search

abevoelker / devise-passwordless

Devise passwordless logins using emailed magic links
MIT License
201 stars 37 forks source link

Keep getting 401 Unauthorized #12

Closed Belibaste closed 2 years ago

Belibaste commented 2 years ago

Hi,

First, thank you for this gem.

I tried to make it work in my app, with no chance. I have an old User model working with Devise and classical database_authenticable. Now I need a new type of user, SupplierUser, which I need them to use the kind of authentication this gem provide. But I keep getting 401 Unauthorized with this model.

I tried the debug, but at one point in Warden, I don't understand what is happening. Everything (Rails, Devise, etc) is up to date. I don't do anything fancy with Devise, very classical User.

Here is the relevant part of the code in routes.rb

  root :to => redirect('/users/sign_in')
  devise_for :users
  get '/users/sign_out' => 'devise/sessions#destroy'
  resources :users, :controller => "users"

  devise_for :supplier_users, controllers: { sessions: "devise/passwordless/sessions" }
  devise_scope :supplier_user do
    get "/supplier_users/magic_link",
      to: "devise/passwordless/magic_links#show",
      as: "supplier_users_magic_link"
  end
  resources :supplier_users

The devise views are scoped.

Sorry for the lack of information, I really don't know what else I could give.

Thank you for your help :-)

abevoelker commented 2 years ago

Hi, and did you run the install generator that adds the magic link and sessions controllers?

On Tue, Dec 7, 2021 at 12:01 PM Teddy Valente @.***> wrote:

Hi,

First, thank you for this gem.

I tried to make it work in my app, with no chance. I have an old User model working with Devise and classical database_authenticable. Now I need a new type of user, SupplierUser, which I need them to use the kind of authentication this gem provide. But I keep getting 401 Unauthorized with this model.

I tried the debug, but at one point in Warden, I don't understand what is happening. Everything (Rails, Devise, etc) is up to date. I don't do anything fancy with Devise, very classical User.

Here is the relevant part of the code in routes.rb

root :to => redirect('/users/sign_in') devise_for :users get '/users/sign_out' => 'devise/sessions#destroy' resources :users, :controller => "users"

devise_for :supplier_users, controllers: { sessions: "devise/passwordless/sessions" } devise_scope :supplier_user do get "/supplier_users/magic_link", to: "devise/passwordless/magic_links#show", as: "supplier_users_magic_link" end resources :supplier_users

The devise views are scoped.

Sorry for the lack of information, I really don't know what else I could give.

Thank you for your help :-)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/abevoelker/devise-passwordless/issues/12, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABFO474JBHLWMRQ2Z3S3BDUPZDW5ANCNFSM5JR3UKEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

Belibaste commented 2 years ago

Thank you for your answer. This morning, with clear eyes and full heart, I find what the problem was. I did everything good, the gem's doc is pretty clear. My problem was with Devise configuration. The authentication_keys was set on :username. Obviously, with this gem, you need to set it on :email. It can be set per model, so you don't have to change your existing model, like devise :magic_link_authenticatable, :rememberable, authentication_keys: [:email]

abevoelker commented 2 years ago

Ah, interesting - thank you for sharing the solution to your problem. I confess I had forgotten that config option until now.

Another option for you, if you wanted to keep your :username param to allow magic links generated via username, I think you could override find_for_magic_link_authentication in your model to do a username lookup, in the same way this Devise wiki guide suggests overriding find_for_database_authentication for the database authenticatable strategy.

Apologies if the 401 Unauthorized made it difficult for you to debug. I've run into the same problem, and as you discovered it's being raised from deep within Warden and I'm not sure how to coax it into providing a better error than that at the moment.

Belibaste commented 2 years ago

Thank you for your feedback. I thought of override this method. But in my use case, and more generally for this type of authentication mecanism, I think it is better to use email as authentication key as it is a lot easier for the user to remind his email address. Also, I think the 401 coming from Warden is fine. I wanted to put my "solution" here for other developer who might have the same problem.

Again, thank you for this gem :-)