search

zooniverse / scribeAPI

scribe API
MIT License
79 stars 25 forks source link

set up devise for local auth #577

Open gr- opened 8 years ago

gr- commented 8 years ago

I can not make up my mind with the way of activating local registration, i.e. having an extra auth method to google/facebook/zooniverse. It looks like the job has already been done (setting up devise, generating views, etc.) but I cannot make it up and running. Help would be appreciated. Thanks folks!

lizadaly commented 8 years ago

I just did this myself:

/users/sign_up/ should let you create an account locally, but the default template will probably redirect you to the React app, rather than giving you a Rails-backed signup page. I made a change to app/controllers/registrations_controller.rb to use the admin template rather than the public site template:

class RegistrationsController < Devise::RegistrationsController
  layout "admin"  # LD: Force use of the admin layout to render this rather than override with React

  before_filter :update_sanitized_params, if: :devise_controller?

  def update_sanitized_params
    devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email, :password, :password_confirmation)}
    devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:name, :email, :password, :password_confirmation, :current_password)}
  end

end

Once I enabled that I was able to log in with my locally-created account.

gr- commented 8 years ago

Very efficient tricks, thanks for sharing it ! I also found my own way to this issue : adding a fake local provider to oauth and following with the current authentication logic. I used oauth-identity and applied the method given here with few patches to match the actual architecture.

Disclaimer : I don't know all those technologies and many things are auto-magic for me (!) so I practice do-to-learn approach and then I often go the wrong way.

EDIT: I finally adopted your "way of devise", liza, since I've been stuck with pwd recovery and all that nice features that devise provides w/o any single line of code ! Anyway, I ultimately found that the authentication works very smoothly as soon as I delete the sessions_controller.rb file ! As far as I understand, it confuses oauth with multiple redirections. There is even no requirement for adding the layout statement in the RegistrationsController class, if I add devise.html.erb layout. I also suggest to generate all the devise views

rails generate devise:views

to customize them at will. To complete the patch, it suffices to remove the devise's sessions route in routes.rb and to add a couple of lines into the renderLoginOptions function of the app/assets/javascripts/components/login.cjx file, in order to propose the /users/sign_in link in the main header.

Hope it can help.

lizadaly commented 8 years ago

I ended up doing exactly what you did, including generating the devise views to customize them.