Devise returns 401 on updated Rails 3.1 app with slightly custom routes
https://stackoverflow.com/questions/8609047
-
27-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I can't seem to get a user logged into our admin panel after upgrading our app from Rails 2.3.x to Rails 3.1.3. I'm using the latest version of Devise, which at the time of this post is v1.5.3.
A POST to the session#create route returns a 401 response (and all the params look like they're going in properly); it happens when Warden tries to auth the user using one of Devise's strategies (:database_authenticatable). Here's my user model.
class User < ActiveRecord::Base
devise :database_authenticatable, :validatable
attr_accessible :email, :password, :password_confirmation
end
I've got an overridden Devise::SessionsController in my :admin namespace (the logins are for admins only, and they've got their own site layout, thus the override). There's nothing special in the controller, really, other than the layout:
class Admin::SessionsController < ::Devise::SessionsController
layout "admin"
end
I do have slightly customized routes, and here's the code that I've got for that.
devise_for :users, :controllers => { :sessions => 'admin/sessions' }
I have the csrf_meta_tag bit in my layout's headers, and my ApplicationController has the protect_from_forgery line in it. The form's errors are empty when it comes back to re-render the page.
I've stepped through the code (all the way into lib/warden/proxy.rb), and Warden doesn't seem to think the :database_authenticatable strategy I'm using is valid (Warden's source code for that part). The user is a valid user… I've created it via an Rails rails console IRB session, from scratch, with a valid password and everything. I would hope it should recognize that as valid, right? Or am I even barking up the right tree?
Solution
Wow, I'm kind of a fool. After stepping into Devise's authenticatable strategy, it became clear to me that in my devise.rb configuration file (which I had copied in from another project and tweaked) had :username listed as an authentication_key, and not :email like it should have been. Changed it to :email and now it works.
In a related story, I now have a somewhat murky understanding of how Devise works with Warden.
