Reputation: 11
I have a problem with my devise gem. When I log out with a user, devise deletes my user out of my mysql database. I recognized this error first on yesterday, before it was working. I don't remember what register and login is also still possible.
User Controller
class UsersController < ApplicationController
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: @user }
end
end
def destroy
@user = User.find(params[:id2])
@user.destroy
respond_to do |format|
format.html { redirect_to root_url}
end
end
end
Logout-Link
<%= link_to " Logout", destroy_user_session_path(:id2 => current_user.id), :class => "btn btn-danger icon-share-alt ",:style=>"font-family: FontAwesome;font-weight: bold;color:black", :method => :delete %>
User Model
class User < ActiveRecord::Base
rolify
belongs_to :ressourcen
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :vorname, :nachname, :email, :password, :password_confirmation, :roleid,:id
validates :email, :uniqueness => true
Upvotes: 1
Views: 478
Reputation: 2923
That seems really weird. If devise and routes are setup in a default way, I can't see how this should happen. What does:
rake routes
show you for destroy_user_session_path? If you haven't overridden devise's SessionsController, and haven't changed devise's routes, the only entry for destroy_user_session should look something like this:
destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy
It definitely shouldn't be going to your UsersController at all. It should be going to devise's SessionsController.
In any case, this logout link works for me:
<%= link_to "Sign out", destroy_user_session_path, :method => :delete %>
destroy_user_session_path shouldn't need the user id. It's only destroying the user in the session, so there is no need for an id.
UPDATE:
When you log out, what page are you returned to? If you haven't defined the SessionsController yourself and haven't overridden after_sign_out_path(), it should try to return to root_path. If you don't have root defined in your routes, it will return to "/". Can you confirm from your log file (e.g. development.log) exactly what happens when you click on the 'logout' link? Which actions are called and when/what SQL queries are called? Just when you click on the link, not when you later browse to look at users. Also, what does the devise_for line in your routes.rb look like? It's worth digging in to exactly what is happening when you only click on the logout link.
As far as I know the only thing inside devise which could delete a user from the database is RegistrationsController.destroy() which would be called if a DELETE request was sent to /users (with no id). It would find the currently-logged-in user from the session (which is why it doesn't need an id) and destroy them. In the standard devise views, it looks like this can only be called from devise/registrations/edit.html.erb and presumably you aren't doing this.
Upvotes: 1
Reputation: 96
Try replacing this:
destroy_user_session_path
with this:
destroy_session_path(:user_id => current_user.id)
And than in SessionsController destroy your session. This way you are destroying your user every time someone click on logout link.
Upvotes: 0
Reputation: 470
Did you customize/override the devise sessions controller?
If not your logout link should probably look like this:
<%= link_to " Logout", destroy_user_session_path, :class => "btn btn-danger icon-share-alt ",:style=>"font-family: FontAwesome;font-weight: bold;color:black", :method => :delete %>
Devise doesn't know what the :id2
param is.
Upvotes: 0