adamniedzielski/tiddle

Cannot authenticate

Closed this issue · 2 comments

chrise86 commented

Given a sessions controller:

class Api::V1::SessionsController < Devise::SessionsController
  protect_from_forgery with: :null_session
  skip_before_action :verify_authenticity_token
  respond_to :json

  def create
    user = warden.authenticate!(auth_options)
    token = Tiddle.create_and_return_token(user, request)
    render json: { authentication_token: token }
  end

  def destroy
    Tiddle.expire_token(current_user, request) if current_user
    render json: {}
  end

  private

  # this is invoked before destroy and we have to override it
  def verify_signed_out_user
  end
end

routes:

Rails.application.routes.draw do
  namespace :api, defaults: { format: :json } do
    scope module: :v1, constraints: ApiConstraints.new(version: 1, default: :true) do
      devise_for :users, path_names: {
        sign_in: 'login', sign_out: 'logout', sign_up: 'register' },
        controllers: { registrations: 'api/v1/registrations', sessions: 'api/v1/sessions' }
    end
  end
end

Sending a post request to /api/users/login only results in:

{
  "error": "You need to sign in or sign up before continuing."
}

The log says:

Started POST "/api/users/login" for 127.0.0.1 at 2015-11-19 00:21:36 +0000
Processing by Api::V1::SessionsController#create as JSON
  Parameters: {"user"=>{"email"=>"[FILTERED]", "password"=>"[FILTERED]"}}
Completed 401 Unauthorized in 2ms (ActiveRecord: 0.0ms)

Using:

ruby  2.2.3p173
rails 4.2.4
tiddle 0.5.1
devise  3.5.2

I've also tried config.middleware.delete ActionDispatch::Session::CookieStore and using reset_session in a before_action. This is in an app where I am also allowing web access so will need to keep the cookie store middleware, but even removing it did not solve this issue.

Any ideas?

chrise86 commented

Turns out the namespace was affecting the user resource name, so I changed the authenticate line to the following:

user = warden.authenticate!(auth_options.merge(scope: :user))
  • 👍1
adamniedzielski commented

That's great that you managed to sort it out! I believe it's the application-specific problem, not related to Tiddle.

https://github.com/plataformatec/devise/blob/d22ac4a4fb304ea93c728efe955535cb6b8b6a86/app/controllers/devise/sessions_controller.rb#L17

This line didn't change since I prepared the examples.