Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

authenticate_user! ignores routes #2199

Closed
sentient06 opened this Issue · 4 comments

4 participants

@sentient06

I am using a model with the name 'admin' and in the controllers I add this line to the top:

before_filter :authenticate_admin!, :except => [:show, :index]

In routes I added the following:

devise_scope :admin do
get "/login" => "devise/sessions#new"
get "/logout" => "devise/sessions#destroy" # should be 'delete'
end

Devise redirects me to the address: http://localhost:3000/admins/sign_in

Hence, it breaks all links in the page, which are trying to reach an 'admins' controller.

@lucasmazza
Owner

Can you please provide a sample application that reproduces the error?

@josevalim josevalim closed this
@sentient06

Hello, forget about the last phrase in my previous post. But the redirection is still the same.

Well, it is simple...

$ rails new blog
$ cd blog/
$ subl Gemfile # Insert devise gem in Gemfile
$ rails g scaffold Post title:string body:text
$ bundle
$ rails generate devise Admin
$ rake db:migrate
$ rm ./public/index.html
$ subl ./config/routes.rb

Insert this:

devise_scope :admin do
get "/login" => "devise/sessions#new"
get "/logout" => "devise/sessions#destroy"
end

Adding this to controllers:

before_filter :authenticate_admin!, :except => [:show, :index]

Now, insert an user, login, post something there, logout and try to access the http://localhost:3000/posts/1/edit to be prompted for password.

It works, but I would rather get it redirected to "login" than "sessions_new". Is there any option to get the value I defined in the routes file?

@josevalim
Owner

What do you mean about redirecting to sessions_new? What is sessions_new?

@josevalim josevalim reopened this
@latortuga

From the wiki

Note that you can skip all sessions routes and define only your own using the skip option as below:

devise_for :users, :skip => [:sessions]
as :user do
  get 'signin' => 'devise/sessions#new', :as => :new_user_session
  post 'signin' => 'devise/sessions#create', :as => :user_session
  delete 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session
end

This way :authenticate_user! and other helpers will be redirecting the user to the proper custom pages you defined.

@josevalim josevalim closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.