Keep getting 401 Unauthorized
Belibaste opened this issue · 4 comments
Hi,
First, thank you for this gem.
I tried to make it work in my app, with no chance. I have an old User
model working with Devise and classical database_authenticable. Now I need a new type of user, SupplierUser
, which I need them to use the kind of authentication this gem provide. But I keep getting 401 Unauthorized with this model.
I tried the debug, but at one point in Warden, I don't understand what is happening. Everything (Rails, Devise, etc) is up to date. I don't do anything fancy with Devise, very classical User
.
Here is the relevant part of the code in routes.rb
root :to => redirect('/users/sign_in')
devise_for :users
get '/users/sign_out' => 'devise/sessions#destroy'
resources :users, :controller => "users"
devise_for :supplier_users, controllers: { sessions: "devise/passwordless/sessions" }
devise_scope :supplier_user do
get "/supplier_users/magic_link",
to: "devise/passwordless/magic_links#show",
as: "supplier_users_magic_link"
end
resources :supplier_users
The devise views are scoped.
Sorry for the lack of information, I really don't know what else I could give.
Thank you for your help :-)
Thank you for your answer. This morning, with clear eyes and full heart, I find what the problem was. I did everything good, the gem's doc is pretty clear.
My problem was with Devise configuration. The authentication_keys
was set on :username
. Obviously, with this gem, you need to set it on :email
. It can be set per model, so you don't have to change your existing model, like devise :magic_link_authenticatable, :rememberable, authentication_keys: [:email]
Ah, interesting - thank you for sharing the solution to your problem. I confess I had forgotten that config option until now.
Another option for you, if you wanted to keep your :username
param to allow magic links generated via username, I think you could override find_for_magic_link_authentication
in your model to do a username lookup, in the same way this Devise wiki guide suggests overriding find_for_database_authentication
for the database authenticatable strategy.
Apologies if the 401 Unauthorized made it difficult for you to debug. I've run into the same problem, and as you discovered it's being raised from deep within Warden and I'm not sure how to coax it into providing a better error than that at the moment.
Thank you for your feedback. I thought of override this method. But in my use case, and more generally for this type of authentication mecanism, I think it is better to use email as authentication key as it is a lot easier for the user to remind his email address.
Also, I think the 401 coming from Warden is fine. I wanted to put my "solution" here for other developer who might have the same problem.
Again, thank you for this gem :-)