Closed scouttyg closed 10 years ago
Some time ago, Devise got rid of their module "Token Authenticatable" (see here: https://github.com/plataformatec/devise/issues/2616). The issue is, Kandan relies on the authentication_token to keep track of users connecting / disconnecting. See:
faye.js.coffee:
authExtension = {
outgoing: (message, callback)->
if message.channel == "/meta/subscribe"
message['ext'] = {
auth_token: Kandan.Helpers.Users.currentUser().auth_token
}
callback(message)
}
Kandan.Helpers.Users.currentUser()
checks $.data(document, 'current-user'), which is added in application.html.erb as:
<%- if user_signed_in? %>
<%= javascript_tag do %>
$.data(document, "current-user", <%= current_user_data.to_json.html_safe %>);
<% end %>
<%- end %>
Which references Application helper as:
module ApplicationHelper
def current_user_data
current_user_data = {
:id => current_user.id,
:first_name => current_user.first_name,
:last_name => current_user.last_name,
:email => current_user.email,
:username => current_user.username,
:auth_token => current_user.authentication_token,
:gravatar_hash => current_user.gravatar_hash,
:avatar_url => current_user.avatar_url
}
end
end
The issue is, auth_token won't be there for any version of Devise after they removed the Token Authenticatable" module. This means message['ext']
wont contain the auth token, which means in devise_auth.rb:
class DeviseAuth
def incoming(message, callback)
if message['channel'] == "/meta/subscribe"
auth_token = message['ext']['auth_token']
user = User.find_by_authentication_token(auth_token)
if user
ActiveUsers.add(message['clientId'], user) # if not meta_channels?(message['subscription'])
return callback.call(message)
else
message['error'] = "Invalid auth token"
end
end
# puts "Message: #{message.inspect}"
callback.call(message)
end
# def meta_channels?(channel)
#if ("/app/activities" =~ /\/app\/.*/ || "/app/activities" =~ /\/app\/.*/
# end
#TODO disable publishing by users or use only user-published msgs
end
It wont add a user to Active Users because message['ext']['auth_token']
wont be there, which means `User.find_by_authentication_token(nil)
will cause a bunch of issues. This means you won't get a message that a user has connected when they have, you won't have an active user list, and a whole bunch of quirky behavior.
This pull request fixes issue #270