Good afternoon all, I’m trying to restrict the access to the application to paths like “localhost:3000/users/1” without a previus login. To do that I have create this function: ‘session_controller.rb’ before_action :authorize def authorize if current_user.nil? redirect_to home_path else redirect_to user_path(current_user.id) end end
When the ‘current_user’ is nil it entryes to an infinite loop. What I have to do to solve this?.
Thanks & Best regards.
Alfredo.
Without actually seeing the code for what is answering home_path, I'm going to make a guess that that controller+action is making a call to the session controller.
Yes, when the ‘current_user’ is nil ‘home_path’ calls a method from session controller. I understand the reason of the loop, but I don´t know how to fix it 
I need this way because when the user is not loged he can’t access anything from the application.
Thanks ,
Alfred.
Remove one or the other, your choice. If your application cannot handle anonymous users (which is legit thing), don't send anonymous users back to the home controller from the point where they have to log in. What you should most likely be doing is directing them to a login screen instead.
Hello Alfredo,
Could you please provide where and how the current_user is being defined. Are you using an gem for registration/authentication or this is manually defined code?
Also please share the content of controller which contains the action ‘home’(for home_path) ?
Well, my guess is that either devise(https://github.com/plataformatec/devise/) or sorcery(https://github.com/NoamB/sorcery/) is being used. If this is the case, it is recommended to use following methods provided by these gems.
devise - :authenticate_user! - https://github.com/plataformatec/devise#controller-filters-and-helpers
sorcery - :require_login - https://github.com/NoamB/sorcery#api-summary
Thanks, Lauree
Or use :only or :except on the filter to specify that certain methods do/do not have to have authorisation.
Colin
Good afternoon all, First of all thanks for the answers. Lauree, I been trying to use ‘devise’ gem but I’m to junior yet, so I’m using other way to the users login and logout. But thanks for the advise. I’m following what Colin said. With this line in the controllers: before_action :authorize, only: [:index, :destroy] Further I have a question. How can I manage ‘strange’ requests that come to my app like: http://localhost:3000/undefinded
Thanks!
Alfredo.
Please quote the previous message when you are replying, it makes it easier to follow the thread. Thanks.
What do you mean by manage them? What to you want to do?
Colin
Ok sorry. What I need is to redirect the application in the case a bad request comes to my application. For example: http://localhost:3000/undefinded
The application have to redirect that request to a page that says something like “Sorry that page does not exist”.
Thanks
That is already handled for you. Just edit public/404.html to say whatever you like.
Colin
When I type ‘http://localhost:3000/undefinded’ I get this page:
This is a route problem, it is trying to load that path.
Thanks.
Alfredo.
When I type ‘http://localhost:3000/undefinded’ I get this page:
Routing Error
No route matches [GET] "/undefined”
I *think* that is because you are running in development mode. I think that if you run it in a production environment that public/404.html will be displayed, but I must admit I am not sure exactly how this works. Perhaps someone more knowledgeable will add detail or correct me.
Colin
When I type ‘http://localhost:3000/undefinded’ I get this page:
Routing Error
No route matches [GET] "/undefined”
I *think* that is because you are running in development mode. I think that if you run it in a production environment that public/404.html will be displayed, but I must admit I am not sure exactly how this works. Perhaps someone more knowledgeable will add detail or correct me.
You are correct. The development mode shows the "developer-friendly" errors, and the production mode shows the opaque "user-friendly" errors from the static /public/[nnn].html files. Edit those directly to make them appear any way you like. Remember, they will be served from the / root of the server, so any paths to resources need to be relative from that point.
Walter
Do you mean how can you run automated tests in the production environment or do you mean how can you run your app in the production environment to see whether it functions as described?
Colin