Comments (13)
I added this line to my controller which did the trick for me:
include Devise::Controllers::Helpers
from simple_token_authentication.
None of the above works for me.
from simple_token_authentication.
Hello @JeskTop!
Did you install Devise before installing Simple Token Authentication? (It's a requirement because Simple Token Authentication relies on it to authenticate users.)
from simple_token_authentication.
Hi. @gonzalo-bulnes
My rails version is 4.0.4, and I installing Devise 3.2.4
from simple_token_authentication.
@JeskTop when I had this issue, it was because I did not type the correct resource name after acts_as_token_authentication_handler_for
.
The other time this happened was while writing specifications in rspec. As a matter of fact, I just replicated this issue when running rspec. It was not fixed by including the Devise::TestHelpers
. It only seems to happen for me when using rspec.
Are you getting this with rspec by chance?
from simple_token_authentication.
@JeskTop Both gems versions are compatibe with the use of Simple Token Authentication.
The authenticate_user!
method is provided by Devise, maybe you skipped a step from its setup?
Are you able to sign in users?
Oh, did you install Devise for the User
model? If the Devise-enabled model were Admin
(for example), you should ensure the controller acts_as_token_authentication_handler_for Admin
.
from simple_token_authentication.
Hi @nicolo! First of all: could you please re-post your question here? The cause of it , hence the response, may be different, but the issue you're facing is the same. In order to keep the questions easy to browse, I would prefer to keep together all aspects of each strange/confusing/unexpected behaviour, and only separate topics when they clearly diverge.
from simple_token_authentication.
I've read this #67
I've done this
-
config.sign_in_token = false
-
acts_as_token_authentication_handler_for User, fallback_to_devise: false
Once I do this, I'm able to access any controller without any token provided. It's basically like authentication doesn't exist.
If I don't include fallback_to_devise: false, I get undefined method `authenticate_user!' on every request.
I've read this #42
Yes my User model is setup for devise and I've installed devise.
I'm trying to create an app which is purely an API like explained in issue 67. Feels like I'm missing something major. Thanks in advance for any help.
Here are some relevant files that should help with troubleshooting
class User < ActiveRecord::Base
acts_as_token_authenticatable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
protect_from_forgery with: :null_session#, :if => Proc.new { |c| c.request.format == 'application/json' }
acts_as_token_authentication_handler_for User, fallback_to_devise: false
end
SimpleTokenAuthentication.configure do |config|
# Configure the session persistence policy after a successful sign in,
# in other words, if the authentication token acts as a signin token.
# If true, user is stored in the session and the authentication token and
# email may be provided only once.
# If false, users must provide their authentication token and email at every request.
config.sign_in_token = false
# Configure the name of the HTTP headers watched for authentication.
#
# Default header names for a given token authenticatable entity follow the pattern:
# { entity: { authentication_token: 'X-Entity-Token', email: 'X-Entity-Email'} }
#
# When several token authenticatable models are defined, custom header names
# can be specified for none, any, or all of them.
#
# Examples
#
# Given User and SuperAdmin are token authenticatable,
# When the following configuration is used:
# `config.header_names = { super_admin: { authentication_token: 'X-Admin-Auth-Token' } }`
# Then the token authentification handler for User watches the following headers:
# `X-User-Token, X-User-Email`
# And the token authentification handler for SuperAdmin watches the following headers:
# `X-Admin-Auth-Token, X-SuperAdmin-Email`
#
# config.header_names = { user: { authentication_token: 'X-User-Token', email: 'X-User-Email' } }
end
from simple_token_authentication.
@nicolo Now answering your question:
1. The authenticate_user!
method is defined by Devise when you add it to your User
model:
rails generate devise User
Before installing Simple Token Authentication, as a first step, you must make sure that you can authenticate with the default User
and ApplicationController
setup:
# app/models/user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
# Enable authentication with Devise
before_action :authenticate_user!
end
The undefined method: `authenticate_user!' message indicates without doubt that the error, forgotten instruction or misconfiguration occurred within this first step. I know you are sure of having properly set Devise up, but believe me, there is no doubt about that, please give it another chance.
2. Once that solved, I have a few comments about the code you posted:
- Take care with the default comment:
# Prevent CSRF attacks by raising an exception.
: it does not reflect the behaviour of your customprotect_from_forgery with: :null_session
instruction. - In fact, if your application is purely an API, you can either:
- remove completely the CSRF protection:
class ApplicationController < ActionController::Base
# Enable token authentication in a context where there is no CSRF protection
# See https://github.com/gonzalo-bulnes/simple_token_authentication/issues/49
acts_as_token_authentication_handler_for User, fallback_to_devise: false
end
- or enable an API-firendly CSRF protection:
class ApplicationController < ActionController::Base
# Enable CSRF protection for API
# See https://github.com/gonzalo-bulnes/simple_token_authentication/issues/67 and
# http://edgeapi.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
protect_from_forgery with: :null_session
# Enable token authentication in this specific CSRF protection context
acts_as_token_authentication_handler_for User
end
That was a bit long but I hope it helps!
EDIT: Thanks for re-posting your comment, it makes the conversation easier to follow!
from simple_token_authentication.
@gonzalo-bulnes thanks for your help. I appreciate all your work on this gem.
I think I discovered my problem. I did setup Devise correctly, but I then broke things later by tinkering with my routes file. I had moved devise_for users inside my api namespace. It seems like I need to include it within the namespace and outside of it.
*note I added in all the skips for the global devise_for users because I only want to expose those routes within the api
Rails.application.routes.draw do
devise_for :users, :skip => [:sessions, :passwords, :registrations]
scope module: :api, defaults: { format: 'json' } do
namespace :v1 do
devise_for :users
end
end
end
from simple_token_authentication.
Thanks for your feedback @nicolo, I'll close this issue. Don't hesitate to re-open it if you run into the problem again; even if they're not exactly Simple Token Authentication issues, that's always good to keep a trace of the different kind of issues that can occur when using the gem.
Regards!
from simple_token_authentication.
Thanks @nicolo. It works for me too. I put devise_for outside namespace api and worked.
from simple_token_authentication.
Thank you for sharing @amitfriedman12!
from simple_token_authentication.
Related Issues (20)
- Is that gem work with API? HOT 4
- Mongoid does support Rails 6 now/soon HOT 3
- uninitialized constant SimpleTokenAuthentication::Adapters HOT 5
- Gem doesn't protect data?
- separate registration and signin so no token is received by client when registering
- how to auth 2 different models with same alias ?
- acts_as_token_authenticatable causes a DEPRECATION WARNING
- Q: How to do not require user_email? HOT 1
- Getting 401 unauthorized Error
- Where should I store the token on the frontend? HOT 3
- Entering fallback! with token_correct? set to true HOT 1
- 406 Errors on Authentication Test
- The mongoid range of supported versions needs review
- Discussions are set up! HOT 1
- Identify support requests, feature requests in issues and pull requests HOT 1
- Update the contributing guidelines to mention Discussions etc.
- Add (actual) example of maintenance trade-off for discussion HOT 1
- split responsibilities of acts_as_token_authentication_handler_for method HOT 1
- Rails 7 support? HOT 30
- Can we use JWT as a user token?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simple_token_authentication.