has_secure_token rails5 for logging in a user.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

has_secure_token rails5 for logging in a user.

Chris Vukin
Has anyone any thoughts on logging in a user to a rails app after the user logs in via the traditional form mechanism with devise?

My current thought line:

  override devise sessions_controller with a custom method for using user.auth_token object to validate and login the given user if the auth_token is valid.


  attempts:
    utilizing the oAuth2 gem integration for devise as a model i've customized the controller setup from the oAuth2 implementation for google here:


class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def google_oauth2
    # You need to implement the method below in your model (e.g. app/models/user.rb)
    user = User.from_omniauth(request.env["omniauth.auth"])
    if user.persisted?
      sign_in_and_redirect user, notice: "Signed in!"
      else
      redirect_to new_user_registration_url
    end
  end



  def failure
    redirect_to root_path
  end
end


by making my own here:


class Users::AuthTokenController < Devise::SessionsController
  def create
    self.resource = warden.authenticate!(auth_options)
    # You need to implement the method below in your model (e.g. app/models/user.rb)
    user = resource(auth_options)
    if user.persisted?
      sign_in_and_redirect user, notice: "Signed in!"
      else
      redirect_to new_user_registration_url
    end
  end



  def failure
    redirect_to root_path
  end
end



updating the user.rb file to include the auth_token method:

def self.auth_token(auth_token)
    user.auth_token = auth_token
    user.save!
  end


and modifying my devise initializer to allow http_authenticatable to true.


when i do a curl to my app this is the result:

MacBook-Pro:evr_streamws medright1$ curl -IH "Authorization: Token auth_token=a47a8e54b11c4de5a4a351734c80a14a" http://localhost:3000/users/sign_in

HTTP/1.1 200 OK

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

Content-Type: text/html; charset=utf-8

ETag: W/"ba70bfa23607d06dae26fc796ed61e95"

Cache-Control: max-age=0, private, must-revalidate

Set-Cookie: _evr_streamws_session=dThRaUgzSkJTRG9LU2xKcVFVc0M0Y3hFV1EyN3BBR0ZoR1pJYi9vREdEMWtyOWdPMC9nWmEwdDVEQ2YyMlVsSE9tTGZrd3lsS2Z3eWdBano0dUxQUjJ1Z3owYWtIVjZWZWxFSFg3Q0hhR0pZeHhia0lSdmtlb3U1K1NPTVlGaVRodzJiV2lGVFl3dVJqU1EvRWI1MzJBPT0tLWpmS2xCSWQzQ1Y3UUxHZ25nK2Jodmc9PQ%3D%3D--78c347429f29f47e8dfab4ba8ace89abb735aa27; path=/; HttpOnly

X-Request-Id: 41982aa3-de14-42e8-952d-de54b9975390

X-Runtime: 0.212273


and the output from the server logs on the request:

Started DELETE "/users/sign_out" for ::1 at 2017-05-01 11:33:52 -0400

Processing by Devise::SessionsController#destroy as HTML

  Parameters: {"authenticity_token"=>"f4iw8J1pP0khuhWL2RFOaYFSeAiE78CDnEkutxJwuuybKVEO9PKNlJ49O6cO5TA3/EiDX/NFV5RSOCE3yKLgBw=="}

  User Load (0.3ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ?  [["id", 2], ["LIMIT", 1]]

   (0.1ms)  begin transaction

   (0.0ms)  commit transaction

Redirected to http://localhost:3000/

Completed 302 Found in 5ms (ActiveRecord: 0.4ms)



Started GET "/" for ::1 at 2017-05-01 11:33:52 -0400

Processing by HomeController#show as HTML

Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)



Started GET "/users/sign_in" for ::1 at 2017-05-01 11:33:52 -0400

Processing by Devise::SessionsController#new as HTML

  Rendering /Users/medright1/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/devise-4.2.1/app/views/devise/sessions/new.html.erb within layouts/application

  Rendered /Users/medright1/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/devise-4.2.1/app/views/devise/shared/_links.html.erb (1.6ms)

  Rendered /Users/medright1/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/devise-4.2.1/app/views/devise/sessions/new.html.erb within layouts/application (11.3ms)

Completed 200 OK in 156ms (Views: 154.8ms | ActiveRecord: 0.0ms)



Finished "/cable/" [WebSocket] for ::1 at 2017-05-01 11:33:52 -0400

StreamChannel stopped streaming from stream_channel

Started GET "/cable" for ::1 at 2017-05-01 11:33:52 -0400

Started GET "/cable/" [WebSocket] for ::1 at 2017-05-01 11:33:52 -0400

Successfully upgraded to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)

StreamChannel is transmitting the subscription confirmation

StreamChannel is streaming from stream_channel





i'm not being passed as an authenticated user when redirected to the after_signin_path which should be /farms with these credentials.. any thoughts are appreciated as i'm a bit fuzzy on the process for logging in a user via an auth_token.. 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/0520c7f1-9819-41fa-8cfc-9d8ea09e91ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.