Auth headers missing on successful sign in response for multiple models

lynndylanhurley / devise_token_auth

Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.

Do What The F*ck You Want To Public License

3.54k stars 1.13k forks source link

Auth headers missing on successful sign in response for multiple models #1165

Open sumit20rai opened 6 years ago

sumit20rai commented 6 years ago

I have setup devise_token_auth for multiple models( User and Admin). I am getting auth header for User sign in but not for admin sign in.

devise (4.4.3)
devise_token_auth (0.1.43) 
active_model_serializers `(0.10.7)

class User < ActiveRecord::Base
      devise :database_authenticatable, :registerable,  :recoverable, :trackable, :validatable, authentication_keys: [:mobile_number]
      include DeviseTokenAuth::Concerns::User
end

class Admin < ActiveRecord::Base
     devise :database_authenticatable, :registerable,  :recoverable, :trackable, :validatable

     include DeviseTokenAuth::Concerns::User
end

I also checked the @resource.valid? for Admin login and it is coming true. Any help guys?

MaicolBen commented 6 years ago

@sumit20rai what do you mean by response.valid? ?

sumit20rai commented 6 years ago

@MaicolBen sorry it was typo, i meant when i did @resource.valid?, it is coming true, so i don't have any validation errors also.

MaicolBen commented 6 years ago

Weird, maybe the problem is the same as #1159. But you can log in with one model but not the other. I need to do further investigation

amrani commented 6 years ago

@sumit20rai, this might be caused by the default serialization_scope of current_user. When json is rendered from the sessions_controller, for instance, it will call the helper method current_user which will then wipe the access tokens if the mapping is incorrect.

I would be interested to see if this is your case. Can you check if you are calling the current_user helper method when you attempt to sign in as an admin?

# lib/devise_token_auth/controllers/helpers.rb
def current_#{mapping}
  binding.pry
  puts __method__
  ...
end

bettysteger commented 6 years ago

I've got the same problem as @sumit20rai described, did anyone have found a solution?

bettysteger commented 6 years ago

ok, i don't know if this is the right way to fix this, but I did this, and it works:

class ApplicationController < ActionController::API
  include DeviseTokenAuth::Concerns::SetUserByToken

  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  # Extend sign_up parameters
  # @see https://github.com/plataformatec/devise#strong-parameters
  def configure_permitted_parameters
    self.class.serialization_scope :view_context

    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
  end
end

setting the serialization_scope for devise controllers to :view_context!

anklos commented 5 years ago

@Amrani I am using multi model and having the same problem. I can confirm that it calls the current_user helper while I try to sign in as admin

anklos commented 5 years ago

@lpsBetty it works for me too. thanks for sharing!