recall method is not being called in warden.authenticate!

[lcguida]

Hi,

I searched around, posted in stackoverflow, but I got no solution so far.

I'm trying to give a custom json response in case of failed login. I want the json to be in this format:

{success: false, errors: [<error_message>]}

So I overrode the SessionsContoller, as following:

class SessionsController < Devise::SessionsController
  respond_to :json

  def create 
    self.resource = warden.authenticate!(auth_options)
    sign_in(resource_name, resource)
    render json: { :success => true }, status: 200
  end

  def failure   
    warden.custom_failure!
    render json: { success: false, errors: ["Login Credentials Failed"] }, status: 401
  end

  protected
  def auth_options
    {:scope => resource_name, :recall => "#{controller_path}#failure"}
  end
end

routes.rb:

devise_for :users, controllers: {sessions: 'sessions'}

devise.rb:

config.navigational_formats = ["*/*", :html, :json]

Login is working just fine, I'm just not being able to override the failure response. I'm just posting this here to check if it's not a bug, since this same code is presented in various blog posts in the internet.

[lucasmazza]

Can you please provide a sample application that reproduces the error?

[lcguida]

Hi @lucasmazza

Here is the sample app: https://github.com/lcguida/devise_teste

There's an existing user:

email: leandro@teste.com
password: 12345678

If you try to login with these credentials you'll receive a console.log with the following json response:

{success: true}

If you use any other credentials, the app should respond with:

{success: false, errors: ["Login Credentials Failed"]}

But instead, is responding with 401 and the default devise message:

{"error":"Invalid email address or password."}

[josevalim]

Recall is invoked just in some situations, it is not supposed to be a generic mechanism. I think it only does so for navigational requests (so it doesn't really work for API requests).

[leofrozenyogurt]

I am having the exact opposite issues ; i cant get the standard devise messages to show

[josevalim]

I am closing this. As said previously, recall is not invoked for API requests, only for navigational ones. If you want to customise the http status code, you will have better luck doing so at the failure app level.

[josevalim]

@leofrozenyogurt feel free to open up an issue for the problem you are seeing. Please include as much information as possible to reproduce the issue!

[reconstructions]

Wow, looking at the Devise session_controller.rb I can see why skinny controller/fat model is so important. The Rails 4 (or even Rails 3) way, it should be question of specifying a format and you're done. All this logic should be in the model. That it is so hard to override this controller to implement AJAX login (which should be standard Devise by now in any case) shows why. Scary to consider that overriding the other controllers to get AJAX in the rest of the framework will probably be just as hard...