I've a Rails 5 API with devise/doorkeeper perfectly working.
I've built an engine having a front-end part with all devise views. Everything works unless the flash when warden is throwing an error. I've imported manually missing modules :
# app/controllers/concerns/api_to_web_controller.rb
module ApiToWebController
extend ActiveSupport::Concern
included do
include ActionController::Helpers
include ActionController::MimeResponds
include ActionController::Redirecting
include ActionView::Layouts
include ActionController::EtagWithFlash
include ActionController::Flash
respond_to :html
end
end
# app/controllers/concerns/devise_api_to_web.rb
##
# Module to integrate Devise:
# - helpers
# - layout
# It also redefine `redirect_to`.
# See https://github.com/heartcombo/responders/issues/222
# for more details
module DeviseApiToWeb
extend ActiveSupport::Concern
included do
layout 'secret_migration/devise'
if respond_to?(:helper_method)
helpers = %w[resource scope_name resource_name signed_in_resource
resource_class resource_params devise_mapping]
helper_method(*helpers)
end
def redirect_to(options = {}, response_options = {})
super
end
end
end
Here is my custom SessionController
module MyEngine
module V1
# Override Devise::SessionsController
class Users::SessionsController < Devise::SessionsController
include ::ApiToWebController
include ::DeviseApiToWeb
end
end
end
I got this custom after_authentication
# config/initializers/warden.rb
Warden::Manager.after_authentication do |user, auth, _opts|
next if user.is_ok?
throw(:warden, :message => "User not ok, contact admin")
end
Finally, the application file
module MyApp
class Application <
opts = { key: '_my_app', domain: 'example.com', tld_length: 1 }
Rails::ApplicationRails.application.config.session_store :disabled
config.session_store :cookie_store, opts
config.middleware.use ActionDispatch::Session::CookieStore, config.session_options
config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore,
opts)
I've been able to track the data. env[warden.options] is well filled with :message => "User not ok, contact admin" but somehow, it's not passed after the redirection.
Important point, I got flash message when it's a pure devise error like Invalid Email or password..
I got it. It was a middleware order issue. It has to be with the following order
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use Warden::Manager
I've update my engine.rb to include the middleware at the correct place
module MyEngine
##
# Engine initializers
class Engine < ::Rails::Engine
isolate_namespace MyEngine
initializer 'use action dispatch flash' do |app|
app.config.middleware.insert_after(ActionDispatch::Session::CookieStore, ActionDispatch::Flash)
app.config.middleware.use Rack::MethodOverride
end
end
end
# config/application.rb
module MyApp
class Application < Rails::Application
# ...
config.middleware.insert_before(Warden::Manager, ActionDispatch::Cookies)
# ...
end
end
# config/environments/development.rb
Rails.application.configure do
opts = { key: '_my_app', domain: 'lvh.me', tld_length: 2 }
Rails.application.config.session_store :disabled
config.session_store :cookie_store, opts
config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore,
opts)
end