I have an application that uses devise for authentication. I am trying to customize the layouts for the devise controller, and I was able to do some of this by following the answers to another question here on Stack Overflow. However, I can't find anything about how to distinguish between the devise/passwords and devise/registrations controller. I am using the following code:
def layout_by_resource
if devise_controller?
if action_name == "edit" or action_name == "update"
"application"
else
"sessions"
end
else
"application"
end
end
The problem is that when a user tries to re-set their password, it's trying to use the application layout (since the action is edit). I need it to use the sessions layout. Can anyone help me figure out how to make that happen?
You should look at this response on different layout for sign_in action in devise, which highlights the Devise docs on How To Create Custom Layouts
Related
I'm currently changing around how my ActiveAdmin interface works so that it integrates both attr_accessible items and CanCan. In some of my models I have a specific controller action for the Submit button on the form such as
= f.actions do
= f.action :submit, label: 'Update Password'
And in that Update Password method I am able to do the update_attributes(*,as: #admin_user.role.name.to_sym) where #admin_user is the current admin user. This allows only admin users with the permitted role to update their password.
The problem I have is when ActiveAdmin is doing the generic update, specifically
=f.action :submit
How can I pass options to ActiveAdmin so that when it does the update it will use the specified role? I know that the buttons use Formtasti, and that the :label method is part of that, but I can't seem to find anything about using passing other options.
One option for me is to write an override for the edit method in each of my models, but that kinda defeats the purpose of ActiveAdmin, doesn't it?
Now, my CanCan abilities already have been set so that only certain roles can access certain items. Does this override the attr_accessible items? I know that if the item is not attr_accessible, even if it's manageable in CanCan, will not change via mass-assignment.
What I really need to know is that if I were a hacker, could I inject an update_attributes(params[:whatever], as: :admin) and it would block it because of CanCan's Ability? Is it worth it to have both the item be protected via attr_accessibleand CanCan's Ability class?
ActiveAdmin and SimpleForm do not support the as: [role] feature which I was trying to work with. However, this isn't a problem with strong_parameters in Rails 4 since it's a completely different way of handling mass-assignment.
Also, CanCan does block out any mass-assignment hacks since you can't mass-assign unless you have access to the form, and if you don't have explicit :edit, :update, or :manage permission then you don't have access to the form.
Is there a way to load a view for no confirmed users that login?
Default behaviour is to show a notice: " You have to confirm your account before continuing."
I tried
overrule the sessions#create method of devise checking for current_user.confirmed_at.blank?
in the after_singin_path check for current_user.confirmed_at.blank? and render the view instead
My goal is to render a custom view instead of the notice but cannot hook into the right location. Who knows how to accomplish this? thx!
You can simply copy the code from the devise github and place in your controllers/devise. then change any action or method you want to.
You may also just extend the devise session controller and override any action you want to.
class Abc < Devise::SessionsController
# this just reopens the class.
# Remember classes are never "closed" in ruby!
end
I like the ruby way of solving this, I guess that in your UsersController after a POST request the user will be returned and signed in using the sign_in(Object) helper Devise provides.
Also I suggest using a confirmed boolean instead of timestamp.
Why not check for the value using an if else statement the ruby way:
user.confirmed ? sign_in(user) : render :partial => 'path/partial'
Hope this might help you out
This question already has answers here:
Devise being logged out on post to different route
(2 answers)
Closed 2 years ago.
I am currently having an issue with Devise where before_filter :authenticate_user! always asks the user to sign in even if he has already signed in
I have an index page where users can login. Once logged in the user can click a button that takes him to another view. On that view he can issue commands to a Controller that has a before_filter :authenticate_user! setup. It looks like the filter is always redirecting the user to the sign in page
Could I be using devise in a wrong way ? I haven't customized anything yet, just using it out of the box. Does the user have to select the remember me option even if he is navigating between controllers in the same application ? Could there be a problem with how the session is persisted ?
Rails : '3.0.10'
Devise : '1.4.3'
Edit: This problem happens even with remember me ticked.
Thanks.
Devise uses session cookies. Does your browser allow cookies?
My Rails3 app uses Devise for authentication.
Just after clicking the "log in" button, I want each user to be routed to a given document (id of this document is stored in database, changes often).
Is there a best-practice to handle this in Rails3?
I see two options:
Create a single huge page, which checks the database and renders the appropriate document accordingly.
In app/controllers/application_controller.rb, check the database and route accordingly to the right document.
Which is best? Any smarter idea?
You could override the after_sign_in_path_for hook in your login controller (or application controller) to be something like:
def after_sign_in_path_for(resource_or_scope)
if resource_or_scope.is_a?(User)
#Whatever url you need to here
else
super
end
end
and that should do the trick.
Greetings all, newbie to Rails here. I'm currently having issues routing /profile to the current user's profile.
My route is as follows:
match "profile" => "users#show"
However, this is hitting me with the "Couldn't find User without an ID" error. I know it has to do with my show method in the Users Controller. That code is simply:
def show
#user = User.find(params[:id])
end
Now, I could add another method in my Users controller with "#user = current_user" and it works fine. However, it seems a bit redundant and would also require a copy of the show view page. From what I've gathered with Rails, it's all about keeping things neat and tidy.
I would appreciate it if someone could point me in the right direction. Thank you.
RailsGuides states:
Because you might want to use the same controller for a singular route (/account) and a plural route (/accounts/45), singular resources map to plural controllers.
So I think you want to change your code to be the following
def show
#user = !params[:id].nil? ? User.find(params[:id]) : current_user
end