Devise: recall method is not being called in warden.authenticate!
Hi,
I searched around, posted in stackoverflow, but I got no solution so far.
I'm trying to give a custom json response in case of failed login. I want the json to be in this format:
{success: false, errors: [<error_message>]}
So I overrode the SessionsContoller, as following:
class SessionsController < Devise::SessionsController
respond_to :json
def create
self.resource = warden.authenticate!(auth_options)
sign_in(resource_name, resource)
render json: { :success => true }, status: 200
end
def failure
warden.custom_failure!
render json: { success: false, errors: ["Login Credentials Failed"] }, status: 401
end
protected
def auth_options
{:scope => resource_name, :recall => "#{controller_path}#failure"}
end
end
routes.rb:
devise_for :users, controllers: {sessions: 'sessions'}
devise.rb:
config.navigational_formats = ["*/*", :html, :json]
Login is working just fine, I'm just not being able to override the failure response. I'm just posting this here to check if it's not a bug, since this same code is presented in various blog posts in the internet.
lcguida
All 7 comments
Can you please provide a sample application that reproduces the error?
lucasmazza
on 18 Aug 2014
Hi @lucasmazza
Here is the sample app: https://github.com/lcguida/devise_teste
There's an existing user:
email: [email protected]
password: 12345678
If you try to login with these credentials you'll receive a console.log with the following json response:
{success: true}
If you use any other credentials, the app should respond with:
{success: false, errors: ["Login Credentials Failed"]}
But instead, is responding with 401 and the default devise message:
{"error":"Invalid email address or password."}
Recall is invoked just in some situations, it is not supposed to be a generic mechanism. I think it only does so for navigational requests (so it doesn't really work for API requests).
josevalim
on 18 Aug 2014
I am having the exact opposite issues ; i cant get the standard devise messages to show
leofrozenyogurt
on 28 Aug 2014
I am closing this. As said previously, recall is not invoked for API requests, only for navigational ones. If you want to customise the http status code, you will have better luck doing so at the failure app level.
josevalim
on 18 Sep 2014
@leofrozenyogurt feel free to open up an issue for the problem you are seeing. Please include as much information as possible to reproduce the issue!
josevalim
on 18 Sep 2014
Wow, looking at the Devise session_controller.rb I can see why skinny controller/fat model is so important. The Rails 4 (or even Rails 3) way, it should be question of specifying a format and you're done. All this logic should be in the model. That it is so hard to override this controller to implement AJAX login (which should be standard Devise by now in any case) shows why. Scary to consider that overriding the other controllers to get AJAX in the rest of the framework will probably be just as hard...
reconstructions
on 4 Oct 2015
Related issues
edipox
·
4Comments
neohunter
·
3Comments
mvz
·
3Comments
lancecarlson
·
3Comments
cheung-chifung
·
4Comments
Most helpful comment
Wow, looking at the Devise
session_controller.rbI can see why skinny controller/fat model is so important. The Rails 4 (or even Rails 3) way, it should be question of specifying a format and you're done. All this logic should be in the model. That it is so hard to override this controller to implement AJAX login (which should be standard Devise by now in any case) shows why. Scary to consider that overriding the other controllers to get AJAX in the rest of the framework will probably be just as hard...