have a Rails 3.2 app with Devise for authenticating users.
On local development mode, the Sign-out link is not working. It redirects me to home page instead of showing Sign-in page and the session is not destroyed. But on Heroku, clicking on Sign-out link properly logs me out and shows me the Sign-in page destroying the user session.
In application .haml layout page, the link to Sign-out page is:
= link_to "Sign Out", destroy_user_session_path, :method => :delete
Related routes:
devise_for :users, :controllers => { :sessions => 'sessions' }
new_user_session GET /users/sign_in(.:format) sessions#new
user_session POST /users/sign_in(.:format) sessions#create
destroy_user_session DELETE /users/sign_out(.:format) sessions#destroy
I have inherited the Devise::SessionsController to SessionsController in my app as below:
class SessionsController < Devise::SessionsController
layout 'devise_layout'
end
Now the weird case is that, after the session is expired which is default 30 minutes, I log in again and click on Sign-out link, it redirects me back to Sign-in page.
All works fine on Heroku, it fails on local. I am unable to figure it out what is happening on local.
I don't think I am doing anything wrong here because same is deployed to Heroku and is working fine there. What's wrong with development mode on local?
Oops...answering late.
Anyway, I was able to figure out the issue. Actually the app is subdomain based. So I used lvh.me:3000 for testing on local as localhost:3000 doesnt support subdomain.
The workaround is to set subdomain as "lvh.me" in session_store.rb.
domain: 'lvh.me'
I'm having a problem using a sub url, when I try to access through authentication page, it generates an authentication cookie, but i keep on login screen and if i try access some page it says that i must got logged.
If you mean sub-domain, you have to change, your config/initializer/session_store.rb
And add your subdomain, with a dot before like that :
Rails.application.config.session_store :cookie_store, :key => '_key', :domain => ".yourdomain.com"
I'm using active admin in my rails 3.0.9 app with the default setup.i.e I have User model with devise authentication for customer login and Active Admin is running on AdminUser model. All Ok apart from the active admin login page. When I try to access http://localhost:3000/admin I get the active admin login page very quickly. But after I enter the username/password correctly/incorrectly the authentication process takes nearly 3-5 minutes. Because of this reason I can't even deploy the app on heroku, and I get timeout errors on heroku logs.
But how ever in development mode after I logged in to active admin, everything works perfectly. I'm assuming this is happening due an issue with routing. So I'm pasting my routes file here with fully.
http://pastie.org/3153643
Can some one help me on this please? Thanks
UPDATE 09-Jan: Its seems like the issue is not related to the routes I think. I removed all the other models/controllers/views/routes leaving only User and AdminUser stuffs. But I still experiencing the slowness.
Never mind I've found the issue and the probably the solution as well. I'm posting it here so it will help someone else with a similar issue.
In my application I was originally using authlogic gem for authentication but recently I've switched over this to devise for better support. But I still wanted to allow old users to login to the app with same passwords. So I've overridden the devise encryption from Bcrypt to Authlogic's sha512 as below.
config/initializers/devise.rb
config.encryptor = :authlogic_sha512
But I never change the AdminUser model to fit with the above change.
So the fix should be in my model I should use the :encryptable and :encryptor => :authlogic_sha512
class AdminUser < ActiveRecord::Base
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable,:encryptable, `:encryptor => :authlogic_sha512`
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me
end
And in AdminUser migration file encryptable columns should be enabled
create_table(:admin_users) do |t|
t.database_authenticatable :null => false
t.recoverable
t.rememberable
t.trackable
t.encryptable
# t.confirmable
# t.lockable :lock_strategy => :failed_attempts, :unlock_strategy => :both
# t.token_authenticatable
t.timestamps
end