devise_token_auth icon indicating copy to clipboard operation
devise_token_auth copied to clipboard

Published 20 hours ago verified publisher icon lynndylanhurley

devise_token_auth routes does not stay within scope or namespace, overrides devise routes

Open adamrparsons opened this issue 6 years ago • 3 comments

Hello,

When adding devise_token_auth into an existing rails + devise setup, we found it necessary to put devise_token_auth and the associated api into a namespace, in a similar approach to what jotolo did here:

https://github.com/lynndylanhurley/devise_token_auth/issues/120#issuecomment-300178663

Our implementation was as follows:

 namespace :api, defaults: {format: 'json'} do
    scope :v1 do
      mount_devise_token_auth_for 'User', at: 'auth', skip: [ :verify_authenticity_token ]
      resources :items, only: [:index, :show, :create]
    end
  end

We've gotten this to work for the most part, but rather troubling is that by mounting devise in this namespace, we expect the paths/urls to be contained to this namespace /api/v1 but instead devise_token_auth overrides devise's regular routes with its own implementations.

Examples of this is that omniauth implementations broke, forms use the wrong action urls, and accessing protected pages while unauthenticated returns a simpletext page instead of a redirect to login, that devise gives you.

Commenting out the mount_devise line fixes our forms, our omniauth, and everything else

The core of the issue here appears to be that even placing this inside a scoped namespace, devise_token_auth still overrides the root routes anyway.

We're trying to migrate from a server-side-rendered app to a react app with token auth, but this gem overriding devises routes breaks the existing rails app.

  • Version: 1.0.0
  • Environmental Info:
    • Gems: Rails, Devise, DeviseTokenAuth, ActiveAdmin
    • Custom Frontend: Existing app is ordinary rails, new app is react-based

adamrparsons avatar Jun 04 '19 09:06 adamrparsons

I'm having the same problem with devise_token_auth breaking my current omniauth implementation. Did you ever find a workaround?

jefflyne avatar Jan 05 '20 22:01 jefflyne 

  namespace :api do
    namespace :v1 do
      namespace :admin do
        
        mount_devise_token_auth_for "Administrator", at: "", controllers: {
         sessions: "api/v1/admin/sessions"
        }
        resources :home, only: :index
      end
    end
  end

The same problem. But below code run.

  namespace :api do
    namespace :v1 do
      namespace :admin do
        resources :home, only:  :index 
        mount_devise_token_auth_for "Administrator", at: "", controllers: {
         sessions: "api/v1/admin/sessions"
        }
      end
    end
  end

oLeVanNghia avatar Feb 04 '20 07:02 oLeVanNghia

You can override get_redirect_route(devise_mapping) method in OmniauthCallbacksController returning your desired URL.

f19ps avatar Sep 01 '20 23:09 f19ps