CODEWITHSUNDEEP
authenticationdeviseruby-on-rails-5tokenactiveadmin
Ofir Sasson
Ofir Sasson

Reputation: 671

ActionController::InvalidAuthenticityToken in ActiveAdmin::Devise::SessionsController#create

I'm using Ruby on Rails 5 Api app with modification to enable Active Admin. Everything was fine until now. I don't remember doing any changes in the app, but now, if I delete cookies and etc on the browser, I can't login to the active admin app and this error is what I get:

enter image description here

I tried to add in application controller both 

protect_from_forgery :with => :exception

and

protect_from_forgery :with => :null_session

but none have worked. This is my application controller:

class ApplicationController < ActionController::Base
  # protect_from_forgery :with => :exception
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected
  def configure_permitted_parameters
    attributes = [:name]
    devise_parameter_sanitizer.permit(:sign_up, keys: attributes)
  end
end

I don't know what causing it and how to solve it. Thanks beforehand.

Upvotes: 4

Views: 3936

Answers (4)

An Vo
An Vo

Reputation: 359

Just put the authenticity_token hidden field with the value form_authenticity_token:

      form action: admin_tools_generate_wallets_path, method: :post do
        input type: 'hidden', name: 'authenticity_token', value: form_authenticity_token
        div do
          label 'Number of Wallets'
          input type: 'number', name: 'number_of_wallets'
        end
        div do
          input type: 'submit', value: 'Generate'
        end
      end
    ```

Upvotes: 0

Rafael Gomes Francisco
Rafael Gomes Francisco

Reputation: 2322

In my context, I have a custom admin page and to solve I put a authenticity_token hidden field. Like below:

form method: :post, action: admin_templates_save_template_path do |f|
   f.label "label", for: :base_proposal_url
   f.input id: :base_proposal_url, name: :base_proposal_url

   ### field to handle authenticity token
   f.input type: :hidden, name: :authenticity_token

   f.button "Save", type: :submit
end

Upvotes: 1

lucyjosef
lucyjosef

Reputation: 762

It happens to me a lot when I switch from a branch to another without restarting my server.

Restarting the rails server works for me each time :)

Upvotes: 0

Ofir Sasson
Ofir Sasson

Reputation: 671

Now it's working. After I restart my computer and added the line:

protect_from_forgery prepend: true, with: :exception

instead in the application controller, it worked.

Upvotes: 1

Related Questions