Reputation: 6344
Devise returns 401 on updated Rails 3.1 app with slightly custom routes
I can't seem to get a user logged into our admin panel after upgrading our app from Rails 2.3.x to Rails 3.1.3. I'm using the latest version of Devise, which at the time of this post is v1.5.3.
A POST to the session#create route returns a 401 response (and all the params look like they're going in properly); it happens when Warden tries to auth the user using one of Devise's strategies (:database_authenticatable). Here's my user model.
class User < ActiveRecord::Base
devise :database_authenticatable, :validatable
attr_accessible :email, :password, :password_confirmation
end
I've got an overridden Devise::SessionsController in my :admin namespace (the logins are for admins only, and they've got their own site layout, thus the override). There's nothing special in the controller, really, other than the layout:
class Admin::SessionsController < ::Devise::SessionsController
layout "admin"
end
I do have slightly customized routes, and here's the code that I've got for that.
devise_for :users, :controllers => { :sessions => 'admin/sessions' }
I have the csrf_meta_tag bit in my layout's headers, and my ApplicationController has the protect_from_forgery line in it. The form's errors are empty when it comes back to re-render the page.
I've stepped through the code (all the way into lib/warden/proxy.rb), and Warden doesn't seem to think the :database_authenticatable strategy I'm using is valid (Warden's source code for that part). The user is a valid user… I've created it via an Rails rails console IRB session, from scratch, with a valid password and everything. I would hope it should recognize that as valid, right? Or am I even barking up the right tree?
Upvotes: 0
Views: 1020
Answers (1)
Reputation: 6344
Wow, I'm kind of a fool. After stepping into Devise's authenticatable strategy, it became clear to me that in my devise.rb configuration file (which I had copied in from another project and tweaked) had :username listed as an authentication_key, and not :email like it should have been. Changed it to :email and now it works.
In a related story, I now have a somewhat murky understanding of how Devise works with Warden.
Upvotes: 1
Related Questions
- Conflicting Devise and restful controller routes | Rails 5.2
- Custom Devise 401 unauthorized response
- Rails 3.1 + Devise: The default routes for Devise aren't working
- Always getting 401 Unauthorized with new install of Rails + Devise
- Devise hijacking a 401 response
- rails RESTful routing with Devise not working
- Devise JSON API returning 406 instead of 401 because of redirect
- Migrating from restful_authentication to Devise with Rails 2.3.14
- Sign in in a rails app with Devise and token_authenticatable : "401 unauthorized"
- devise routing error