I'm building the token authentication for the rails side of the project project. which uses devise and JWT gems. I need to write a method(in session controller) to destroy the user session. Does anyone know how to go about doing this? in the front end the token is held in sessions when the user is logged in.
class SessionsController < Devise::SessionsController
# protect_from_forgery with: :null_session, if: ->{request.format.json?}
# skip_before_action :verify_authenticity_token
def create
user = User.find_by_email(params[:email])
if user && user.valid_password?(params[:password])
@current_user = user
else
render json: { errors: { 'email or password' => ['is invalid'] } }, status: :unprocessable_entity
end
end
def destroy
# stuck here
end
end
here's the application controller too
class ApplicationController < ActionController::Base
protect_from_forgery with: :null_session
respond_to :json
before_action :underscore_params!
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :authenticate_user
private
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
end
def authenticate_user
if request.headers['Authorization'].present?
authenticate_or_request_with_http_token do |token|
begin
jwt_payload = JWT.decode(token, Rails.application.secrets.secret_key_base).first
@current_user_id = jwt_payload['id']
rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
head :unauthorized
end
end
end
end
def underscore_params!
params.deep_transform_keys!(&:underscore)
end
def authenticate_user!(options = {})
head :unauthorized unless signed_in?
end
def current_user
@current_user ||= super || User.find(@current_user_id)
end
def signed_in?
@current_user_id.present?
end
end
