search

lynndylanhurley / devise_token_auth

Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.
Do What The F*ck You Want To Public License
3.54k stars 1.13k forks source link

devise_token_auth routes does not stay within scope or namespace, overrides devise routes #1299

Open adamrparsons opened 5 years ago

adamrparsons commented 5 years ago

Hello,

When adding devise_token_auth into an existing rails + devise setup, we found it necessary to put devise_token_auth and the associated api into a namespace, in a similar approach to what jotolo did here:

https://github.com/lynndylanhurley/devise_token_auth/issues/120#issuecomment-300178663

Our implementation was as follows:

 namespace :api, defaults: {format: 'json'} do
    scope :v1 do
      mount_devise_token_auth_for 'User', at: 'auth', skip: [ :verify_authenticity_token ]
      resources :items, only: [:index, :show, :create]
    end
  end

We've gotten this to work for the most part, but rather troubling is that by mounting devise in this namespace, we expect the paths/urls to be contained to this namespace /api/v1 but instead devise_token_auth overrides devise's regular routes with its own implementations.

Examples of this is that omniauth implementations broke, forms use the wrong action urls, and accessing protected pages while unauthenticated returns a simpletext page instead of a redirect to login, that devise gives you.

Commenting out the mount_devise line fixes our forms, our omniauth, and everything else

The core of the issue here appears to be that even placing this inside a scoped namespace, devise_token_auth still overrides the root routes anyway.

We're trying to migrate from a server-side-rendered app to a react app with token auth, but this gem overriding devises routes breaks the existing rails app.

jefflyne commented 4 years ago

I'm having the same problem with devise_token_auth breaking my current omniauth implementation. Did you ever find a workaround?

oLeVanNghia commented 4 years ago 
  namespace :api do
    namespace :v1 do
      namespace :admin do

        mount_devise_token_auth_for "Administrator", at: "", controllers: {
         sessions: "api/v1/admin/sessions"
        }
        resources :home, only: :index
      end
    end
  end

The same problem. But below code run.

  namespace :api do
    namespace :v1 do
      namespace :admin do
        resources :home, only:  :index 
        mount_devise_token_auth_for "Administrator", at: "", controllers: {
         sessions: "api/v1/admin/sessions"
        }
      end
    end
  end
f19ps commented 4 years ago

You can override get_redirect_route(devise_mapping) method in OmniauthCallbacksController returning your desired URL.