Skip to content


Subversion checkout URL

You can clone with
Download ZIP


authenticate_user! ignores routes #2199

sentient06 opened this Issue · 4 comments

4 participants


I am using a model with the name 'admin' and in the controllers I add this line to the top:

before_filter :authenticate_admin!, :except => [:show, :index]

In routes I added the following:

devise_scope :admin do
get "/login" => "devise/sessions#new"
get "/logout" => "devise/sessions#destroy" # should be 'delete'

Devise redirects me to the address: http://localhost:3000/admins/sign_in

Hence, it breaks all links in the page, which are trying to reach an 'admins' controller.


Can you please provide a sample application that reproduces the error?

@josevalim josevalim closed this

Hello, forget about the last phrase in my previous post. But the redirection is still the same.

Well, it is simple...

$ rails new blog
$ cd blog/
$ subl Gemfile # Insert devise gem in Gemfile
$ rails g scaffold Post title:string body:text
$ bundle
$ rails generate devise Admin
$ rake db:migrate
$ rm ./public/index.html
$ subl ./config/routes.rb

Insert this:

devise_scope :admin do
get "/login" => "devise/sessions#new"
get "/logout" => "devise/sessions#destroy"

Adding this to controllers:

before_filter :authenticate_admin!, :except => [:show, :index]

Now, insert an user, login, post something there, logout and try to access the http://localhost:3000/posts/1/edit to be prompted for password.

It works, but I would rather get it redirected to "login" than "sessions_new". Is there any option to get the value I defined in the routes file?


What do you mean about redirecting to sessions_new? What is sessions_new?

@josevalim josevalim reopened this

From the wiki

Note that you can skip all sessions routes and define only your own using the skip option as below:

devise_for :users, :skip => [:sessions]
as :user do
  get 'signin' => 'devise/sessions#new', :as => :new_user_session
  post 'signin' => 'devise/sessions#create', :as => :user_session
  delete 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session

This way :authenticate_user! and other helpers will be redirecting the user to the proper custom pages you defined.

@josevalim josevalim closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.