Rails Custom Authentication with internal jar security

Question

Our company uses a jar file with java code to authenticate users for access to internal websites. I have so far been able to integrate that jar file into a devise strategy which allows a user to sign in. However when I run the code, I get a successful log in/redirect followed by an unauthorized/redirect to log in.

Started POST "/login" for 0:0:0:0:0:0:0:1 at 2017-01-09 11:05:40 -0500
(7.0ms)  SELECT name FROM sqlite_master WHERE type = 'table' AND name =  "schema_migrations"
ActiveRecord::SchemaMigration Load (2.0ms)  SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"WCrhgdRgZsQng2rgHdhnCBB7me5lAfhvDxwYrMpMUxfUdMN0fN/PjBHJPIUxMYiNjoJlaLsCIlQdN4WmbPlclg==", "user"=>{"email"=>"<valid email>", "password"=>"[FILTERED]"}, "commit"=>"Log in"}
Custom Authenticate
Authenticated=true
{:username=>"<valid un>", :firstname=>"", :lastname=>"", :fullname=>"", :email=>""}
(0.0ms)  SELECT name FROM sqlite_master WHERE type = 'table' AND NOT name = 'sqlite_sequence'
Redirected to http://localhost:3000/ideas
Completed 302 Found in 825ms (ActiveRecord: 2.0ms)


Started GET "/ideas" for 0:0:0:0:0:0:0:1 at 2017-01-09 11:05:42 -0500
Processing by IdeasController#index as HTML
  User Load (1.0ms)  SELECT  "users".* FROM "users" WHERE "users"."id" IS NULL ORDER BY "users"."id" ASC LIMIT 1
Completed 401 Unauthorized in 34ms (ActiveRecord: 1.0ms)


Started GET "/login" for 0:0:0:0:0:0:0:1 at 2017-01-09 11:05:42 -0500
Processing by Devise::SessionsController#new as HTML
  Rendered /Users/un/.rbenv/versions/jruby-9.1.2.0/lib/ruby/gems/shared/gems/devise-4.2.0/app/views/devise/shared/_links.html.erb (6.0ms)
  Rendered /Users/un/.rbenv/versions/jruby-9.1.2.0/lib/ruby/gems/shared/gems/devise-4.2.0/app/views/devise/sessions/new.html.erb within layouts/application (60.0ms)
Completed 200 OK in 1724ms (Views: 1684.7ms | ActiveRecord: 0.0ms)

I'm assuming that this is part of the ":database_authenticatable" line in my user.rb.

User.rb:

class User < ActiveRecord::Base
  #include ActiveModel::Model
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable #, :registerable,
         #:recoverable, :rememberable, :trackable, :validatable

  attr_accessor :username
  attr_accessor :firstname
  attr_accessor :lastname
  attr_accessor :fullname
  attr_accessor :email

end

Custom_authenticatable strategy

module Devise
  module Strategies
    class CustomAuthenticatable < Authenticatable

      def authenticate!
        puts "Custom Authenticate"
        if password.present? && has_valid_credentials?
          #puts "Username and password:" + password
          puts authentication_hash[:email]

          authorized = jar.authenticate(authentication_hash[:email], password);
          puts "Authenticated=" + authorized
          if authorized == false
            return fail!
          else
            personInfo = jar.getPerson(username);
            puts personInfo
            personHash = {:username => personInfo.userName, 
                          :firstname => personInfo.firstName, 
                          :lastname => personInfo.lastName,
                          :fullname => personInfo.longName,
                          :email => personInfo.emailAddress}
            puts personHash
            return success! User.new(personHash)
          end
        else
          fail(:unable_to_authenticate)
        end
      end

      def has_valid_credentials?
        true
      end

    end
  end
end

However when I change from :database_authenticatable to :custom_authenticatable, I no longer have a users/sign_in route.

Routes as :database_authenticatable

              Prefix Verb   URI Pattern               Controller#Action
               ideas GET    /ideas(.:format)          ideas#index
                     POST   /ideas(.:format)          ideas#create
            new_idea GET    /ideas/new(.:format)      ideas#new
           edit_idea GET    /ideas/:id/edit(.:format) ideas#edit
                idea GET    /ideas/:id(.:format)      ideas#show
                     PATCH  /ideas/:id(.:format)      ideas#update
                     PUT    /ideas/:id(.:format)      ideas#update
                     DELETE /ideas/:id(.:format)      ideas#destroy
    new_user_session GET    /login(.:format)          devise/sessions#new
        user_session POST   /login(.:format)          devise/sessions#create
destroy_user_session DELETE /logout(.:format)         devise/sessions#destroy
                root GET    /                         redirect(301, /ideas)

Routes as :custom_authenticatable

   Prefix Verb   URI Pattern               Controller#Action
    ideas GET    /ideas(.:format)          ideas#index
          POST   /ideas(.:format)          ideas#create
 new_idea GET    /ideas/new(.:format)      ideas#new
edit_idea GET    /ideas/:id/edit(.:format) ideas#edit
     idea GET    /ideas/:id(.:format)      ideas#show
          PATCH  /ideas/:id(.:format)      ideas#update
          PUT    /ideas/:id(.:format)      ideas#update
          DELETE /ideas/:id(.:format)      ideas#destroy
     root GET    /                         redirect(301, /ideas)

I'm at a bit of a loss as to how to continue. I have also found that OmniAuth will probably allow me to do the same thing although I'm not sure how I would setup the callback phase. Is it worth my time to continue down the Devise strategy path trying to allow sign in or should I stop what I'm doing and use OmniAuth?

If it is worth my time to continue down the devise route, what would be the next steps?

This is the first time I have setup Devise, as much of my Rails experience in the past has ben modifying existing Rails applications in the past. Thanks in advance.

References: (I would include links for all of the references, but I lack sufficient reputation points to post more links)

Devise Authentication Strategies

How to create custom authentication strategies with devise and warden https://www.ldstudios.co/blog/2016/06/15/how-to-create-custom-authentication-strategies-with-devise-and-warden.html

Writing a Non-Gemified Strategy for OmniAuth http://www.polyglotprogramminginc.com/writing-a-non-gemified-strategy-for-omniauth/

Edit I actually was very close to the answer. I hadn't setup Devise correctly and was accessing Warden directly, which is I was able to "sign in" and then was immediately signed out of my application.

config/initializers/devise.rb (the wrong way)

config.warden do |manager|  
  manager.strategies.add(:custom_authenticatable, Devise::Strategies::CustomAuthenticatable)
  manager.default_strategies(:scope => :user).unshift :custom_authenticatable
end

This caused the custom_authenticatatable code to be called but was still trying to use the local Database for the user. When I made the following change to devise.rb (as described in the ldstudios blog) it started working as expected.

config/initializers/devise.rb (the right way)

Devise.add_module(:custom_authenticatable, {
  strategy: true,
  controller: :sessions,
  model: 'custom_auth',
  route: :session
})

Answer 1

The omniauth route is not too bad. You can subclass the provider in omniauth-identity and add your custom sign in logic.