token authentication does not log out existing user #1644

Closed
ericmnel opened this Issue Feb 13, 2012 · 6 comments

6 participants

@ericmnel

If you are authenticated as user A on a web browser session, and then click a token authentication link for user B, it keeps you logged in as user A.

In order to get the token authentication link to work you have to be logged out manually, it does not automatically log out user A and log in user B.

@josevalim
Plataformatec member

Yes, the token authentication does not even get to be validated if the user is already signed in. If this is the scenario you want, you should probably create your own authentication entry point or manage the token by yourself.

@josevalim josevalim closed this Feb 13, 2012
@ericmnel

This is how I dealt with it, in case anybody else needs to have a token authentication that will log out existing users
before logging in with the token:

def token_login
token = params[:token]

  if token == nil
     ERROR_LOG.create "Missing parameter \'token\'"
     redirect_to root_path
  else
     case
     when current_login == nil
        INFO_LOG.create "Token login without current login"
     when current_login.authentication_token == token
        INFO_LOG.create "Token login, already logged in"
        redirect_to root_path
        return
     else
        INFO_LOG.create "Token login, signing out current login #{current_login.email}"
        sign_out current_login
     end

     redirect_to "#{root_path(:auth_token => token)}"
  end

end

@seanrucker

I had the same need as @ericmnel and solved it by adding a before_filter to the application controller:

def sign_out_if_token_present
  if params[:auth_token].present? and (params[:auth_token] != current_user.authentication_token)
    sign_out current_user
  end
end
@DouweM

Thanks @seanrucker!

@link82

Thank you! I was having the same problem 👍

@robotfelix

Simple and effective solution - thanks @seanrucker!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment