warden | 易学教程

Warden not accessing the database (Devise)

阅读更多关于 Warden not accessing the database (Devise)

问题 Rails 3.2. Hi. Currently out app has an authentication system implemented that we did and we are going to migrate to devise. I am at wits end here trying to get the devise log in to work. Somehow I have drilled down the problem to the part where Devise actually creates a user session. def create self.resource = warden.authenticate!(auth_options) set_flash_message(:notice, :signed_in) if is_flashing_format? sign_in(resource_name, resource) yield resource if block_given? respond_with resource,

rails 3 warden NameError (uncaught throw `warden'):

阅读更多关于 rails 3 warden NameError (uncaught throw `warden'):

问题 this is how it should work: I log in to the admin panel, go to cars/new and fill up the fields, press create and I should have a new car in my list. www.autozeep.com the thing is that it goes ok until I press the Create button to create the new car, server logs shows this: NameError (uncaught throw `warden'): app/controllers/application_controller.rb:9:in `login_required' app/middleware/flash_session_cookie_middleware.rb:17:in `call' in the development mode this is working fine, on the server

Devise ignore my custom strategy

阅读更多关于 Devise ignore my custom strategy

问题 I want to create a custom auth strategy for accessing the API. I followed the example code at Devise ignoring custom strategy. The problem is that the valid? method in my Api strategy is never run (based on trying to pry in it). My code: module Devise module Strategies class Api < Devise::Strategies::Base def valid? binding.pry params[:request_source] == 'api' end def authenticate! #do stuff here if user success!(user) else warden.custom_failure! render :json=> {:success=>false, :message=>

Devise: Have multiple controllers handle user sessions

阅读更多关于 Devise: Have multiple controllers handle user sessions

问题 I am running devise 1.3.4 with rails 3.0.7. I have two ways users may sign in: using the web app, and using a mobile web app (via a JSON API call). The first way is handled perfectly by the default devise sessions controller. The API-call method of authentication needs to be in a controller that extends my Api::BaseController . So, I wrote this second controller like this: class Api::UserSessionsController < Api::BaseController … def create user = warden.authenticate(:scope => :user) if user

Undelete acts_as_paranoid deleted user on devise sign in

阅读更多关于 Undelete acts_as_paranoid deleted user on devise sign in

问题 I have a Rails 3.1.3 app which uses devise for users authentication and soft-deletes them with acts_as_paranoid . I want the accounts to be undeleted upon password recreation, user sign up and user sign in, so if they provide a deleted email, I grab that account, make it live again, and then continue with the action (password recreation, or sign in). But in the Users::SessionsController#create action, after undeletion of the user it gets an Unauthorized error (but the user should now be

Rails/Devise - Determining when user session will expire

阅读更多关于 Rails/Devise - Determining when user session will expire

问题 When using the timeoutable module for Devise, how can one determine how long it will be before the current user's session expires? The goal is to include this value in all responses so client side script can make use of it. I gather that Devise internally uses Warden for authentication, but I haven't found anything that explains how to pull the session expiration time out of the depths of Warden. 回答1: Here is how you do it: class User < ActiveRecord::Base devise :authenticatable, :timeoutable

Rails 3 - Devise redirects to form after sign_in

阅读更多关于 Rails 3 - Devise redirects to form after sign_in

问题 In a blog app I want every user to access a form to post a comment. When the user submit the comment form he is redirected to the Devise sign_in form if is not logged in. before_filter :authenticate_user!, :except => [:index, :show, :new] How could I once the user sign_in, redirect him to the comment form and fill all fields ? Thanks in advance 回答1: If you want to take the user to comment form after every sign in, add in ApplicationController: #after_sign_in_path_for is called by devise def

Accessing session in Sinatra Middleware

阅读更多关于 Accessing session in Sinatra Middleware

问题 I am working on a Sinatra Project and have set some variables in the session for later usage. The scenario for which I need help for is that I want to access the session object in a middleware class. I am using warden for authentication. I want to do something similar below in the Middleware class: class MyMiddleware def initialize(app, options={}) @app = app end def call(env) puts "#{session.inspect}" end end Is there a possibility for doing that? Thoughts? 回答1: You can't use Sinatra's

remember_me with warden

阅读更多关于 remember_me with warden

问题 For my lastest project I'm using https://github.com/hassox/rails_warden. It suits my needs very well except that I can't find a good way to implement remember_me. I know that it's notoriously difficult to get remember_me right from a security point of view so I'm hoping there's a project out there that will do the job. Anyone seen anything or get a good idea? 回答1: Devise, which is an authentication solution on top of Warden, has a rememberable implementation. 回答2: Ok here's how I solved it #

Undelete acts_as_paranoid deleted user on devise sign in

阅读更多关于 Undelete acts_as_paranoid deleted user on devise sign in

I have a Rails 3.1.3 app which uses devise for users authentication and soft-deletes them with acts_as_paranoid . I want the accounts to be undeleted upon password recreation, user sign up and user sign in, so if they provide a deleted email, I grab that account, make it live again, and then continue with the action (password recreation, or sign in). But in the Users::SessionsController#create action, after undeletion of the user it gets an Unauthorized error (but the user should now be visible). The code is: def create # Take into account acts_as_paranoid deleted users resource = resource