I'm running Angular on a Rails API. For authentication I'm intercepting the 401 status with:
.config(['$httpProvider', function($httpProvider){
// Prevent rails from making new sessions each time
$httpProvider.defaults.headers.common['X-CSRF-Token'] = $('meta[name=csrf-token]').attr('content');
var interceptor = ['$location', '$rootScope', '$q', function($location, $rootScope, $q) {
function success(response) {
return response;
}
function error(response) {
if (response.status === 401) {
$rootScope.$broadcast('event:unauthorized');
$location.path('/login');
return response;
}
return $q.reject(response);
}
return function(promise) {
return promise.then(success, error);
};
}];
$httpProvider.responseInterceptors.push(interceptor);
}])
But the interceptor isn't triggering because of the redirect showing a status of 200
Started GET "/api/v1/stages" for 127.0.0.1 at 2014-02-23 04:38:12 +0530
Processing by StagesController#index as HTML
Completed 401 Unauthorized in 5ms
Started GET "/api/v1/users/sign_in" for 127.0.0.1 at 2014-02-23 04:38:12 +0530
Processing by Devise::SessionsController#new as HTML
Rendered /home/kartikluke/.rvm/gems/ruby-2.0.0-p247/gems/devise-3.2.2/app/views/devise/shared/_links.erb (4.3ms)
Rendered /home/kartikluke/.rvm/gems/ruby-2.0.0-p247/gems/devise-3.2.2/app/views/devise/sessions/new.html.erb within layouts/application (34.5ms)
Completed 200 OK in 223ms (Views: 171.2ms | ActiveRecord: 5.8ms)
How do I make Devise return a 401 JSON error?
After a lot of searching I found a solution.
I added a custom failure app to Devise:
class JsonFailureApp < Devise::FailureApp
def respond
self.status = 401
self.content_type = 'json'
self.response_body = '{"error" : "authentication error"}'
end
end
and added that to Devise:
config.warden do |manager|
manager.failure_app = JsonFailureApp
end
Now redirect isn't called and instead a status of 401 is registered.