Should implement current_user instead of @user.

Can sometimes be conflict, for example with cancancan:
before_action :authenticate_user!
load_and_authorize_resource
will both try to set @user for show method

I'm getting the following error when I try to logout/update account/destroy account/change password, being logged by Omniauth or not:

´´´ruby
Redirected to http://localhost:9000/
Filter chain halted as :require_no_authentication rendered or redirected
Completed 302 Found
´´´

Using:
´´´
gem 'devise_token_auth', '0.1.28.beta4'
"ng-token-auth": "0.0.22-beta1",
´´´

Any idea of why this is happening?

When signing up via email, I would like to send additional parameters such as image. I was trying to subclass the DeviseTokenAuth::RegistrationsController and change the resource_params function. This doesn't work because the devise_for is setup in ActionDispatch::Routing::Mapper -> mount_devise_token_auth_for

devise_for resource.pluralize.underscore.to_sym,
          :class_name  => resource,
          :module      => :devise,
          :path        => "",
          :controllers => { :registrations => "devise_token_auth/registrations"}
end

Is there anyway we could allow for additional parameters to be send?
Maybe even in the initializer such as

DeviseTokenAuth.setup do | config |
  config.registration_params = [:image]
end

And then in controllers/devise_token_auth/registrations_controller

def resource_params

   params.permit(:email, :password, :password_confirmation, :confirm_success_url, :confirm_error_url, *DeviseTokenAuth.registration_params)
end

Hi, first thank you for this great gem !

When I run this command line:

"rails g devise_token_auth:install User /auth"

I got this :

create config/initializers/devise_token_auth.rb
create db/migrate/20141014191637_devise_token_auth_create_users.rb
insert app/models/user.rb
insert app/controllers/application_controller.rb
gsub config/routes.rb

But when I check my routes file I can't see the new routes ?

My rails version is 4.1.6. Thank you

It would be nice to extract this AuthController's line into a method, so we can then override it as we please.
BTW, what's the best way to override devise_token_auth controllers? For example the AuthController .

      # sync user info with provider, update/generate auth token
      @user.assign_attributes({
        nickname: auth_hash['info']['nickname'],
        name:     auth_hash['info']['name'],
        image:    auth_hash['info']['image'],
        email:    auth_hash['info']['email']
      })

https://github.com/lynndylanhurley/devise_token_auth/blob/master/app/controllers/devise_token_auth/auth_controller.rb#L56

Hi, I am trying to use this gem, but it is not clear to me if this gem is a replacement for Devise or if it compliments it as an add-on. I did notice that the gem depends on Devise, but when I try to add it to my project, I am faced with a number of issues. I will outline them below and hopefully you or someone else on this thread can help out.

In my Gemfile I've tried adding just this gem and also this gem along with Devise:

gem 'devise', '~> 3.2.x'
gem 'devise_token_auth'

I have both a devise.rb and devise_token_auth.rb config files. Their contents are as follows:
https://gist.github.com/i8ramin/ab325f2efb730931a5b5

Should my routes file have both the devise_for directive as well as the mount_devise_token_auth_for? My project which already had devise also has a devise_for in the routes, so I wasn't sure what to do there. When I have both, I get one set of errors, when I have one, I get another set of errors.

devise_for :users , :path => "auth"
mount_devise_token_auth_for 'User', at: '/auth'

The scenario I am trying to work with is as follows:

• I have a app written specifically for oauth authentication using devise which lives at id.mysite.com
• I have SPA using angular that I would like to be able to authenticate using oauth, similar to how facebook, google and other oauth providers work. I want my id.mysite.com to behave just like those providers. A popup opens, you login, it closes and now you are logged into the provider site as well as the app
• The SPA has no server side back-end, so I cannot use gems like omniauth, etc. this has to be done all client-side

Is this the right tool for the job?

Thanks and sorry for the long post.

The following code in my application_controller.rb is causing a "wrong number of arguments (1 for 0)".

When I take out "DeviseTokenAuth::Concerns::SetUserByToken", the error goes away....
I have:

class ApplicationController < ActionController::Base
  include DeviseTokenAuth::Concerns::SetUserByToken

  include DeviseTokenAuth::Concerns::SetUserByToken
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  before_action :set_device_type

  def authenticate_active_admin_user!
    authenticate_user!
    if current_user.superadmin?
    else
      flash[:error] = "Please Sign In"
      redirect_to '/signin'
    end
  end

end

Hi there,

I have noticed that when the user session expires and a sign_out request is sent to the backend, it replies with a 404 status and an error message of: "User was not found or was not logged in.".

This results in expired tokens piling up on the user model.

Is this the correct behaviour? I mean whose responsibility is it to clean after expired tokens? Shouldn't it be the destroy method of sessions controller, or there should be something else taking care of them? Or a combinantion of both, after all a sign_out request might not come at all since the user could simply close the browser.

Thanks for your help

Including the model concern 'DeviseTokenAuth::Concerns::User' on a Mongoid model returns the folowing error message:

~/.rvm/gems/ruby-2.1.2@tp/gems/devise_token_auth-0.1.25/app/models/devise_token_auth/concerns/user.rb:11:in block in <module:User>': undefined methodserialize' for User:Class (NoMethodError)

In RegistrationsController#create, might it be a good idea to return resource.errors.full_messages instead of resource.errors? The full_messages version seems to me to be easier to consume on the client side.

One reservation I do have is that maybe devise_token_auth isn't always used in client-server-architected apps. "Traditional" apps would of course still probably want resource.errors as opposed to resource.errors.full_messages. So if we were to make a change, we would probably only want to make it for JSON requests.

I forked the project and changed resource.errors to resource.errors.full_messages and it works well for me.

What do you think?

I found that Concern in your gem includes Devise Trackable module but with devise_token_auth the Trackable hook as in lib/devise/hooks/trackable.rb is never called therefore the fields in db like current_sing_in_ip etc are not updated.

Probably it should be called in your sessions_controller#create ?

Github login is broken in the example app:

I finished a rudimentary user profile feature today. In order to be able to update a user's name, I had to add devise_parameter_sanitizer.for(:account_update) << :name. Since name is an attribute that comes with Devise by default, it was confusing to me why I wasn't able to edit it and it took me kind of a long time to track down the reason.

I don't have a super strong opinion on this either way but it seems like maybe fields like name should be included in the attributes under :account_update by default.

As usual, I'd be willing to make it happen. I haven't looked into what that would involve but I'd assume it wouldn't be a huge amount of work.

Hello,

I have a few questions about this gem. I have been working with it for the past 2 days and so far have really enjoyed the implementation.

I was curious your thoughts on removing
before_action :set_user_by_token
after_action :update_auth_header

To allow users more flexibility when they would like to authenticate users. I don't really need check for this information on my public methods. However I can easily include these in my API authentication methods.

When we are calling validate_token do we need to run update_auth_header ? The only reason I ask is it seems almost like an anti-pattern. If we are check to see if that token is valid and generate a new token we canceled the token we validated. I ran in to an issue earlier where tokens were being invalidated after the validate_token request.

Again, great job on this. It has saved me tons of work.

I have a series of issues. I have a project that mounts all the routes inside the api, eg:

new_api_v1_user_session GET /api/v1/auth/sign_in(.:format) devise_token_auth/sessions#new {:format=>:json}

When I try to authenticate against google_oauth2, I hit this route: http://localhost:5000/api/v1/auth/google_oauth2?auth_origin_url=http://localhost:5000/#/

and it throws this:

NoMethodError
undefined method `valid_encoding?' for :json:Symbol

actionpack (4.1.0) lib/action_dispatch/routing/redirection.rb:24:in block in call' actionpack (4.1.0) lib/action_dispatch/routing/redirection.rb:22:ineach'
actionpack (4.1.0) lib/action_dispatch/routing/redirection.rb:22:in call' actionpack (4.1.0) lib/action_dispatch/routing/mapper.rb:45:incall'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:71:in block in call' actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:ineach'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:in call' actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:676:incall'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in call!' omniauth (1.2.2) lib/omniauth/strategy.rb:164:incall'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in call!' omniauth (1.2.2) lib/omniauth/strategy.rb:164:incall'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in call!' omniauth (1.2.2) lib/omniauth/strategy.rb:164:incall'
omniauth (1.2.2) lib/omniauth/builder.rb:59:in call' rack-cors (0.2.9) lib/rack/cors.rb:54:incall'
warden (1.2.3) lib/warden/manager.rb:35:in block in call' warden (1.2.3) lib/warden/manager.rb:34:incatch'
warden (1.2.3) lib/warden/manager.rb:34:in call' rack (1.5.2) lib/rack/etag.rb:23:incall'
rack (1.5.2) lib/rack/conditionalget.rb:25:in call' rack (1.5.2) lib/rack/head.rb:11:incall'
remotipart (1.2.1) lib/remotipart/middleware.rb:27:in call' actionpack (4.1.0) lib/action_dispatch/middleware/params_parser.rb:27:incall'
actionpack (4.1.0) lib/action_dispatch/middleware/flash.rb:254:in call' rack (1.5.2) lib/rack/session/abstract/id.rb:225:incontext'
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in call' actionpack (4.1.0) lib/action_dispatch/middleware/cookies.rb:560:incall'
activerecord (4.1.0) lib/active_record/query_cache.rb:36:in call' activerecord (4.1.0) lib/active_record/connection_adapters/abstract/connection_pool.rb:621:incall'
activerecord (4.1.0) lib/active_record/migration.rb:380:in call' actionpack (4.1.0) lib/action_dispatch/middleware/callbacks.rb:29:inblock in call'
activesupport (4.1.0) lib/active_support/callbacks.rb:82:in run_callbacks' actionpack (4.1.0) lib/action_dispatch/middleware/callbacks.rb:27:incall'
actionpack (4.1.0) lib/action_dispatch/middleware/reloader.rb:73:in call' actionpack (4.1.0) lib/action_dispatch/middleware/remote_ip.rb:76:incall'
actionpack (4.1.0) lib/action_dispatch/middleware/debug_exceptions.rb:17:in call' actionpack (4.1.0) lib/action_dispatch/middleware/show_exceptions.rb:30:incall'
railties (4.1.0) lib/rails/rack/logger.rb:38:in call_app' railties (4.1.0) lib/rails/rack/logger.rb:20:inblock in call'
activesupport (4.1.0) lib/active_support/tagged_logging.rb:68:in block in tagged' activesupport (4.1.0) lib/active_support/tagged_logging.rb:26:intagged'
activesupport (4.1.0) lib/active_support/tagged_logging.rb:68:in tagged' railties (4.1.0) lib/rails/rack/logger.rb:20:incall'
quiet_assets (1.0.2) lib/quiet_assets.rb:18:in call_with_quiet_assets' actionpack (4.1.0) lib/action_dispatch/middleware/request_id.rb:21:incall'
rack (1.5.2) lib/rack/methodoverride.rb:21:in call' rack (1.5.2) lib/rack/runtime.rb:17:incall'
activesupport (4.1.0) lib/active_support/cache/strategy/local_cache_middleware.rb:26:in call' rack (1.5.2) lib/rack/lock.rb:17:incall'
actionpack (4.1.0) lib/action_dispatch/middleware/static.rb:64:in call' rack (1.5.2) lib/rack/sendfile.rb:112:incall'
railties (4.1.0) lib/rails/engine.rb:514:in call' railties (4.1.0) lib/rails/application.rb:144:incall'
unicorn (4.8.2) lib/unicorn/http_server.rb:572:in process_client' unicorn (4.8.2) lib/unicorn/http_server.rb:666:inworker_loop'
unicorn (4.8.2) lib/unicorn/http_server.rb:521:in spawn_missing_workers' unicorn (4.8.2) lib/unicorn/http_server.rb:140:instart'
unicorn (4.8.2) bin/unicorn_rails:209:in <top (required)>' /Users/pete/.rvm/gems/ruby-2.1.1/bin/unicorn_rails:23:inload'
/Users/pete/.rvm/gems/ruby-2.1.1/bin/unicorn_rails:23:in <top (required)>' ruby-debug-ide (0.4.22) lib/ruby-debug-ide.rb:86:indebug_load'
ruby-debug-ide (0.4.22) lib/ruby-debug-ide.rb:86:in debug_program' ruby-debug-ide (0.4.22) bin/rdebug-ide:110:in<top (required)>'
-e:1:in load' -e:1:in

:json is a symbol instead of a string. I have no idea why. So as an experiment I hacked the core file to first check whether the value responds to valid_encoding? -- if it doesn't, then it skips it. When I make that change things work better (obviously that is a short term hack, the real solution is to figure out why the symbol is being passed). But that brings us to the second problem.

If the above issues weren't happening, then it redirects successfully to the google login screen, where it shows all the google identities I have a cookie for. I select my main one that I know I'm logged into and it redirects me to:

http://localhost:5000/omniauth/failure?message=invalid_credentials&origin=http%3A%2F%2Flocalhost%3A5000%2F&strategy=google_oauth2

But when it tries that, rails throws a Routing Error. /omniauth/failure isn't the right route, it's supposed to be /api/v1/auth/failure.

So If I could fix the redirect so it hit the correct route, then I'd see an erroneous message about invalid credentials. I'm hoping you can help me untangle this!

Works fine when run locally.

I used the generator to add token auth to my user model and am running into errors in all of my tests. I can create one user, who gets the default uid of "" as per the schema, but any additional users created by FactoryGirl throw an error:

Failure/Error: @user = create(:user)
ActiveRecord::RecordNotUnique:
PG::UniqueViolation: ERROR:  duplicate key value violates unique constraint "index_users_on_uid"
DETAIL:  Key (uid)=() already exists.
: INSERT INTO "users" ("confirmation_sent_at", "confirmation_token", "created_at", "email",     
"encrypted_password", "gravatar_hash", "tokens", "updated_at", "username") VALUES ($1, $2, $3,
 $4, $5, $6, $7, $8, $9) RETURNING "id"

If I create users manually in the console, the first one passes, but any additional ones also throw this error. I did change the generated migration to create username instead of nickname.

I had a search through the repo, and it looks like the uid comes from omniauth? How is the uid generated for users who signup normally?

Columns:
sign_in_count, current_sign_in_at, last_sign_in_at, current_sign_in_ip, last_sign_in_ip

are not being updating after user logs in.

Hey @lynndylanhurley -

@nbrustein and I are investigating some issues involving multiple processes concurrently hitting API endpoints and occasionally causing logouts. The first grouping of issues seem to be fixed with some pessimistic locks around the user object in update_auth_header. We have this running in prod and it's definitely improved the situation. We'll plan on submitting a PR after a little more exposure, and some investigation behind how to unit test it.

The other issue we're seeing may result from a unreceived response while within a batched request window. It appears that update_auth_header sends the expected auth settings down on the response in every condition but this one, and I was wondering if there was a pragmatic reason for that. When tweaking that logic, I noticed that there were some tests (demo_user_controller_test.rb:199 and demo_mang_controller_test.rb:199) that explicitly check to ensure that the auth header are not returned. Was hoping you might be able to provide some insight into that. It seems that if we were always returning those headers, subsequent requests (still within the batch window) could update appropriately and not fail.

Thanks again for all the hard work! =]

Hi

I really like the gem and am hoping what I would like to be achieved can be done.

I have a rails app and an angularjs (ionic) app for mobile. The requirement is essentially that I can handle the authentication of the mobile app via devise_token_auth but still have devise running as normally with html responses for the rails web-based app. The mobile app needs to access api.domain.com/auth/ with the version being sent as a header pointing the route to a module (I am currently handling this part already).

I was hoping that I could achieve this by having the devise_token_auth_for call in routes under the api namespace and version module with devise_for sitting outside the namespace allowing api access but still allowing normal devise functionality. This unfortunately gave me a routes already exist error and the database does not wnat to migrate because of the user table being created by devise already. If I only include the devise_token_auth_for call within the namespace it becomes difficult to create the normal devise funcitonality.

Is it possible to handle the scenario that I describe above with the gem and if so do you have any suggestions or pushes in the right direction?

Thanks in advance - and a big up for this gem!

I'm using devise_token_auth along with ng-token-auth library for my angular frontend and everything seems to be working well until I try to access the current_user variable to reference the signed in user. I looked at the code and see that you're using @current_user and that works temporarily, but after a few server requests, I lose reference to @current_user and the variable returns nil even though I have successfully logged in. This prevents me from conducting simple authorization checks (for example: does the current_user belong to the requested account?). Is there something that I'm missing?

In a vanilla devise implementation, you would use a before_action :authenticate_user! in your controller to get access to the devise helper methods (current_user, user_signed_in?, etc). However, that is throwing an error as well.

Thanks!

Do you suggest a best practice for extending the User model? Attempting to add associations to the user model. There seem to be many ways to accomplish this.

When I make a post to /auth with the appropriate params I receive this error.

Hi there,

thanks again for the explanation on the email confirmation. I have another question about your gem. Is it possible to call the sign_up method from another controller inside my rails project? In my application it should be possible for signed in users to add new users. In devise there is a helper method (sign_up in Devise::Controllers::Helpers)

Thanks in advance,
Andi

When resetting a password, I get the following error:

NameError (undefined local variable or method set_reset_password_token' for #<User:0x007fb039af9e98>): activemodel (4.1.6) lib/active_model/attribute_methods.rb:435:inmethod_missing'
activerecord (4.1.6) lib/active_record/attribute_methods.rb:211:in method_missing' devise_token_auth (0.1.29.beta7) app/models/devise_token_auth/concerns/user.rb:56:insend_reset_password_instructions'
....
It does not find the method set_reset_password_token that is called from send_reset_password_instructions.
I'm using devise version 3.2.0.

Can't you just call the raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
to generate the token?

The facebook login in the demo app does not work

The devise way to add extra user parameters is not working right now, at least not on sign_up.
https://github.com/plataformatec/devise#strong-parameters

Unpermitted parameters: type, name

I have an app that doesn't use :confirmable, and I had to do a couple somewhat hacky things in order for user registration to function without errors with devise_token_auth.

In the Devise gem itself, :confirmable is of course off by default. Is there any reason why it wouldn't be a good idea to make devise_token_auth match?

I would be willing to do the actual implementation work if we decide it would be a good idea.

Only UID is a unique key on User table
add_index :users, :uid, unique: true

I am suggesting
add_index :users, [:provider, :uid], unique: true

The expiration date inside the create method is currently not converted to an integer in the session_controller.rb
It should be (Time.now + DeviseTokenAuth.token_lifespan).to_i

If I were to move from Devise to this gem, what would be the easiest way to migrate over? All I have is a polymorphic user model which two attributes (email, password).

Since EMAIL is not used for database authentication, perhaps it should be listed under User Info instead of Database Authentication in the migration file ``devise_token_auth_create_users.rb` :-)

(UID column can contain either an email address or an uid for authentication; the former used with encrypted password).

Adding this gem to a new project and running: rails g devise_token_auth:install produces this error:

~/.rvm/gems/ruby-2.1.2/gems/devise_token_auth-0.1.25/config/initializers/devise.rb:196:in `block (2 levels) in <top (required)>': uninitialized constant OmniAuth (NameError)

Are 'devise' or 'omniauth' gems also necessary? maybe it should be added as a dependency.

Thanks, awesome gem!

When routing to sessions#destroy (logging out with email provider), in the SessionsController#destroy function,

    def destroy
      sign_out(resource_name)

      render json: {
        success:true
      }
    end

a before_filter verify_signed_out_user from the Devise::SessionsController is run.

prepend_before_filter :verify_signed_out_user, only: :destroy

Inside verify_signed_out_user the function respond_to_on_destroy is called which renders an output:

def respond_to_on_destroy
    # We actually need to hardcode this as Rails default responder doesn't
    # support returning empty response on GET request
    respond_to do |format|
      format.all { head :no_content }
      format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) }
    end
  end 

before the render json: {success:true} is executed resulting in an error.

Redirected to http://localhost:3000/
Filter chain halted as :verify_signed_out_user rendered or redirected

In both the token_is_current? and token_can_be_reused? method there is this line:

token_is_current?:
BCrypt::Password.new(self.tokens[client_id]['last_token']) == token

token_can_be_reused?:
BCrypt::Password.new(self.tokens[client_id]['last_token']) == token

This evaluates to false when using ng-token-auth in both methods as the token param is considerably different than the BCrypt version.

For example, this is the token param for a request:
fUq6YJdVqcoj_-xVzfJcWw

This is the self.tokens[client_id]['token']:
$2a$10$roX/NChL8GaZ5q0rS20wa.yILnY8n6RsONPtmGUy.IUqPnL.NIkle

All of this is using a vanilla device_token_auth install and default ng-token-auth (just the apiUrl specified) setup so I'm a bit stumped as to why these values are not equal.

Any ideas?

Hey,

It would be awesome if there would be a generator like we have rails g devise:views
to copy your views to an application.
I'm using:

gem 'devise-i18n'
gem 'devise-i18n-views'

but when used with devise_token_auth they take a precedence and your mailer templates was not used They differs a little (like added redirect_url param for password reset links) so it would be nice to have a task to update them when updating your gem.

Getting below error while trying to integrate with facebook or linkedin.

Backtrace

Started GET "/auth/linkedin" for 127.0.0.1 at 2014-09-30 20:59:55 -0500
ActiveRecord::SchemaMigration Load (0.1ms) SELECT schema_migrations.* FROM schema_migrations

Started GET "/omniauth/linkedin?resource_class=User" for 127.0.0.1 at 2014-09-30 20:59:55 -0500
I, [2014-09-30T20:59:55.874961 #26214] INFO -- omniauth: (linkedin) Request phase initiated.

Started GET "/omniauth/linkedin/callback?resource_class=User&oauth_token=75--c7c0dd37-c720-425f-acac-f1218cbad003&oauth_verifier=93853" for 127.0.0.1 at 2014-09-30 21:00:17 -0500
I, [2014-09-30T21:00:17.880395 #26214] INFO -- omniauth: (linkedin) Callback phase initiated.
Processing by DeviseTokenAuth::AuthController#omniauth_success as HTML
Parameters: {"resource_class"=>"User", "oauth_token"=>"75--c7c0dd37-c720-425f-acac-f1218cbad003", "oauth_verifier"=>"93853", "provider"=>"linkedin"}
User Load (0.2ms) SELECT users.* FROM users WHERE users.uid = '2UgVGWV5v_' AND users.provider = 'linkedin' ORDER BY users.id ASC LIMIT 1
Completed 500 Internal Server Error in 49ms

NoMethodError (undefined method match' for nil:NilClass): devise_token_auth (0.1.28.beta6) app/controllers/devise_token_auth/auth_controller.rb:128:ingenerate_url'
devise_token_auth (0.1.28.beta6) app/controllers/devise_token_auth/auth_controller.rb:36:in omniauth_success' actionpack (4.1.6) lib/action_controller/metal/implicit_render.rb:4:insend_action'
actionpack (4.1.6) lib/abstract_controller/base.rb:189:in process_action' actionpack (4.1.6) lib/action_controller/metal/rendering.rb:10:inprocess_action'
actionpack (4.1.6) lib/abstract_controller/callbacks.rb:20:in block in process_action' activesupport (4.1.6) lib/active_support/callbacks.rb:113:incall'
activesupport (4.1.6) lib/active_support/callbacks.rb:113:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:229:inblock in halting'
activesupport (4.1.6) lib/active_support/callbacks.rb:215:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:215:inblock in halting_and_conditional'
activesupport (4.1.6) lib/active_support/callbacks.rb:166:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:166:inblock in halting'
activesupport (4.1.6) lib/active_support/callbacks.rb:229:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:229:inblock in halting'
activesupport (4.1.6) lib/active_support/callbacks.rb:166:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:166:inblock in halting'
activesupport (4.1.6) lib/active_support/callbacks.rb:166:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:166:inblock in halting'
activesupport (4.1.6) lib/active_support/callbacks.rb:166:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:166:inblock in halting'
activesupport (4.1.6) lib/active_support/callbacks.rb:149:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:149:inblock in halting_and_conditional'
activesupport (4.1.6) lib/active_support/callbacks.rb:86:in call' activesupport (4.1.6) lib/active_support/callbacks.rb:86:inrun_callbacks'
actionpack (4.1.6) lib/abstract_controller/callbacks.rb:19:in process_action' actionpack (4.1.6) lib/action_controller/metal/rescue.rb:29:inprocess_action'
actionpack (4.1.6) lib/action_controller/metal/instrumentation.rb:31:in block in process_action' activesupport (4.1.6) lib/active_support/notifications.rb:159:inblock in instrument'
activesupport (4.1.6) lib/active_support/notifications/instrumenter.rb:20:in instrument' activesupport (4.1.6) lib/active_support/notifications.rb:159:ininstrument'
actionpack (4.1.6) lib/action_controller/metal/instrumentation.rb:30:in process_action' actionpack (4.1.6) lib/action_controller/metal/params_wrapper.rb:250:inprocess_action'
activerecord (4.1.6) lib/active_record/railties/controller_runtime.rb:18:in process_action' actionpack (4.1.6) lib/abstract_controller/base.rb:136:inprocess'
actionview (4.1.6) lib/action_view/rendering.rb:30:in process' actionpack (4.1.6) lib/action_controller/metal.rb:196:indispatch'
actionpack (4.1.6) lib/action_controller/metal/rack_delegation.rb:13:in dispatch' actionpack (4.1.6) lib/action_controller/metal.rb:232:inblock in action'
actionpack (4.1.6) lib/action_dispatch/routing/route_set.rb:82:in call' actionpack (4.1.6) lib/action_dispatch/routing/route_set.rb:82:indispatch'
actionpack (4.1.6) lib/action_dispatch/routing/route_set.rb:50:in call' actionpack (4.1.6) lib/action_dispatch/journey/router.rb:73:inblock in call'
actionpack (4.1.6) lib/action_dispatch/journey/router.rb:59:in each' actionpack (4.1.6) lib/action_dispatch/journey/router.rb:59:incall'
actionpack (4.1.6) lib/action_dispatch/routing/route_set.rb:678:in call' omniauth (1.2.2) lib/omniauth/strategy.rb:404:incall_app!'
omniauth (1.2.2) lib/omniauth/strategy.rb:362:in callback_phase' omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:58:incallback_phase'
omniauth (1.2.2) lib/omniauth/strategy.rb:227:in callback_call' omniauth (1.2.2) lib/omniauth/strategy.rb:184:incall!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in call' omniauth (1.2.2) lib/omniauth/strategy.rb:186:incall!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in call' omniauth (1.2.2) lib/omniauth/strategy.rb:186:incall!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in call' omniauth (1.2.2) lib/omniauth/builder.rb:59:incall'
warden (1.2.3) lib/warden/manager.rb:35:in block in call' warden (1.2.3) lib/warden/manager.rb:34:incatch'
warden (1.2.3) lib/warden/manager.rb:34:in call' rack (1.5.2) lib/rack/etag.rb:23:incall'
rack (1.5.2) lib/rack/conditionalget.rb:25:in call' rack (1.5.2) lib/rack/head.rb:11:incall'
actionpack (4.1.6) lib/action_dispatch/middleware/params_parser.rb:27:in call' actionpack (4.1.6) lib/action_dispatch/middleware/flash.rb:254:incall'
rack (1.5.2) lib/rack/session/abstract/id.rb:225:in context' rack (1.5.2) lib/rack/session/abstract/id.rb:220:incall'
actionpack (4.1.6) lib/action_dispatch/middleware/cookies.rb:560:in call' activerecord (4.1.6) lib/active_record/query_cache.rb:36:incall'
activerecord (4.1.6) lib/active_record/connection_adapters/abstract/connection_pool.rb:621:in call' activerecord (4.1.6) lib/active_record/migration.rb:380:incall'
actionpack (4.1.6) lib/action_dispatch/middleware/callbacks.rb:29:in block in call' activesupport (4.1.6) lib/active_support/callbacks.rb:82:inrun_callbacks'
actionpack (4.1.6) lib/action_dispatch/middleware/callbacks.rb:27:in call' actionpack (4.1.6) lib/action_dispatch/middleware/reloader.rb:73:incall'
actionpack (4.1.6) lib/action_dispatch/middleware/remote_ip.rb:76:in call' actionpack (4.1.6) lib/action_dispatch/middleware/debug_exceptions.rb:17:incall'
actionpack (4.1.6) lib/action_dispatch/middleware/show_exceptions.rb:30:in call' railties (4.1.6) lib/rails/rack/logger.rb:38:incall_app'
railties (4.1.6) lib/rails/rack/logger.rb:20:in block in call' activesupport (4.1.6) lib/active_support/tagged_logging.rb:68:inblock in tagged'
activesupport (4.1.6) lib/active_support/tagged_logging.rb:26:in tagged' activesupport (4.1.6) lib/active_support/tagged_logging.rb:68:intagged'
railties (4.1.6) lib/rails/rack/logger.rb:20:in call' actionpack (4.1.6) lib/action_dispatch/middleware/request_id.rb:21:incall'
rack (1.5.2) lib/rack/methodoverride.rb:21:in call' rack (1.5.2) lib/rack/runtime.rb:17:incall'
activesupport (4.1.6) lib/active_support/cache/strategy/local_cache_middleware.rb:26:in call' rack (1.5.2) lib/rack/lock.rb:17:incall'
actionpack (4.1.6) lib/action_dispatch/middleware/static.rb:64:in call' rack (1.5.2) lib/rack/sendfile.rb:112:incall'
railties (4.1.6) lib/rails/engine.rb:514:in call' railties (4.1.6) lib/rails/application.rb:144:incall'
rack (1.5.2) lib/rack/lock.rb:17:in call' rack (1.5.2) lib/rack/content_length.rb:14:incall'
rack (1.5.2) lib/rack/handler/webrick.rb:60:in service' /home/krunal/.rvm/rubies/ruby-1.9.3-p545/lib/ruby/1.9.1/webrick/httpserver.rb:138:inservice'
/home/krunal/.rvm/rubies/ruby-1.9.3-p545/lib/ruby/1.9.1/webrick/httpserver.rb:94:in run' /home/krunal/.rvm/rubies/ruby-1.9.3-p545/lib/ruby/1.9.1/webrick/server.rb:191:inblock in start_thread'

Hi, I'm using your gem for a rails-api / mongoid project and I had a couple of issues using the generator:

Mongoid: it doesn't add the concern to the model, also it creates a migration (not necessary since it doesn't use activerecord)

Rails-api: it doesn't add the concern to ApplicationController, rails-api uses controllers based on ActionController::API so maybe that's where the issue is

Thanks!

Test A

1. Added before_create :skip_confirmation! in User model
2. Disabled the Confirmable columns in the migration file
3. Ran db:migration

Result of test A
db:migration fails during execution of seed.rb with message:
NameError: undefined local variable or method `confirmed_at' for #User:0x007fabb13dcae8

Test B
4. Enabled the Confirmable columns in the migration file
5. Ran db:migration

Result of test B
Confirmation columns are all updated except unconfirmed_email

Test C
6. Removed `before_create :skip_confirmation!`` in User model
7. Kept the Confirmable columns enabled in the migration file
8. Ran db:migration

Result of test C
Confirmation columns are all updated except unconfirmed_email and confirmed_at

Question 1
Are the Confirmation columns necessary, if before_create :skip_confirmation! is implemented ?

Question 2
Shouldn't unconfirmed_email be set when confirmation is implemented or could this column be omitted ? You already have uid and email columns.

I created a new rails project (rails 4.1.4), installed devise, created a user model with the devise generator and then ran rails g devise_token_auth:install User /auth. The only output I receive is

      create  config/initializers/devise_token_auth.rb
      create  db/migrate/20140720052809_devise_token_auth_create_users.rb

Nothing is added to the user model, application controller, or routes file as the generator should. Also, when I tried adding in some of those lines manually, I get NameError: uninitialized constant DeviseTokenAuth::Concerns::User

Any help would be greatly appreciated.

In my app, I'm using a seperate model for openauth keys so that a user can connect with multiple providers. Will this be something that you'll be supporting down the road?

I've noticed some strange behavior with batch requests that is causing parallel requests to return outdated auth tokens in the response. Essentially the situation is as follows:

1. Request R1 is made with auth token (1)
2. Request R2 is made in parallel with the same auth token (1)
3. Response to R1 creates a new auth token (2) and returns it in the response
4. Response to R2 is flagged as a batch request but returns the original auth token (1) in its response header

Changing the batch request tests to start with a clean token by adding age_token at the start of the begin at line 153 of demo_controller_test.rb causes reproducible test failures because the responses do not include the same response header.

On its face, this seems due to the fact that extending the batch buffer actually does just return the auth token that was sent with the request as the response headers (https://github.com/lynndylanhurley/devise_token_auth/blob/master/app/models/devise_token_auth/concerns/user.rb#L132)

I'm working on my own angular consumer of this gem and am wondering if I need to be accounting for this behavior on the frontend or if this is behavior that is unexpected.

On our app we are using your devise_token_auth but getting an exception:

[PROJECT_ROOT]/vendor/bundle/ruby/2.0.0/gems/activerecord-4.1.4/lib/active_record/dynamic_matchers.rb:26:in method_missing' NoMethodError: undefined methodfind_by_uid' for #Class:0x007f6622678fd8

Any idea what is the cause?

Hi. I’m not sure if I missed something, but I couldn’t find a way to set up devise_token_auth to work without using OmniAuth. I mean, is it possible to use devise_token_auth using only email authentication?

So far I’ve installed the gem, ran the rails g devise_token_auth:install Agent /auth command and added the mount_devise_token_auth_for 'Agent', at: '/auth' to config/routes.rb, but I got the following after doing a rake routes:

Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile.
rake aborted!
LoadError: cannot load such file -- omniauth

Thanks

I’m using Rails 4.16 with devise_token_auth 0.1.29.

First of all, this is an awesome library!!!

In devise its possible to skip confirmation via

confirmable.rb

If you don't want confirmation to be sent on create, neither a code

to be generated, call skip_confirmation!

def skip_confirmation!
self.confirmed_at = Time.now
end

can you expose that feature?

Thanks in advance,
Andi

Could these attributes be removed or added to its own table e.g. Profile

  ## User Info
  t.string :name
  t.string :nickname
  t.string :image

When the developer can decide on which User Info s/he want to have in the app. Most apps would likely have for User Info stored specific the app and by removing these attributes from User table, we can keep the User table clean.

Hey @lynndylanhurley -

Ran into an issue with ng-token-auth (0.0.23-beta2) / devise-token-auth (0.1.29) sometimes resulting in 401 unauthorized while hitting API routes while using changing tokens.

This seems to happen after a request errors, resulting in a non 200 OK response from the server. This only happens when a token has been re-generated in the after_action callback in the devise_token_auth set_user_by_token.rb concern.

The $httpInterceptor in ng-token-auth has appropriate request and response handlers, but no responseError handler. So, when an errored request (that is also updating the token) has its response hit the client, ng-token-auth never calls setAuthHeaders with the updated headers.

I'm not sure what's the most appropriate fix in this case. devise_token_auth could only update tokens if the response was successful, but I'm not sure that's the right thing to do or not. I'm leaning towards ng-token-auth essentially duplicating the response handler for responseError so it could be more agnostic. Thoughts?

Hello

For API's using respond_to requires including the Mime parser, which is not needed most of the times.

Would suggest getting rid of this string:
respond_to :json
in
devise_token_auth / app / controllers / devise_token_auth / application_controller.rb