Rails CSRF token issue in Angular routes

Question

I am using AngularJS routes with rails. For authencation I am using using Angular Devise directive. I am facing some issue with CSRF token.

User Controller

function userController($scope,$http,$route,$location,Auth,User) {

$scope.login = function(){
  Auth.login($scope.user).then(function(user) {
    User.setCurrentUser(user);
    $location.path("/logout");
  }, function(error) {
    // Authentication failed...
  });
}

$scope.logout = function(){
  Auth.logout().then(function() {
   $location.path("/logout");
  }, function(error) {
    // An error occurred logging out.
  });
}

}

Angular Routes.js

myApp.config(function($routeProvider, $locationProvider) {
  $locationProvider.html5Mode(true);

  $routeProvider
  .when("/login",
    { templateUrl: "/assets/user/login.html",
      controller: "userController" })
  .when("/logout",
    { templateUrl: "/assets/user/logout.html",
      controller: "userController" })
  .otherwise({ redirectTo: "/login" });
});

Templates/login.html

<div>
  <label for="user_email">Email</label><br>
  <input autofocus="autofocus" ng-model="user.email" id="user_email" name="user[email]" type="email" value="">
</div>

<div>
  <label for="user_password">Password</label><br>
  <input autocomplete="off" ng-model="user.password" id="user_password" name="user[password]" type="password">
</div>

<div>
  <input name="commit" type="submit" ng-click="login()" value="Sign in">
</div>

Templates/logout.html

<a href="#" ng-click="logout()"> LOGOUT </a>

When I click on Sign-in button which call login() function with user datas and login was successful , after that logout.html page is rendered using angular routes ($location.path) , if I click on logout button logout.html , it throws following error.

ActionController::InvalidAuthenticityToken

Since the authtoken was already used by login action and its no more valid. I am not sure how to generate new one with IN angularJS , If I refresh the page the logout is working.

This link will help you http://stackoverflow.com/questions/14734243/rails-csrf-protection-angular-js-protect-from-forgery-makes-me-to-log-out-on — Dipak Gupta, Aug 14 '14 at 11:30
@Nitin Verma : Its because of outdated gem , now its started working. Thanks for the URL. — Senthil, Aug 14 '14 at 12:19
Thanks for posting new gem. Would helpful in future. although this gem also listed in some of answer in link. — Dipak Gupta, Aug 14 '14 at 12:23
@NitinVerma: yes , I took it from there only. Thanks again for link. — Senthil, Aug 14 '14 at 12:34

score 1 · Accepted Answer · answered Aug 14 '14 at 12:18

1

I replaced

gem 'ng-rails-csrf'  to gem 'angular_rails_csrf'

It started working , but I am not sure why Angular devise suggested "ng-rails-csrf" , which not refreshing the token. Simply adding 'angular_rails_csrf' did the trick.

answered Aug 14 '14 at 12:18

Senthil

946
1
14
34

Rails CSRF token issue in Angular routes

1 Answers1