I have inherited an application built with Rails (v. 4.2.0) + AngularJS. Most of it works reasonably well, but I have hit a wall with Devise (v .3.5.1) that I am unable to overcome.
The application is structured this way: Angular.js handles the client side and is served from the back by the Rails app through an API. (The structure is very similar to the one from this tutorial: https://thinkster.io/angular-rails).
The problem if that for some reason, the app does not recognize helper methods of devise such as: current_user or user_signin? among others. Currently, anyone could make a request to /api/users and get a JSON with the information.
For instance, if we add this code to the /controllers/api/employees_controller.rb and you make a request in your browser to /api/employees/:id you get the JSON despite nos being logged
def show
@employee = Employee.find(params[:id])
respond_to do |format|
format.json{
if user_signed_in? then
render text: @employee.to_json, status: 200
else
render :json => nil, status: 422
end
}
end
end
Note: in this application the entity "Employee" is a type of "User"
I have tried solutions named in this post Rails devise: user_signed_in? not working but it didn't work for me
Here are all the parts of the code that I think could offer some light to this issue
/controllers/api/users/sessions_controller.rb
module Api
class Users::SessionsController < Devise::SessionsController
before_filter :configure_sign_in_params, only: [:create]
#Devise couldn't find "users_url" so just defining it here (500 error)
def users_url
:root_path
end
# GET /resource/sign_in
def new
super
end
# POST /resource/sign_in
def create
user = User.new
if ( params[:user][:email] == "" || params[:user][:password] == "") then
render json: {errors: "Insufficient data provided (user and/or password)"}.to_json, status: :bad_request
elsif User.find_by_email(params[:user][:email]).present?
user = User.find_by_email(params[:user][:email])
if user.valid_password?(params[:user][:password]) then
sign_in :user, user
render json: user.to_json(only: [:id, :email, :name, :last_name, :type, :company_id,:configuration,:phone]), status: :created
else
render json: {errors: "Wrong password."}.to_json, status: :unauthorized
end
else
render json: {errors: "Could not find user with that email."}.to_json, status: :unauthorized
end
end
# DELETE /resource/sign_out
def destroy
puts "HEEEEY"
end
# protected
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_in_params
devise_parameter_sanitizer.for(:sign_in) << :attribute
end
end
end
models/user.rb
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable#, :confirmable
scope :admins, -> { where(admin: true) }
validates :email, presence: true
validates :name, presence: true, length: { in: 1..50 }
end
config/routes.rb
Rails.application.routes.draw do
namespace :api, defaults: {format: :json} do
resources :contacts
resources :job_application
# devise_for :admins, controllers: {sessions: 'admins/sessions'}
# devise_for :employees, controllers: {sessions: 'employees/sessions'}
devise_for :users, controllers: {
sessions: 'api/users/sessions',
registrations: 'api/users/registrations',
}
devise_for :employees, controllers: {
sessions: 'api/employees/sessions',
registrations: 'api/employees/registrations',
}
If you need any other part of the code, please just let me know.
Thank you very much!
