Search code examples
ruby-on-railsauthlogicomniauth

authlogic UserSession.create(@user) giving unauthorized_record


I am trying to create a session explicitly like this UserSession.create(@user, true) but the session is not getting created, current_user is nil.

But when I do this, I get < #UserSession: {:unauthorized_record=>""}>

us = UserSession.create(@user, true)
RAILS_DEFAULT_LOGGER.info(us.inspect) #=> UserSession: {:unauthorized_record=>""}

I had a look at Authlogic::Session::UnauthorizedRecord here it says

Be careful with this, because Authlogic is assuming that you have already confirmed that the user is who he says he is. For example, this is the method used to persist the session internally. Authlogic finds the user with the persistence token. At this point we know the user is who he says he is, so Authlogic just creates a session with the record. This is particularly useful for 3rd party authentication methods, such as OpenID. Let that method verify the identity, once it’s verified, pass the object and create a session.

which is exactly what I am trying to do (i am authenticating using omniauth and creating session using authlogic).

How do I fix this, so that I can get a valid session in current_user ?


Solution

  • I'm not sure about the .create(object, bool) method signature, but the following works using authlogic.

    class Api::ApiBaseController < ApplicationController  
      protected
    
      def verify_token    
        return false if params[:token].blank?
        @session = UserSession.new(User.find_by_single_access_token(params[:token]))
        @session.save
      end
    end
    

    If that doesn't work for you -- I think the @user isn't being set correctly.