I have Devise running on my Rails 3.2 application. Google Oauth is used to sign in.
New Users attempt to sign in with Google and are redirected to the sign-in page without being signed in. I check the DB and the User's accounts are created with the correct credentials (everything is correct except IP).
Returning Users have no problem signing in, Log out also works perfectly.
I'm not sure what I am doing wrong, I followed this tutorial: http://blogs.burnsidedigital.com/2013/03/rails-3-devise-omniauth-and-google/
The difference is that I do not have any need for additional user information, I just want to authenticate users through their google accounts ensuring they belong to a certain domain foobar.com
I have an OmniAuth controller which looks like this:
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google_oauth2
auth = request.env["omniauth.auth"]
proceeder = !!(auth.info.email =~ /^[a-zA-Z0-9.]+@foobar\.com$/)
if proceeder
user = User.from_omniauth(auth)
flash.notice = "Signed in!"
sign_in_and_redirect user
redirect_to :root
else
flash[:notice] = "You must use an email ending in @foobar.com"
redirect_to signup_path
end
and my User model is as follows:
class User < ActiveRecord::Base
has_many :posts
has_many :comments
has_many :votes
has_many :reports
devise :database_authenticatable, :registerable, :omniauthable,
:recoverable, :rememberable, :trackable, :validatable#, :omniauth_providers => [:google_oauth2]
attr_accessible :email, :password, :password_confirmation, :remember_me, :provider, :uid
def self.from_omniauth(auth)
if user = User.find_by_email(auth.info.email)
user.provider = auth.provider
user.uid = auth.uid
user
else
where(auth.slice(:provider, :uid)).first_or_create do |user|
user.provider = auth.provider
user.uid = auth.uid
user.email = auth.info.email
user
end
end
end
end
For visitors who are not signed in I call posts#login
class PostsController < ApplicationController
...
def login
Rails.logger.debug(current_user)
if current_user
redirect_to :root
end
end
...
and the root_path
contains a current_user
check which redirects to posts#login
if no user is logged in.
I thought the problem was within the method sign_in_and_redirect
so I added the following to my ApplicationController
:
class ApplicationController < ActionController::Base
protect_from_forgery
serialization_scope :view_context
def after_sign_in_path_for(resource)
root_url
end
def after_sign_up_path_for(resource)
root_url
end
end
Why aren't new accounts signed in? Why would their accounts be created but not logged in?
Any help is greatly appreciated, I am completely stumped (Devise documentation didn't lead me to a solution).
Here are the development logs of a new user signing in/up:
>> Listening on 0.0.0.0:3000, CTRL+C to stop
Started GET "/signup" for 127.0.0.1 at 2013-11-16 16:58:54 -0500
Processing by PostsController#login as HTML
Rendered posts/login.html.erb within layouts/application (24.0ms)
Completed 200 OK in 31ms (Views: 30.6ms | ActiveRecord: 0.0ms)
(google_oauth2) Request phase initiated.
Started GET "/users/auth/google_oauth2" for 127.0.0.1 at 2013-11-16 16:58:56 -0500
(google_oauth2) Callback phase initiated.
Started GET "/users/auth/google_oauth2/callback?state=e5c02458190b79758da474baa623717a29078427ad6049f7&code=4/yimrxaCXMOY_FTZyAgd_-CpZxMrF.EhatByjkrMkYshQV0ieZDAoQx9zFhAI" for 127.0.0.1 at 2013-11-16 16:59:00 -0500
Processing by OmniauthCallbacksController#google_oauth2 as HTML
Parameters: {"state"=>"e5c02458190b79758da474baa623717a29078427ad6049f7", "code"=>"4/yimrxaCXMOY_FTZyAgd_-CpZxMrF.EhatByjkrMkYshQV0ieZDAoQx9zFhAI"}
User Load (54.0ms) SELECT "users".* FROM "users" WHERE "users"."email" = '[email protected]' LIMIT 1
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."provider" = 'google_oauth2' AND "users"."uid" = '105565017494971239846' LIMIT 1
(0.1ms) BEGIN
User Exists (0.4ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = '[email protected]' LIMIT 1
(0.1ms) ROLLBACK
(0.1ms) BEGIN
SQL (76.2ms) INSERT INTO "users" ("created_at", "current_sign_in_at", "current_sign_in_ip", "email", "encrypted_password", "last_sign_in_at", "last_sign_in_ip", "provider", "remember_created_at", "reset_password_sent_at", "reset_password_token", "sign_in_count", "uid", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14) RETURNING "id" [["created_at", Sat, 16 Nov 2013 21:59:01 UTC +00:00], ["current_sign_in_at", Sat, 16 Nov 2013 21:59:01 UTC +00:00], ["current_sign_in_ip", "127.0.0.1"], ["email", "[email protected]"], ["encrypted_password", ""], ["last_sign_in_at", Sat, 16 Nov 2013 21:59:01 UTC +00:00], ["last_sign_in_ip", "127.0.0.1"], ["provider", "google_oauth2"], ["remember_created_at", nil], ["reset_password_sent_at", nil], ["reset_password_token", nil], ["sign_in_count", 1], ["uid", "1055650112345678911846"], ["updated_at", Sat, 16 Nov 2013 21:59:01 UTC +00:00]]
(16.9ms) COMMIT
#<User:0x000000020d7a08>
Redirected to http://localhost:3000/
Completed 302 Found in 338ms (ActiveRecord: 162.0ms)
Started GET "/" for 127.0.0.1 at 2013-11-16 16:59:01 -0500
Processing by MainController#index as HTML
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."id" IS NULL LIMIT 1
Redirected to http://localhost:3000/signup
Completed 302 Found in 5ms (ActiveRecord: 0.8ms)
Started GET "/signup" for 127.0.0.1 at 2013-11-16 16:59:01 -0500
Processing by PostsController#login as HTML
Rendered posts/login.html.erb within layouts/application (0.5ms)
Completed 200 OK in 4ms (Views: 2.7ms | ActiveRecord: 0.0m
You say “New Users attempt to sign in with Google and are redirected to the sign-in page without being signed in” and I’m not 100% sure what that means. Every time you use Google OAuth to let someone into your app, they’re going to see a one-time approval screen so they get a chance to say whether or not they’re OK with their identity being sent to your app. They really shouldn’t be going to the sign-in page if they’re already signed in. Which page do they go to?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With