simple_token_authentication
simple_token_authentication copied to clipboard
gonzalo-bulnes
using with devise but seperate in API controller, no Auth is working.
So given bellow, it is as if the gem is not even installed, all requests are simple going through. No authentication is happening, no 404, no success, no current user is set.
class Api::V1::BaseController < ActionController::API
acts_as_token_authentication_handler_for User, fallback_to_devise: false
end
class User < ApplicationRecord
acts_as_token_authenticatable
devise :database_authenticatable,
:recoverable, :registerable, :validatable
end
All of my requests are going though, even if no auth params are passed? And current_user is not set, even when provided with the user's email and authentication token.
UPDATE
it appears that devise_for :users, has to be in the routes for this setup to work why is this? Other wise I get a.
RuntimeError:
Could not find a valid mapping for #<User
It is undesirable to have a devise_for in the routes, when only basic crud actions are necessary for an api.
So an easy fix is to add this to your routes file.
devise_for :users, controllers: {}, skip: [:sessions, :registrations]
This allows devise and simple token to work with devise, without adding any devise endpoints to your routes.
@ChrisCPO Please close this issue, if the problems is solved.
to remove the default devise routes just skip it
devise_for :users, skip: [:sessions, :registrations, :passwords]
see this https://stackoverflow.com/questions/6734323/how-do-i-remove-the-devise-route-to-sign-up and this https://groups.google.com/forum/#!topic/plataformatec-devise/LlfTuxTBSY8
I'm having this exact same problem with Rails 5.1, devise 4.2.1, and simple_token_authentication 1.15.1. I just can't get it to do any authentication...
I've set my routes.rb:
devise_for :customer_login, skip: [:registrations, :sessions], controllers: {}
My model:
class CustomerLogin < ApplicationRecord
acts_as_token_authenticatable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
In my controller I've tried both
acts_as_token_authentication_handler_for CustomerLogin, fallback: :none
and
acts_as_token_authentication_handler_for CustomerLogin, fallback_to_devise: false
I don't get what's happening...
Nevermind, I worked it out.
Since my model is not User, but CustomerLogin, that means I need to pass the credentials as customer_login_email and customer_login_token. I was using user_email and user_token as per the documentation, and not realising it needed to match the name of the model.
Also, I really should have had fallback: :exception - again, not understanding what the fallback option did.
All good now...
This bug keeps happening to me whenever I reload my code. WHat's weird is that it happens only on some endpoints.
In my app I have both ApplicationController rendering ActionViews and API Controllers rendering json using simple token auth
When I restart the server the requests go fine until there's a reload triggered by code change. It then keep spamming with "Could not find a valid mapping"... and I do not even understand where it comes from and how I can get a backtrace
Hi @ChrisCPO,
Setting up Devise, not only installing it is necessary to set up Simple Token Authentication. That includes having devise_for in your routes.
That was the meaning of First install Devise and configure it with any modules you want [...] in the usage instructions (source).
It seems you're not the only one to have been confused by this (doesn't happen much, but certainly does from time to time). If you can think of what wording would have made things clearer, I'm open to suggestions to improve that part in a future release : )
@gonzalo-bulnes
So I am as well attempting to use Devise and its baked in functionality for my rails web application. However, I'm also trying to implement API functionality for mobile consumption using simple_token_authentication. I have some things occurring that either is a result to my misunderstanding/poor implementation(most likely the case) or simple_token_authentication not functioning properly.
routes.rb
Rails.application.routes.draw do
devise_for :users
devise_scope :user do
unauthenticated do
root to: 'devise/sessions#new', as: :unauthenticated_root
end
authenticated do
root to: 'dashboard#home', as: :authenticated_root
end
end
# API
namespace :api do
namespace :v1 do
devise_for :users, controllers: {}, skip: [:sessions, :registrations, :passwords]
resources :users, only: [:index, :create, :show, :update, :destroy]
resources :sessions, only: [:create, :destroy]
end
end
end
app/controllers/api/v1/base_controller.rb
class Api::V1::BaseController < ActionController::API
acts_as_token_authentication_handler_for User, fallback: :exception
respond_to :json
end
app/models/user.rb
class User < ApplicationRecord
# Token Authenticable
acts_as_token_authenticatable
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
Some issues I'm seeing:
- I can login via the web-browser and then hit my api endpoint
http://localhost:3000/api/v1/users/1successfully. - Using
Postmanworks as intended by responding with or without the requested action depending on ifX-User-Tokenis present and correct. BUT, when it is NOT present I get the following response:
It is responding with Devise devise/sessions#new action.
I thought that by having a fallback: :exception this would prevent Devise to respond back when trying to access api routes? I also added devise_for :users, controllers: {}, skip: [:sessions, :registrations, :passwords] to my api namespace routes but that doesn't really seem to change or fix anything. Any direction on how I can adjust this appropriately would be greatly appreciated.
PS: sorry if this is an inappropriate place to be asking such question.
@gonzalo-bulnes Did you manage to solve this problem? I check everywhere seem like everyone try to avoid answer this question.
