has_secure_token rails5 for logging in a user.

Has anyone any thoughts on logging in a user to a rails app after the user logs in via the traditional form mechanism with devise?

My current thought line:

override devise sessions_controller with a custom method for using user.auth_token object to validate and login the given user if the auth_token is valid.

attempts:

utilizing the oAuth2 gem integration for devise as a model i’ve customized the controller setup from the oAuth2 implementation for google here:

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController

def google_oauth2

You need to implement the method below in your model (e.g. app/models/user.rb)

user = User.from_omniauth(request.env[“omniauth.auth”])

if user.persisted?

sign_in_and_redirect user, notice: “Signed in!”

else

redirect_to new_user_registration_url

end

end

def failure

redirect_to root_path

end

end

by making my own here:

class Users::AuthTokenController < Devise::SessionsController

def create

self.resource = warden.authenticate!(auth_options)

You need to implement the method below in your model (e.g. app/models/user.rb)

user = resource(auth_options)

if user.persisted?

sign_in_and_redirect user, notice: “Signed in!”

else

redirect_to new_user_registration_url

end

end

def failure

redirect_to root_path

end

end

updating the user.rb file to include the auth_token method:

def self.auth_token(auth_token)

user.auth_token = auth_token

user.save!

end

and modifying my devise initializer to allow http_authenticatable to true.

when i do a curl to my app this is the result:

MacBook-Pro:evr_streamws medright1$ curl -IH “Authorization: Token auth_token=a47a8e54b11c4de5a4a351734c80a14a” http://localhost:3000/users/sign_in

HTTP/1.1 200 OK

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

Content-Type: text/html; charset=utf-8

ETag: W/“ba70bfa23607d06dae26fc796ed61e95”

Cache-Control: max-age=0, private, must-revalidate

Set-Cookie: _evr_streamws_session=dThRaUgzSkJTRG9LU2xKcVFVc0M0Y3hFV1EyN3BBR0ZoR1pJYi9vREdEMWtyOWdPMC9nWmEwdDVEQ2YyMlVsSE9tTGZrd3lsS2Z3eWdBano0dUxQUjJ1Z3owYWtIVjZWZWxFSFg3Q0hhR0pZeHhia0lSdmtlb3U1K1NPTVlGaVRodzJiV2lGVFl3dVJqU1EvRWI1MzJBPT0tLWpmS2xCSWQzQ1Y3UUxHZ25nK2Jodmc9PQ%3D%3D–78c347429f29f47e8dfab4ba8ace89abb735aa27; path=/; HttpOnly

X-Request-Id: 41982aa3-de14-42e8-952d-de54b9975390

X-Runtime: 0.212273

and the output from the server logs on the request:

Started DELETE “/users/sign_out” for ::1 at 2017-05-01 11:33:52 -0400

Processing by Devise::SessionsController#destroy as HTML

Parameters: {“authenticity_token”=>“f4iw8J1pP0khuhWL2RFOaYFSeAiE78CDnEkutxJwuuybKVEO9PKNlJ49O6cO5TA3/EiDX/NFV5RSOCE3yKLgBw==”}

User Load (0.3ms) SELECT “users”.* FROM “users” WHERE “users”.“id” = ? ORDER BY “users”.“id” ASC LIMIT ? [[“id”, 2], [“LIMIT”, 1]]

(0.1ms) begin transaction

(0.0ms) commit transaction

Redirected to http://localhost:3000/

Completed 302 Found in 5ms (ActiveRecord: 0.4ms)

Started GET “/” for ::1 at 2017-05-01 11:33:52 -0400

Processing by HomeController#show as HTML

Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)

Started GET “/users/sign_in” for ::1 at 2017-05-01 11:33:52 -0400

Processing by Devise::SessionsController#new as HTML

Rendering /Users/medright1/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/devise-4.2.1/app/views/devise/sessions/new.html.erb within layouts/application

Rendered /Users/medright1/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/devise-4.2.1/app/views/devise/shared/_links.html.erb (1.6ms)

Rendered /Users/medright1/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/devise-4.2.1/app/views/devise/sessions/new.html.erb within layouts/application (11.3ms)

Completed 200 OK in 156ms (Views: 154.8ms | ActiveRecord: 0.0ms)

Finished “/cable/” [WebSocket] for ::1 at 2017-05-01 11:33:52 -0400

StreamChannel stopped streaming from stream_channel

Started GET “/cable” for ::1 at 2017-05-01 11:33:52 -0400

Started GET “/cable/” [WebSocket] for ::1 at 2017-05-01 11:33:52 -0400

Successfully upgraded to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)

StreamChannel is transmitting the subscription confirmation

StreamChannel is streaming from stream_channel

i’m not being passed as an authenticated user when redirected to the after_signin_path which should be /farms with these credentials… any thoughts are appreciated as i’m a bit fuzzy on the process for logging in a user via an auth_token…