ruby-on-railsdevisedevise-token-auth

devise_token_auth with devise for non-devise routes

I'm trying to get devise + devise_token_auth to work together using the 'enable_standard_devise_support = true' and without the need to duplicate every controller one for web and one for API.

I turn on standard devise support in the initialiser

        : config.enable_standard_devise_support = true

And set up my routes as nested

        :   namespace :api, defaults: {format: 'json'} do # namespace devise token routes to stop duplication
        :     namespace :v1 do
        :       mount_devise_token_auth_for 'User', at: 'auth'
        :     end
        :   end

The home route is still outside of the API

        : resources :home, only: [:index]
        : root to: "home#index"

I have an API application_controller.rb with;

        : module Api
        :   module V1
        :     class ApplicationController < ActionController::API
        :       include DeviseTokenAuth::Concerns::SetUserByToken
        :       before_action :authenticate_user!
        :       before_action :configure_permitted_parameters, if: :devise_controller?
        :       
        :       protected
        : 
        :       def configure_permitted_parameters
        :         devise_parameter_sanitizer.permit(:sign_in, keys: [:email, :password])
        :       end
        :     end
        :   end
        : end

and an application_controller.rb with;

        : class ApplicationController < ActionController::Base
        :   protect_from_forgery unless: -> { request.format.json? }
        : end

Why my other routes such as home#index not working?

The error I get from devise_token_auth access to the /home.json area

        : Successfully synced application org.nativescript.NativeScriptTemplate2 on device emulator-5586.
        : JS: Angular is running in the development mode. Call enableProdMode() to enable the production mode.
        : JS: Login called
        : JS: Logged in: 06rD-pZ-kstw_YZO7cWTCQ
        : JS: ERROR {
        : JS:   "headers": {
        : JS:     "normalizedNames": {},
        : JS:     "lazyUpdate": null
        : JS:   },
        : JS:   "status": 401,
        : JS:   "statusText": "Unauthorized",
        : JS:   "url": "http://192.168.200.4:3000/home.json?uid=user@example.com&client=vRardfTGtk10YTXwz8cSRg&access-token=06rD-pZ-kstw_YZO7cWTCQ",
        : JS:   "ok": false,
        : JS:   "name": "HttpErrorResponse",
        : JS:   "message": "Http failure response for http://192.168.200.4:3000/home.json?uid=user@example.com&client=vRardfTGtk10YTXwz8cSRg&access-token=06rD-pZ-kstw_YZO7cWTCQ: 401 Unauthorized",
        : JS:   "error": {
        : JS:     "error": "You need to sign in or sign up before continuing."
        : JS:   }
        : JS: }

Here is the home controller

class HomeController < ApplicationController
  before_action :authenticate_user!

  respond_to :html, :json

  def index
    respond_to do |format|
      format.html
      format.json { render json: {message: "Welcome to the Ruby on Rails backend"} }
    end
  end
end

Update: Testing with curl

Here is my template code: https://github.com/map7/backend_rails6_template

If I test the API with curl commands I can replicate the problem;

On commit '102bb24' the API is broken for the home route but the web views work.

Login

curl -i -X POST http://localhost:3000/api/v1/auth/sign_in.json -F email=user@example.com -F password=password

Get the next page with credentials (Note you will have to paste in the client & access-token you get back from the sign in headers)

curl -i -X GET http://localhost:3000/home.json\?uid\=user@example.com\&client\=UQPxKFYEQ1GcaA_PpIjx2Q\&access-token\=PTR-jCn8xgg6GfZ2Fu5QeA

Error I get

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache
X-Request-Id: a746a91c-bffa-405a-8b17-a5dd0ce37df1
X-Runtime: 0.012248
Vary: Origin
Transfer-Encoding: chunked

{"error":"You need to sign in or sign up before continuing."}%

NOTE: To see a working example first try commit "e475478". This commit works for the API but not the web views.

Solution

  • I had to create a separate controller for the API and put that separate controller in the routes for it to work.

    API Home controller

              : module Api
          :   module V1
          :     class HomeController < ApplicationController
          :       before_action :authenticate_user!
          :       
          :       def index
          :         render json: {message: "Welcome to the Ruby on Rails backend"}
          :       end
          :     end
          :   end
          : end

    HTML Home Controller

              : class HomeController < ApplicationController
          :   before_action :authenticate_user!
          : end

    Routes

              : Rails.application.routes.draw do
          :   devise_for :users             # Standard devise routes must come first!
          :   resources :home, only: [:index]
          :   root to: "home#index"
          : 
          :   namespace :api, defaults: {format: 'json'} do
          :     namespace :v1 do
          :       mount_devise_token_auth_for 'User', at: 'auth'
          :       resources :home, only: [:index]
          :     end
          :   end
          :   
          : end