Hi I'm having an error similar to a few on here but I think the root cause is different, as no solution I've found has worked. Basically I'm using Devise in Rails on a small project, and although using the sign_up page works just fine (the user is placed into the DB), the sign_in page seems to find the user but not set them as the current user. The only thing I've changed from the out-of-the-box solution is using :username as the auth key not :email.
class ApplicationController < ActionController::Base
protect_from_forgery prepend: true
skip_before_action :verify_authenticity_token
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
devise_parameter_sanitizer.permit(:sign_in) { |u| u.permit(:username, :password, :remember_me) }
devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:username, :email, :password, :current_password) }
end
end
in my initializer/devise.rb:
config.authentication_keys = [:username]
config.case_insensitive_keys = [:username]
config.strip_whitespace_keys = [:username]
user model
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
def email_required?
false
end
def email_changed?
false
end
def will_save_change_to_email?
false
end
end
and the output of the console is shown below:
Started POST "/users/sign_in" for ::1 at 2020-08-11 17:12:53 +0100
Processing by Devise::SessionsController#create as HTML
Parameters: {"authenticity_token"=>"EbXx8CI0+FsF1HkNwHqsUW09BJ0HOW2lJDjWmJEc03d0AeaBOWVxNFpupUA+qLKIsiVMZ9kfbmCZidZMZIKoXA==", "user"=>{"username"=>"bob", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."username" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["username", "bob"], ["LIMIT", 1]]
Redirected to http://localhost:3031/
Completed 302 Found in 103ms (ActiveRecord: 0.4ms | Allocations: 3788)
Started GET "/" for ::1 at 2020-08-11 17:12:53 +0100
Processing by BoardsController#index as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms | Allocations: 248)
And the Boards Controller simply has:
before_action :authenticate_user!
which is redirecting back to sign_in because auth is failing.
Thanks for any advice!
Putting this here in case anyone else encounters this issue.
If you are using Stimulus Reflex, it currently disables the rails cookie_store and uses cache_store instead. You can either switch back:
config.session_store :cache_store
back to rails default
config.session_store :cookie_store
or run rails dev:cache to enable the cache_store in your development environment.