rails:3 Devise signup Filter chain halted as :require_no_authentication rendered or redirected

Question

I am using Devise in my site I create admin namespace and giving functionality of create user by admin.
my routes are as under

devise_for :users,:has_many => :comments, :controllers => {:sessions =>'devise/sessions',:registrations => 'devise/registrations'} do    
  get "/login", :to => "devise/sessions#new", :as => :login  

  get "/signup", :to => "devise/registrations#new", :as => :signup     

  get "/logout", :to => "devise/sessions#destroy", :as => :logout
end

when i click on add_user link which has signup_path causing following error:

My Error

 Started GET "/signup" for 127.0.0.1 at Fri Mar 09 12:49:11 +0530 2012    
 Processing by Devise::RegistrationsController#new as HTML    
 User Load (0.1ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 35 LIMIT 1    
 Redirected to http://localhost:3000/admin     
 Filter chain halted as :require_no_authentication rendered or redirected
 Completed 302 Found in 3ms (ActiveRecord: 0.1ms)

I think it going to the devise registration controller but due to following line it cause an error in devise registration controller

prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]

Answer 1

I got an even simpler solution:

prepend_before_filter :require_no_authentication, only: [:cancel ]

By removing :new, :create from the prepend_before_filter it overrides devise source code and solve the problem. I had the same issue and it solved my problem.

Answer 2

I also noticed in my application that when I create a user and log in as that user, the above messages are displayed by the rails server console and I am redirected to rails localhost default window 'Yay, You are on Rails'.

This is because no page is defined to take the logged-in user. When I defined a welcome page 'index.html.erb' in a folder, say, 'welcome' under 'views' folder, the login was successful and it worked. You can try this.

Answer 3

Like you, I wanted an Admin user to be able to add new users. But I didn't want to mess with the Devise Registerable, since I actually wanted users to still be able to register themselves. I have some admin users with permission to add a new user, so I created additional methods in my users controller and additional views to handle that case.

My additional methods are not referenced by Devise's prepend_before_filter :require_no_authentication, so they don't get the error.

My recipe:

In app/controllers/users_controller.rb (or whatever object you are using devise for): Copy the new, create and update methods and rename the copies to admin_new, admin_create, and admin_update.

In app/views/users, copy new.html.erb to admin_new.html.erb Change the partial to refer to admin_form instead of form:

 <%= render 'admin_form' %>

Then copy the partial _form.html.erb to _admin_form.html.erb. In _admin_form.html.erb, change the form_for to use a different URL:

form_for(@user, :url => '/users/admin_create')

Add routes in config/routes.rb to point to the alternate methods in the user controller:

devise_scope :user  do
    ...
    get  'users/admin_new' => 'users#admin_new'
    post 'users/admin_create' => 'users#admin_create'
end

Now you can add users while you are logged in by going to /users/admin_new, and users are still able to create their own user (register) using the devise mechanism that you have not disturbed.

Answer 4

I was receiving the following error in my development log.

Filter chain halted as :require_no_authentication

An endless loop was created because devise's after_sign_in_path_for in application_controller.rb was redirecting back to the previous page with

stored_location_for(resource)

Devise's gem signs in the user when the password is edited.

Answer 5

The mentioned line on Devise's Controller makes sense in general cases: a logged in user can't sign up. As you're on a case where only an admin can create a user, I would suggest that you don't use Devise's controller on Registerable module and write your own controller with your own rules. You can write it based on Devise's controller changing only the mentioned line.

If you want to use it, try skipping the before_filter with skip_before_filter. I don't think it is the best solution. and I would write my own controller.