Instead of returning a View, use RedirectToAction or RedirectToRoute. public class LogOffController : Controller { public ActionResult Index() { FormsAuthentication.SignOut(); return RedirectToAction("Index", "MyController"); } }

I'm still not quite sure what was causing the phantom log out, but I was able to fix the issue I was having. I included an iframe in my application's login and logout pages, whose sources (src) are pointed at the external login and logout pages, respectively. To tell CAS where to redirect to after validating FormsAuthentication credentials, I had to append at the end of the login iframe's src url a query string that looks like ?TARGET=http%3a%2f%2fsome.url.aspx (The target url is escaped. '%3a' is url encoding for a colon (:) and '%2f' is a forward slash (/)) So, say, the external login url was https://www.externalsite.com/login and I wanted to redirect to my welcome page http://www.mysite.com/welcome.aspx after logging in, my application's login page iframe src would need to be `http

You can not sign in a user through the model and you don't want to do that either. Why are you using a validation callback here? If you move part of this logic to your controller you can easily achieve what you want. def MyController < ApplicationController def my_action my_instance.user ||= User.new(...) if my_instance.user.save sign_in my_instance.user end end end

i figured out a bad hack, but if anyone has a better answer please let me know (btw the problem again is that the last_sign_in_at attr gets updated in a prepend_before_filter before the create action, so I dont ever have access to the last_sign_in_at value) forked devise! trackable model def update_tracked_fields!(request) update_sign_in_streak # ... end def update_sign_in_streak time_since_sign_in = Time.now - self.last_sign_in_at if time_since_sign_in.between?(1.day, 2.day) self.sign_in_streak += 1 elsif time_since_sign_in > 2.day self.sign_in_streak = 1 end end

after_sign_in_path_for should just return the path but not perform a redirect, try changing your method like this: def after_sign_in_path_for(resource) if resource.role == "User" user_home_path else org_home_path end end

A single User model will be a good option for all user roles. You can take another model as Role for different types of roles. Role model class Role < ActiveRecord::Base has_many :users end User model class User < ActiveRecord::Base belongs_to :role end You can use gem 'cancan' for role based authorization For view part On home page You can render different partials for sign in and registration in different sections. In home.html.erb <%=render :partial => 'devise/sessions/form' %> <%= render :partial => 'devise/registrations/form' %>

You're almost there. In your question, you said that adding the line render "new" doesn't help. Well, that's because it's continuing to execute the rest of the function after that line. What you want to do is exit immediately, so you're not hitting the line @listing = current_user.listings.build(...). You want render "new" and return after @listing.errors.add :base, ..., so that it leaves the action as soon as it sees that the user is not valid.

Nice question. In your User model, add this class method class User < ActiveRecord::Base def self.allow_unconfirmed_access_for 1.day # Or any time frame you like end end There is a method named confirmation_period_valid? in Devise::Models::Confrimable. This method will check the above mentioned class method which by default does not exist and expect nil. If you have set such time, Devise will allow this user's signing in within this period, even he is not confirmed. You don't need any change on controller. Disclaimer: I have not used this solution before but just concluded it by browsing source. In theory it should work.

I think it can be solved via SSO Maybe it will be useful for you: http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/.

The right way to accomplish this is to adopt SAML 2.0 to handle the exchange of the user identity info between your application and your customer's Windows network creds (stored in Active Directory). Adopting SAML as an authentication option gives you the most security/flexibility and allows your customer's to implement whatever type of authentication they want on their end. SAML ends up being the standards-based method in which you can securely exchange identity info with your customers. At a VERY high level, your customer would implement a SAML 2.0 Identity Provider that allows them to leverage their existing Windows credentials (there are lots of 3rd Party Apps that would allows them to easily do this. Check out pingone.com as one example [Note: I work for Ping Identity]). Once the us

Finally figured it out! I have addressed my question above by implementing the code listed here: Ruby on Rails, Devise gem. How to remove current password when password is blank? As is suggested in the comment from @dgmstuart, I removed the if !params[:current_password].blank? to avoid getting mass-assignment errors. Note that this is just an override of the Devise function update_with_password; the original code is here: http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable#update_with_password-instance_method

Disclaimer: The following code is not verified in my practice. Just in theory they are likely to work. At first you need to use your custom RegistrationsController. You can check how to do that in Devise wiki. After setting up, things are fairly easy. Do the following in your custom controller class Users::RegistrationsController < Devise::RegistrationsController def create super #Nothing special here. end protected def sign_up(resource_name, resource) true end end How does it work? In Devise's code, #create will call a protected method #sign_up after saving successfully. This method does nothing but sign in the user. What we need to do is to overwrite this method to stop that action. Of course you can even add more of your logic here if necessary.

Normally you have to take care for it yourself to display the flash[:notice] and the flash[:alert] messages. The usual place to do that is the layout file in which your devise views are rendered in. At the moment either you only render flash[:notice] thus the failing login messages isn't displayed as it is a flash[:alert] message or you don't display your flash messages at all. Some links concerning the same problem: https://groups.google.com/forum/?fromgroups#!topic/plataformatec-devise/ZAyn3W7cVAg Devise flash messages don't show up You can change the layouts the devise views use in your application.rb, e.g.: config.to_prepare do Devise::SessionsController.layout "session" Devise::PasswordsController.layout "application" end

What about a simple before filter. That way you don't have to mess with devise code class RegistrationsController < Devise::RegistrationsController before_filter :check_conditions, only: :new def new super end private def check_conditions #your conditions end end

Here is how i resolved -- I followed the instructions here exactly: https://github.com/plataformatec/devise/wiki/How-to:-Scope-login-to-subdomain To use these instructions i added the subdomain column to the users table (creating a lot of duplicate subdomains since each team has_many users). Then in my Team controller when i update a team subdomain it also creates a query to gather all the users associated with the team to update their subdomain values as well. Not the ideal fix but works well enough. UPDATE I hope someone finds a better way -- in mean time i'll make a small addition to this. in order for the same email to work across multiple subdomains you need to add the below in your user model. Otherwise the same email will only be registered for 1 subdomain and any regist

Build the link for each plan so that it includes a parameter in the URL. <%= link_to 'Pro', signup_path(:plan => 'pro') %> That would create a URL that's something like http://example.com/signup?plan=pro. Then, in your sign up page, you can automatically set the value of the pull down menu to what was passed in the URL by using something like this: <%= f.select :plan, @plans, :selected => params[:plan] %>

I don't think the virtual attribute login is really required here, you could have achieved this by using just :username. Anyway, I think the problem lies in your view. You need to change your input field to be :login and not :username like follows: %h2 Sign in = simple_form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => {:class => 'form-vertical' }) do |f| = f.input :login, :autofocus => true = f.input :password = f.input :remember_me, :as => :boolean if devise_mapping.rememberable? = f.button :submit, "Sign in", :class => 'btn-primary' = render "devise/shared/links"

That would work, but there's no need to get the user again. request.user is already the user object. owner = request.user owner.username = newusername owner.save()

figured it out - i moved the <%=@cart.line_items.sum("quantity")%> to the partial in the carts directory and that took care of it. upon doing some more research i found that it wuld have also been resolved if i had done <% if @cart %> before the call instead. like this:

I think you're confusing authorization and authentication. Devise is an authentication solution, meaning it handles the "proof me you are who you say you are" part. Authorization is the "Ok, I know who you are, now let's see what can you do". Devise doesn't provide an authorization system beyond the simple "logged/not logged". If you need a more complex authorization system, use an authorization gem. CanCan is very popular.

Well, the layout is not your issue (I don't think), when posting an error on stack overflow, it's super important that you post the stack trace. The stack trace is the holy grail that holds all of the knowledge about the error, and without it, we are totally lost. Post the stack trace, and try restarting your rails server. Make sure you migrate your database, and then maybe we can fix the error. This line: = javascript_include_tag "application", "internationalization.js", "http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js" is broken. I'm not sure why, probably because you've listed out the JS filess on the same line. There may be a problem with the javascript file itself, not sure, but that is where the error is.

Devise has inbuilt feature for this, that is Devise Confirmable module.Have a look on this: In the below link, you will find the step-to-step process, how you can add devise confirmable in your application: https://github.com/plataformatec/devise/wiki/How-To:-Add-:confirmable-to-Users Hope it will help.Thanks

I think the ng-token-auth project may be what you (and much later now, I) are looking for. It's an angular module that's designed to work with devise token auth.

If you don't want to change the style, you can just change the error messages directly in the devise config, as answered here: http://stackoverflow.com/a/5839744/1753596 Otherwise shrikant1712's answer is correct.

Wow. Dumbest mistake ever, but still something I'll post. I copied the new devise_for :users, :controllers => { :registrations => "registrations", :confirmations => 'confirmations' } across to my routes file, neglecting to remove the original devise_for :users which meant it ignored my new controllers.

I fixed this by returning specific path in after_sign_in_path_for in ApplicationController def after_sign_in_path_for(resource) xxxxx_path end Somehow root route in cucumber tests gets redirected to "example.com"

In previous Devise versions, the user was automatically signed in after confirmation. This meant that anyone that could access the confirmation e-mail could sign into someone’s account by simply clicking the link. Automatically signing the user in could also be harmful in the e-mail reconfirmation workflow. Imagine that a user decides to change his e-mail address and, while doing so, he makes a typo on the new e-mail address. An e-mail will be sent to another address which, with the token in hands, would be able to sign in into that account. If the user corrects the e-mail straight away, no harm will be done. But if not, someone else could sign into that account and the user would not know that it happened. For this reason, Devise 3.1 no longer signs the user automatically in after co

I'm not sure why you're getting an object with login credentials, but Devise handles errors through it's FailureApp - make sure you override it so when the 401 is triggered warden recalls the custom action. This is done in your devise initializer, config/initializers/devise.rb Add this to the initializer and restart your server: config.http_authenticatable_on_xhr = false config.navigational_formats = [:html, :json]

I know it's late, but I solved it by adding session["user_return_to"] to rescue_from check_authorization :unless => :devise_controller? rescue_from CanCan::AccessDenied do |exception| session["user_return_to"] = request.fullpath redirect_to new_user_session_path, :alert => exception.message end and removing the after_sign_in_path_for method override. Then Devise will redirect to session["user_return_to"] after sign in.

It looks like you have devise generator previously run unsuccessfully. Backtrace gives a clue that error happens within config/routes.rb line 2. I guess there is a following line of code, setting up devise routes devise_for :users But your users model doesn't have devise modules setup. There should be something like # Include default devise modules. Others available are: # :token_authenticatable, :confirmable, # :timeoutable and :omniauthable devise :database_authenticatable, :rememberable, :trackable, :validatable If this line is present it means that devise is improperly installed. Also there is a chance that you have another class or module "User" within ActiveSupport::Dependencies autoloader paths and when devise_for :users line requires User class this class/module loaded fir

maibe you don't set your provider in security.yml. security: provider: example: entity: {class AcmeAuctionBundleEntityUser, property: username} Replace the Bundle and the entity by yours.

Good question. I think that the solution one is far more clean. There are situations where you need to specify who is actually calling the service since is a shared method (you can use the same method to access public data of other users for example), it could be for the logged user or for someone else, what we usually do is use the same idea, as you said "/method/:id/books" but when the :id is equal to "me" ("/users/me/books") we assume that is the current user and we use the value saved on the request by passport, if not, the :id param is what we need to continue with the process. app.get "/users/:id/books", (req, res, next) -> if req.params.id and req.params.id == "me" req.params.id = req.user.id Edit: You can add it as a middleware using app.use(). Placing this at the

I would strongly suggest that you leave their password alone. Do not pass it through the WebSockets connection. Once the user has been authenticated through any one means, do not use their password any more. You're right that you can not use session_start() for multiple users in the same instance of the server. Instead, you have to store the user's data separately and associate it with their TCP socket handle. (The TCP socket handle is the value returned by socket_accept()). For instance, in your WebSockets server, have a user class where you can instantiate a new object for each connection. This user object will hold their state while they're connected. After the user authenticates to your web application, send a unique, cryptographically secure token in the HTTP response, either i

Ok, I'm hoping this will help anyone besides me, because I haven't been able to find this mentioned anywhere else. Authenticated user (REMOTE_USER) and a lot of other information can be reached at repo.ui.environ map, where repo is a parameter passed to a hook. I imagine this map is the same as the one in os.environ under mod_cgi.

Have you tried Flask integrated unit testing tools? You can make post requests with them, so that you can log in log out and act as authenticated users. I don't know if that is sufficient for you, perhaps you need some more advanced stuff, but you can give it a try.

How about having a second singleton which stores whether the user is logged in or not? Then your setContent method can just reference this and render content depending. Or possibly just declare a static variable inside your existing singleton that would store this information.

The solution to the problem is the gateway feature of the CAS protocol. This feature will redirect a user to a CAS server so that the user’s browser can be authenticated via the initial ticket-granting cookie given to it the first time the user submitted credentials. If the ticket-granting cookie is found, then the CAS server will redirect the user back to the app without having to re-enter credentials. Read more at Techslate about this user authentication solution

i'm not sure quite what your question is. but if you are looking to authorise once rather than in each controller, you can put the code into the module instead and put it into the $rootScope. var myapp = angular.module('myapp').run( function ($rootScope) { $rootScope.user = null; $rootScope.$on("angularFireAuth:login", function (evt, user) { $rootScope.user = user; }); });

For this, you would simple make an AJAX call to your URL, and in the view that handles the URL, you would add the @login_required decorator. For some reason, the django project is down right now, so I will send you to another place where you can get the information. However, you will need to watch out for a few things, one is that you need to add the CSRF token, and secondly you will need to make a few changes in the SETTINGS.PY file. I think the video covers it all, sorry I cannot send you to the official docs, because it seems to be down at the moment.

I can't see al the code, but if you want to insert new task and new user in the same time (using collection type in forms) you need to define it in your entity (cascade annotation): class Task { ... /** * @ManyToOne(targetEntity="Employee", cascade={"persist"}) * @JoinColumn() */ protected $creator; ... + setters/getters } For more info about cascade operations see Doctrine documentation: http://docs.doctrine-project.org/en/2.0.x/reference/working-with-associations.html#transitive-persistence-cascade-operations