Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

authenticate_user! ignores routes #2199

sentient06 opened this Issue Jan 4, 2013 · 4 comments


None yet
4 participants

I am using a model with the name 'admin' and in the controllers I add this line to the top:

before_filter :authenticate_admin!, :except => [:show, :index]

In routes I added the following:

devise_scope :admin do
get "/login" => "devise/sessions#new"
get "/logout" => "devise/sessions#destroy" # should be 'delete'

Devise redirects me to the address: http://localhost:3000/admins/sign_in

Hence, it breaks all links in the page, which are trying to reach an 'admins' controller.


lucasmazza commented Jan 5, 2013

Can you please provide a sample application that reproduces the error?

@josevalim josevalim closed this Jan 8, 2013

Hello, forget about the last phrase in my previous post. But the redirection is still the same.

Well, it is simple...

$ rails new blog
$ cd blog/
$ subl Gemfile # Insert devise gem in Gemfile
$ rails g scaffold Post title:string body:text
$ bundle
$ rails generate devise Admin
$ rake db:migrate
$ rm ./public/index.html
$ subl ./config/routes.rb

Insert this:

devise_scope :admin do
get "/login" => "devise/sessions#new"
get "/logout" => "devise/sessions#destroy"

Adding this to controllers:

before_filter :authenticate_admin!, :except => [:show, :index]

Now, insert an user, login, post something there, logout and try to access the http://localhost:3000/posts/1/edit to be prompted for password.

It works, but I would rather get it redirected to "login" than "sessions_new". Is there any option to get the value I defined in the routes file?


josevalim commented Jan 9, 2013

What do you mean about redirecting to sessions_new? What is sessions_new?

@josevalim josevalim reopened this Jan 9, 2013


latortuga commented Jan 9, 2013

From the wiki

Note that you can skip all sessions routes and define only your own using the skip option as below:

devise_for :users, :skip => [:sessions]
as :user do
  get 'signin' => 'devise/sessions#new', :as => :new_user_session
  post 'signin' => 'devise/sessions#create', :as => :user_session
  delete 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session

This way :authenticate_user! and other helpers will be redirecting the user to the proper custom pages you defined.

@josevalim josevalim closed this Jan 11, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment