2

I'm using Angularjs, Rails, devise_token_auth, and ng-token-auth and I'm trying to log in a user from the console.

I don't know how to get the 302 that Tim Santeford mentions in this post.

Is this still applicable in Rails 4 or does a 200 response still mean I did not successfully sign in?

I do the post request mentioned by Brian Deterling and I get:

Started POST "/api/private/auth/sign_in" for 127.0.0.1 at 2016-03-30 13:36:44 -0500
Processing by DeviseTokenAuth::SessionsController#create as JSON
Parameters: {"email"=>"freud@iron.com", "password"=>"[FILTERED]"}
...
(9.9ms)  COMMIT
Completed 200 OK in 361ms (Views: 0.4ms | ActiveRecord: 23.3ms)
=> 200

So it looks like I signed in successfully except for the 200 instead of the 302 response that Tim Santeford mentions.

Then, I do app.session and it looks like it works.

irb(main):026:0> app.session
=> #<ActionDispatch::Request::Session:0x007fe7a1898358 @by=#<ActionDispatch::Session::CookieStore:0x007fe79ed821f0
...
@delegate={"session_id"=>"4346eb0ee9fc8a8e95735d1e3f2adc28"}, @loaded=true, @exists=true>

Then, I do an app.controller.current_user and this looks like it works too.

irb(main):027:0> app.controller.current_user
=> #<User id: 233, provider: "email", uid: "freud@iron.com", encrypted_password: "$2a$10$v2fapiZCH5b5XN.ji57KgOJ0SJfVHzJByYPFpVCeU1j...", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, sign_in_count: 32, current_sign_in_at: "2016-03-30 18:36:44", last_sign_in_at: "2016-03-30 18:01:00", current_sign_in_ip: "127.0.0.1",

But when I enter a protected routed I get

irb(main):029:0> app.get('/api/private/rfqs')
Started GET "/api/private/rfqs" for 127.0.0.1 at 2016-03-30 14:11:21 -0500
Processing by Api::RfqsController#index as JSON
Filter chain halted as :authenticate_user! rendered or redirected
Completed 401 Unauthorized in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms)
=> 401

... and if after this request, I again do an app.session and app.controller.current_user I get

irb(main):030:0> app.session
=> #<ActionDispatch::Request::Session:0x7fe7a1213910 not yet loaded>

irb(main):031:0> app.controller.current_user
=> nil

Can someone please tell me why this is happening?

Community
  • 1
  • 1
Leo Ku
  • 73
  • 2
  • 6

1 Answers1

2

First, you should know that Devise is no longer managing user's session. This why it is advised to use devise_token_auth. Also, since you are using devise_token_auth gem, the answer you refer is not a good candidate to provide you with help.

The error Filter chain halted as :authenticate_user! rendered or redirected means you have to be logged in to run the Api::RfqsController#index controller action. When you signed in, you received in the headers the following information:

"access-token": "my-access-token",
"token-type":   "Bearer",
"client":       "my-client-id",
"expiry":       "yyyyy",
"uid":          "freud@iron.com"

In order to make app.get('/api/private/rfqs') works, you need to add in the query headers :

  1. access-token
  2. uid
  3. token-type(value is Bearer)
  4. client

I advise you to use Postman Software to test out your Rails API. It is more efficient than using the console.

Community
  • 1
  • 1
Omar Lahlou
  • 1,000
  • 9
  • 33