Request and response headers: these can be found in the "Network" tab of your browser's web inspector.
Started GET "/auth/sign_in" for ::1 at 2019-07-23 15:48:27 +0200
Processing by DeviseTokenAuth::SessionsController#new as HTML
Filter chain halted as :authenticate_user! rendered or redirected
Completed 401 Unauthorized in 6ms (Views: 0.9ms | ActiveRecord: 0.0ms)
Routes: are you using some crazy namespace, scope, or constraint?
I have a Rails application with an API inside. I can make calls and authenticate with the access-token from the gem devise_auth.
I wanted to add now authentication for web requests. I decided to create two application_controllers to handle the two types of request, web and api.
The two controllers look like this:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user!
end
And for api:
class ApiApplicationController < ActionController::Base
skip_before_action :verify_authenticity_token
include DeviseTokenAuth::Concerns::SetUserByToken
end
The routes look like this:
Rails.application.routes.draw do
devise_for :users, as: 'web'
mount_devise_token_auth_for 'User', at: 'auth'
root to: 'pages#home'
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
namespace :api, defaults: { format: :json } do
namespace :v1 do
resources :trainings, only: [ :index, :show, :create ]
post 'import', to: "trainings#import"
end
end
namespace :admin do
resources :trainings, only: [:index]
resources :users, only: [:index, :show]
end
end
I just added the web prefix to avoid collision with same rails_path.
The controller that I want to access is the admin/users, and it inherites from ApplicationController:
class Admin::UsersController < ApplicationController
before_action :authenticate_user!
I expect to see the normal devise behaviour, which is, seeing the login form in the web.
Unfortunately, the request is received by the AuthTokenController:
Started GET "/auth/sign_in" for ::1 at 2019-07-23 15:37:46 +0200
Processing by DeviseTokenAuth::SessionsController#new as HTML
Filter chain halted as :authenticate_user! rendered or redirected
Completed 401 Unauthorized in 1ms (Views: 0.3ms | ActiveRecord: 0.0ms)
I split up the controller for the web and for api, so that I can play with the protect_from_forgery method etc.
But I don't know how to tell Rails in the Routes, that whenever I do a web request, that it authenticates through the right controller.
admin_users GET /admin/users(.:format) admin/users#index
This controller inherits from
class Admin::UsersController < ApplicationController
before_action :authenticate_user!
And this ApplicationController uses:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user!
end
At no moment I am telling to this request anything about the DeviseAuthToken. I don't know why it takes the request.
My User model is as follows:
# frozen_string_literal: true
class User < ActiveRecord::Base
has_many :trainings
extend Devise::Models
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
include DeviseTokenAuth::Concerns::User
end
When posting issues, please include the following information to speed up the troubleshooting process:
I am using
I have a Rails application with an API inside. I can make calls and authenticate with the
access-token
from thegem devise_auth
.I wanted to add now authentication for web requests. I decided to create two
application_controllers
to handle the two types of request,web
andapi
.The two controllers look like this:
And for
api
:The routes look like this:
I just added the
web
prefix to avoid collision with same rails_path.The controller that I want to access is the
admin/users
, and it inherites fromApplicationController
:When I type in the browser:
http://localhost:3000/admin/users
I expect to see the normal devise behaviour, which is, seeing the login form in the web.
Unfortunately, the request is received by the AuthTokenController:
I split up the controller for the web and for api, so that I can play with the
protect_from_forgery
method etc.But I don't know how to tell Rails in the Routes, that whenever I do a web request, that it authenticates through the right controller.
To sum up, I am hitting following url:
http://localhost:3000/admin/users
Which corresponds to this controller:
This controller inherits from
And this
ApplicationController
uses:At no moment I am telling to this request anything about the
DeviseAuthToken
. I don't know why it takes the request.My User model is as follows: