GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
I use warden as authentication system in an API only providing authentication via HTTP_BASIC_AUTH, This patch stops warden from trowing exceptions if there is no session object around.
Hrm, Warden has an option called :store => false that you can pass when setting the user and so on. Maybe you should be using it instead?
@timlawrenz did you have a look at :store => false? does this suit your needs?
Hi, thanks for the replies. I use devise with warden and I have a hard time figuring out where to set the :store option. Could you give me a hint?
So this is a feature Devise should be providing. :) Please open up an issue there there?
If you need this feature asap and cannot wait on Devise release, you can do in your initializer:
def store?; false; end
@timlawrenz see this commit - plataformatec/devise@5a11c65
Facing the same problem. I'm using rails-api + devise . After reading through lib/warden/proxy.rb , it looks like setting store: false will not solve the problem. It's true that set_user obeys the :store option to decide whether to use session or not. But the authenticate method first tries to fetch the user from the session regardless of what store? method of the strategy returns.
Just to make sure, I tried @josevalim 's workaround. Didn't work for me. It works fine with the code in the pull request.
My API don't use session (env['rack.session'] is nil).
But in method "_perform_authentication" it looks for an existing user in the session.
Option ":store => false" is ignored.
So we get error:
NoMethodError: undefined method `' for nil:NilClass
Yes, this makes sense. However, I think that we should return if there is no session only on fetch. If you want to store something in the session, we shouldn't silently fail, a explicit store: false must be given. That said, can someone send a pull request to warden with tests? <3
Not too familiar with warden code, but I'll give this a try
PR #75 solves the issue @galetahub mentioned . Still warden doesn't work without session, see Issue #78 . I'm looking into this now.
Merge pull request #79 from emilsoman/nil-session-logout
Do not throw exception on logout if session is nil. Fixes #78 , #37
@josevalim , since master has been patched with fixes for using warden without session, can you release the gem so devise could use these changes right away ? A lot of people are looking at rails + rails-api for building API's without session, especially after the JS frameworks boom.