Devise 401 return on correct login with custom sessions controller

Question

I am having some problems pertaining to devise and the creation of custom sessions controllers.

I am creating an app and I want json as the only form of login. So here is what I have done so far.

Sessions controller

class SessionsController < Devise::SessionsController

  # Create operation should login the user and respond with json status
  def create
    resource = warden.authenticate!(:scope => resource_name, :recall => "sessions#failure")
    sign_in(resource_name, resource)

    respond_to do | format |
      format.json { render :json => { :success => true, :user => resource }, :status => 200 }
    end
  end

  def failure
    return render :status => 401, :json => {:success => false, :errors => ["Login failed."]}
  end  

end

Session Routes:

  devise_for :users, :controllers => {:sessions => "sessions"}, :skip => [:sessions] do
    get '/login' => 'sessions#new', :as => :new_user_session
    post '/login' => 'sessions#create', :as => :user_session
    get '/logout' => 'sessions#destroy', :as => :destroy_user_session
  end

Test I am trying to run:

require 'spec_helper'

describe SessionsController do
  include Devise::TestHelpers

  describe "POST 'create'" do
      describe "invalid signin" do

        before(:each) do
          @attr = { :email => "[email protected]", :password => "invalid" }
          request.env["devise.mapping"] = Devise.mappings[:user]
        end

        it "should return an error" do
          post :create, :user => @attr,  :format => :json

          puts @response.body
        end

      end
  end
end

Now, when I run this test. I get a http response instead of json:

#<ActionDispatch::Response:0x00000004cb8bb8>

When I perform a curl operation via command line to input the data

This is the command:

curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d ' {"user":{"email":"[email protected]","password":"aaaaaaaaa"}}'  http://192.168.202.128:3000/login

The first execution sends a 401 then subsequent executions send a 200

Failure:

* About to connect() to 192.168.202.128 port 3000 (#0)
*   Trying 192.168.202.128... connected
* Connected to 192.168.202.128 (192.168.202.128) port 3000 (#0)
> POST /login HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: 192.168.202.128:3000
> Accept: application/json
> Content-type: application/json
> Content-Length: 57
> 
< HTTP/1.1 401 Unauthorized 
< Content-Type: application/json; charset=utf-8
< X-Ua-Compatible: IE=Edge
< Cache-Control: no-cache
< X-Runtime: 2.026670
< Content-Length: 44
< Server: WEBrick/1.3.1 (Ruby/1.9.2/2011-07-09)
< Date: Mon, 10 Oct 2011 14:03:36 GMT
< Connection: Keep-Alive
< Set-Cookie: _styylt_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRkkiJWIxZDZiMmZkNTdlYTFkMzQ1MTRkZGZmNDA1NjljYzU5BjsAVA%3D%3D--fd27eebb575f61cf805b0f3ada4d2780fdc7f929; path=/; HttpOnly
< 
* Connection #0 to host 192.168.202.128 left intact
* Closing connection #0
{"success":false,"errors":["Login failed."]}

Success:

* About to connect() to 192.168.202.128 port 3000 (#0)
*   Trying 192.168.202.128... connected
* Connected to 192.168.202.128 (192.168.202.128) port 3000 (#0)
> POST /login HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: 192.168.202.128:3000
> Accept: application/json
> Content-type: application/json
> Content-Length: 57
> 
< HTTP/1.1 200 OK 
< Content-Type: application/json; charset=utf-8
< X-Ua-Compatible: IE=Edge
< Etag: "c4da2521fa2f6c5721e7cf8d3c7626ce"
< Cache-Control: max-age=0, private, must-revalidate
< X-Runtime: 0.377351
< Content-Length: 71
< Server: WEBrick/1.3.1 (Ruby/1.9.2/2011-07-09)
< Date: Mon, 10 Oct 2011 14:03:45 GMT
< Connection: Keep-Alive
< Set-Cookie: _styylt_session=BAh7B0kiGXdhcmRlbi51c2VyLnVzZXIua2V5BjoGRVRbCEkiCVVzZXIGOwBGWwZpCUkiIiQyYSQxMCRnUEJzRDZXSHNTYkk0RkZxSlNjV0cuBjsAVEkiD3Nlc3Npb25faWQGOwBGSSIlY2M2ZGEzMWY0ZDM2ZDc2NjRmNjdhN2I1MjQ4NmFlMTkGOwBU--8fec7bbcf648276f24e3c19a3ce0562060eeabb1; path=/; HttpOnly
< 
* Connection #0 to host 192.168.202.128 left intact
* Closing connection #0
{"success":true,"user":{"email":"[email protected]","username":"userblah2"}}

I don't understand what I am doing wrong or whats going on here. I've looked through most things posts and cannot find a specific answer.

Hope someone is able to help :)

Thank you

Answer 1

This is a bug in a Devise test helper. It was fixed in 2074.