0

I am having an issue getting devise_token_auth logout working.

I am working based on these SO:

How to set header and options in axios?

Why am I unable to sign out using devise_token_auth and curl?

This is the devise token auth, destroy method. It does reach this method and stops at a breakpoint.

https://github.com/lynndylanhurley/devise_token_auth/blob/c92258038c05fcc8f6a0374ccce2e63b9f8d5312/app/controllers/devise_token_auth/sessions_controller.rb#L48

    def destroy
      # remove auth instance variables so that after_action does not run
      user = remove_instance_variable(:@resource) if @resource
      client = @token.client
      @token.clear!

      if user && client && user.tokens[client]
        user.tokens.delete(client)
        user.save!

        yield user if block_given?

        render_destroy_success
      else
        render_destroy_error
      end
    end

@token is set in another method and it doesn't appear to be called. I don't quite get how this method is supposed to clear tokens.

My @token is #<struct DeviseTokenAuth::TokenFactory::Token client=nil, token=nil, token_hash=nil, expiry=nil> and @resource is nil at my break point/top of the method.

Client Request (Vue):

 methods: {
      headers() {
        const config = {
          headers: {
            "uid": localStorage.getItem("uid"),
            "client": localStorage.getItem("client"),
            "access-token": localStorage.getItem("access-token")
          }
        }
        return config
      },

      async handleLogOut() {
        // e.preventDefault();
        const headers = this.headers()

        localStorage.removeItem('access-token')
        localStorage.removeItem('uid')
        localStorage.removeItem('client')

        this.logOut();

        let response = await axios.get('api/v1/auth/sign_out', null, headers)
      }
    }

Routes:

 destroy_api_user_session GET    /api/v1/auth/sign_out(.:format)                                                          api/v1/sessions#destroy

What am I doing wrong? How is the destroy method working?

user3738936
  • 936
  • 8
  • 22
  • I think why your destroy method isn't working is because you're using `axios.get()`, and I believe you should use `axios.delete()` instead, because for devise sign out is using `delete` request method. – Khrisna Gunanasurya Feb 18 '21 at 15:33
  • I get this `ActionController::RoutingError (No route matches [DELETE] "/api/v1/auth/sign_out"):` I will add the routes I have. The routes could be different for devise vs devise_token_auth. – user3738936 Feb 18 '21 at 16:44
  • 1
    could you show me the `routes.rb`? because I never use `devise_token_auth` but I think `destroy` must be a `delete` request method. as in [here](https://github.com/lynndylanhurley/devise_token_auth/issues/1220) you can check that he is using `delete` method – Khrisna Gunanasurya Feb 19 '21 at 00:54
  • ah right by default. I changed it in the config though to use a get route. [config.sign_out_via = :get](https://github.com/lynndylanhurley/devise_token_auth/blob/c92258038c05fcc8f6a0374ccce2e63b9f8d5312/test/dummy/config/initializers/devise.rb#L254) – user3738936 Feb 19 '21 at 04:44
  • I see you already get the answer, glad to see that :) – Khrisna Gunanasurya Feb 19 '21 at 07:07

1 Answers1

1

Ok, I missed this before_action method:

https://github.com/lynndylanhurley/devise_token_auth/blob/c92258038c05fcc8f6a0374ccce2e63b9f8d5312/app/controllers/devise_token_auth/concerns/set_user_by_token.rb#L26

This is where it takes your headers, checks them and sets instance variables.

By finding this I realized I was not sending the headers that I thought I was sending. I changed my http request it works fine.

axios.get('api/v1/auth/sign_out', headers)

Side Note: The logout action by default in devise is delete but this can be modified:

  config.sign_out_via = :get
user3738936
  • 936
  • 8
  • 22