New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
401 unauthorized errors for Session#destroy action #76
Comments
Hi @shedd About the question on SO that you referred to: I had no SO account and I'm not authorized by SO to comment just after registering, but I wonder: isn't ukson forgetting to provide the You setup is more complex, and I'll take a closer look at it as soon as I can. If you can, try speaking with ukson! |
@gonzalo-bulnes nice spot! Yep, I think you're right about the SO question. I replied giving your tip: http://stackoverflow.com/questions/24092791/ruby-on-rails-curl-delete-token-authentication/24394116#24394116 Let me know if you have any thoughts on what my issue is. I am passing the email and the token and it works everywhere else, just not Session#destroy Thanks in advance! |
Hey @gonzalo-bulnes - any thoughts on why this isn't working? Thanks so much! |
Hi @shedd, I'm sorry I haven't correctly looked at your issue. I'll make my best to do it tomorrow morning. Thanks for your patience! |
@gonzalo-bulnes sorry to pull this back up again, but we're still having issues with this. Just wondering if you have any ideas? |
Sorry @shedd, I kind of forgot your issue : / One question: why do you add the |
The namespace could have introduced unexpected behaviour, but since you mention that token authentication is behaving well otherwise, I guess the |
@gonzalo-bulnes hey, thanks for the response! It looks like I had made some changes since when I originally posted this in June. My API controller now only has:
And I'm doing this filtering in the Sessions controller:
I've updated the sample code above. So I think the confusion about the Still getting 401s from my tests, though. And yes, the namespacing seems to be working fine. |
Ok, I figured out what I was missing. The sample code that I based this login/logout controller on had this class definition:
When I was going through this again, I thought that seemed a bit off - using the Registrations controller for login and logout? Amazingly, this actually worked, though - for login anyway. Looking at the Devise code, I decided to try this:
As long as I did a But there was still no current_user in the scope of the Then it struck me - it should be Changing that fixed the problem. Now I have:
Sorry, this was my mistake. Thanks for the help! |
Nice, I'm glad the discussion gave you an occasion to take a different look at the code. Thanks for the details about your setup too! I'm planning to document some interesting use cases, and your experience is very helpful. Regards! |
I'm running into an issue where Login via a JSON API using Simple Token Auth works, token authentication works, but I am always getting 401 authentication issues with the logout call.
I'm working on a couple of Rspec tests to demonstrate the issue. The authentication via token works every where else (test suite and in real life). It's just logout where I constantly get a 401.
I have Devise configured to accept logout via GET (rather than DELETE). Otherwise, my issue sounds similar to this recent, unanswered thread: http://stackoverflow.com/questions/24092791/ruby-on-rails-curl-delete-token-authentication
Does this sound like a Devise issue or a Simple Token Auth issue?
Two failing test cases are below.
Any and all thoughts would be greatly appreciated!
app/controllers/api/v1/api_controller.rb
app/controllers/api/v1/sessions_controller.rb
config/routes.rb
spec/controllers/api/v1/sessions_controller_spec.rb
The text was updated successfully, but these errors were encountered: