I am trying to create an API to enter my rails application using Devise and authenticatable_token. I created a SessionController in my API module and wrote the following code for sign_in:
module Api
module V1
class SessionsController < Devise::SessionsController
def create
resource = warden.authenticate!(scope: resource_name, recall: "#{controller_path}#new")
sign_in(resource_name, resource)
if current_user
if !current_user.authentication_token
current_user.reset_authentication_token!
end
render json: {success: true, auth_token: resource.authentication_token, email: resource.email}
else
invalid_login_attempt
end
end
protected
def invalid_login_attempt
warden.custom_failure!
render json: {success: false, message: "Error with your login or password"}, status: 401
end
end
end
end
The problem is that the application calls 401 when I use the login without any tokens.
RestClient.post "http://localhost:3000/api/v1/users/sign_in", {user: {email: "tester@test.biz", password: "FILTERED"}}.to_json, :content_type => :json, :accept => :json
But if I installed the token that was provided by the registration method, it works:
response_json = RestClient.post "http://localhost:3000/api/v1/users/sign_in?auth_token=#{@token}", {user: {email: "tester@test.biz", password: "FILTERED"}}.to_json, :content_type => :json, :accept => :json
So why is that? Is it possible to disable the authentication process of a token when performing a character?
source
share