search

stsc3000 / actioncable-chat

14 stars 10 forks source link

application and actioncable won't share cookie #1

Open bassie97 opened 8 years ago

bassie97 commented 8 years ago

I am using devise for authentication, but when I implemented your method I got "An unauthorized connection attempt was rejected"

After hours of searching I found out that:

   cookies.signed['user.id']

returns nil. In the following code block.

    def find_verified_user
      if verified_user = User.find_by(id: cookies.signed['user.id'])
        verified_user
      else
        reject_unauthorized_connection
      end
    end

I checked and there is definitely a cookie but it does not contain the cookie data set by Devise.

To check if the 'user.id' actually is set I raise it in the view. This, as excepted, return the user id

Signed in as @#{cookies.signed[:username]}.
- raise(cookies.signed['user.id'].inspect)
%br/
%br/
#messages
%br/
%br/
= form_for :message, url: messages_path, remote: true, id: 'messages-form' do |f|
  = f.label :body, 'Enter a message:'
  %br/
  = f.text_field :body
  %br/
  = f.submit 'Send message'

My question/issue: It seems like the cookie is not available at the actioncable server. Is there a way to share the cookie set by Devise with the cable server?

stsc3000 commented 8 years ago

Hi, the devise cookie should be available but the plumbing required to make it available in cookies.signed is not done by actioncable automatically. I haven't tried this, but http://www.rubytutorial.io/actioncable-devise-authentication/ might be a solution for your issue. Sorry for the late reply.

mark-d-holmberg commented 6 years ago

What about in the case where you have an SSO situation? For example, you have an SSO auth server which is running ActionCable, and a suite of children apps that point their ActionCable to the location of the SSO ActionCable endpoint? I've been trying this lately to add a warden hook to share the cookies, changing session_store.rb to add domain: 'lvh.me', tld_length: 2. I notice if I do a binding.pry in the controller for the SSO app and a binding.pry in the dashboard controller for the child app that the cookies are set indeed, but ActionCable still doesn't pick it up. Any ideas?