stackoom
  简体   繁体   中英

Can I control when a custom Devise/Warden strategy is run with before filters?

 原文  2016-05-06 08:12:48       ruby-on-rails/ ruby/ devise/ ruby-on-rails-3.2/ warden

Question

I'm developing a web application using Rails 3.2 and am using Devise and Warden for handling authentications.

I wanted to implement a custom authentication method for my app, so I read through Warden Wiki pages ( https://github.com/hassox/warden/wiki ) and created a custom Warden strategy with similar structure as the one showed in its documentation (I'll copy that below for the sake of clarity): 

Warden::Strategies.add(:password) do

  def valid?
    params['username'] || params['password']
  end

  def authenticate!
    u = User.authenticate(params['username'], params['password'])
    u.nil? ? fail!("Could not log in") : success!(u)
  end

end

Following that, I added my custom "password" strategy to Devise appending the following code in config/initializers/devise.rb 

config.warden do |manager|
    manager.default_strategies(:scope => :user).unshift :password
end

The problem I've found is that this authentication strategy is executed on every request, and I wanted to provide free access to certain requests to specific routes in my application. Initially, I thought of preventing the execution of the strategy using 

skip_before_filter :authenticate_user!

on every controller whose actions doesn't require authentication, but the authentication keeps on executing even requesting to those controllers.

Can anybody help me how to skip the authentication in some requests? Or even more important, is my idea useless to achieve what I want?

Thanks in advance for your help. I really appreciate it.

Update

While debugging my code looking for a solution, I commented out all before_filter statements in all controller's code and discovered that the authentication strategy still executes. This behaviour turns out to be really strange to me. Does this make sense to anybody?

1 answers

solution1
 0  2016-05-06 09:17:10

I can remember that your "skip filter" should call the autentication method. In this case you should replace skip_before_filter :authenticate_user! by skip_before_filter :authenticate!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run warden strategy in devise when user is already authenticated testing custom devise and/or warden strategy with rspec How do I determine which Devise/Warden strategy was used to authenticate/log in the user? How can I use devise's “warden” to authenticate a rack app in the same stack as the rails app that uses devise? Twitter Oauth Strategy with Warden + Devise Authentication Gems for Ruby Devise warden 401 Unauthorized when wrong credentials Disabling validations when reseting passwords in Devise/Warden How I can add a custom error key in Devise custom authentication strategy? Custom authentication strategy for devise Creating a custom Devise Strategy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM