Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

env['warden'] not working with Rails 5

Im following this guide to create Chatting feature with a use of Websockets. https://www.sitepoint.com/rails-and-actioncable-adding-advanced-features/

Im stuck with a problem that env['warden'].user is retuning nothing even when Im loggined to the app with standard Devise form.

And if I use another method (which is commented now) - it return wrong user

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user

    def connect
      self.current_user = find_verified_user
      logger.add_tags 'ActionCable', current_user.email
    end

    protected

    def find_verified_user # this checks whether a user is authenticated with devise
      verified_user = env['warden'].user

      if verified_user
        verified_user
      else
        reject_unauthorized_connection
      end
    end

    # def find_verified_user
    #     user_id = request.headers['HTTP_AUTHORIZATION']
    #     if verified_user = User.find_by(user_id)
    #        verified_user
    #     else
    #        reject_unauthorized_connection
    #     end
    # end

  end
end

Logs says

Started GET "/cable/" [WebSocket] for 127.0.0.1 at 2017-04-06 17:40:17 +0300
Successfully upgraded to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
An unauthorized connection attempt was rejected
Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
like image 634
Sergey Khmelevskoy Avatar asked Apr 06 '17 14:04

Sergey Khmelevskoy


2 Answers

I had the same problem, but it turned out my issue was because I had two Devise models: User and Customer, since User was used for admin stuff, Customer was set to Warden's default_scope. So to access the user scope, I had to do the following

env['warden'].user(:user)

The symbol at the end defines the scope to use.

Here's where I found information on Warden's Scoped Users: https://github.com/wardencommunity/warden/wiki/Scopes#scoped-user-access

like image 76
Okomikeruko Avatar answered Oct 03 '22 00:10

Okomikeruko


I found solution on this article https://rubytutorial.io/actioncable-devise-authentication/

Im not sure how it works, but it does the deal. How it would help for people with similar problem.

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user

    def connect
      self.current_user = find_verified_user
      logger.add_tags 'ActionCable', current_user.email
    end

    protected
    def find_verified_user
      verified_user = User.find_by(id: cookies.signed['user.id'])
      if verified_user && cookies.signed['user.expires_at'] > Time.now
        verified_user
      else
        reject_unauthorized_connection
      end
    end

  end
end

And I also created /config/initializers/warden_hooks.rb file

Warden::Manager.after_set_user do |user,auth,opts|
  scope = opts[:scope]
  auth.cookies.signed["#{scope}.id"] = user.id
  auth.cookies.signed["#{scope}.expires_at"] = 60.minutes.from_now
end

Warden::Manager.before_logout do |user, auth, opts|
  scope = opts[:scope]
  auth.cookies.signed["#{scope}.id"] = nil
  auth.cookies.signed["#{scope}.expires_at"] = nil
end
like image 28
Sergey Khmelevskoy Avatar answered Oct 03 '22 02:10

Sergey Khmelevskoy