Skip to content
This repository

Devise Returns 401 Unauthorized status when in development mode using token_authenticatable. #1546

Closed
gbluv opened this Issue · 13 comments

2 participants

gbluv José Valim
gbluv

Hi,

This are my gem versions:

rails 3.1.1 warden-1.1.0 devise-1.5.3 orm_adapter-0.0.5

I am running app using apache and passenger:

Server: Apache/2.2.20 (Unix) DAV/2 PHP/5.3.6 with Suhosin-Patch mod_jk/1.2.32 Phusion_Passenger/3.0.9
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.9

This is the curl example:

curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X POST http://test.com/confirmations \
-d '{"auth_token": "auth_token", "plan": {"text": "some confirmation text", "description":"created via curl"}}'

I am seeing further described behavior only in DEVELOPMENT mode.

First time after restart rails returns 401 Unauthorized status with this json:

{"error":"You need to sign in or sign up before continuing."}

However all of the consecutive calls work fine.

I've also noticed that on every request I get the WARNING: Can't verify CSRF token authenticity
I am intending to use parts of the application as an api there for I won't be able to pass csrf tokens to the user. Also, I've tried removing protect_from_forgery but the behavior remained.

Hope this helps.

Sincerely,

Greg Bluvshteyn

José Valim
Owner

Thanks but can you provide a way to reproduce the issue? Maybe pushing a sample app to github.

gbluv

Hi Jose,

Thanks for reply, you can find repo here: https://github.com/gbluv/devise_test I've add more explanation in Readme file

José Valim
Owner

Awesome! One last thing, can you provide some seed data in db/seeds that will allow me to do the same CURL requests and get the same as you? Or you can simply check-in your sqlite3 database (assuming there is no important data in there).

Another question, does this problem happens only with passenger? Which Rails environment are you using? dev?

gbluv
José Valim
Owner

Well, if I don't have any data in my db it would always fail, right? :)

Anyway, I will give it try. I don't have passenger in hand though, so I will try to reproduce it with webrick.

gbluv
José Valim
Owner

Reproduced it. :)

gbluv
José Valim
Owner

This turned out to be a Rails issue, fixed here: rails/rails@0db9394

José Valim
Owner

Thanks a lot for your help and for providing a way to reproduce the error!

gbluv
José Valim
Owner
gbluv
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.