I have authentication that needs to be independent across:
subdomain1.domain.com subdomain2.domain.com etc.
Right now with the devise user_signed_in?
helper - if someone authenticates on subdomain1, it is working on subdomain2. I would like to add a tenant_id scope to prevent this from happening.
I have been able to do this on login authentication in my model using:
def self.find_for_database_authentication(warden_conditions)
where(:email => warden_conditions[:email], :tenant_id => warden_conditions[:tenant_id]).first
end
But I am not clear on how to do this on the logged in check.
Thanks!
In order do to do this you need to narrow the scope of the authentication to just the subdomain.
Here is a Docs page on how to accomplish this. I'll add it here for reference:
Overview
:subdomain
find_for_authentication
Modify migration
First, you must remove the email index uniqueness constraint. Because we'll be turning this into a scoped query, we will scope the new index to subdomain. If this is a brand new Devise model, you can open the Devise migration and change the following:
# db/migrate/XXX_devise_create_users.rb
def change
# Remove this line
add_index :users, :email, :unique => true
# Replace with
add_index :users, [:email, :subdomain], :unique => true
end
If this is an existing project, you'll need to create a new migration removing the old index and adding a new one:
rails g migration reindex_users_by_email_and_subdomain
# db/migrate/XXX_reindex_users_by_email_and_subdomain.rb
def change
remove_index :users, :email
add_index :users, [:email, :subdomain], :unique => true
end
Change login keys
In your Devise model, add :subdomain
to :request_keys
. By default :request_keys
is set to []
.
# app/models/user.rb
class User
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, request_keys: [:subdomain]
end
If you have multiple Devise models and you would like all of them to have the same :request_keys configuration, you can set that globally in config/initializers/devise.rb
config.request_keys = [:subdomain] # default value = []
If additionally you want to still be able to log in using a URL without a subdomain, :request_keys
can also take a hash with booleans indicating if the key is required or not.
config.request_keys = { subdomain: false }
Check that you do not have :validatable
in the devise call on the Model
If you do, :validatable will prevent more than one record having the same email, even in different subdomains. If you want to keep some of the validations, you can copy the ones you want from https://github.com/plataformatec/devise/blob/master/lib/devise/models/validatable.rb
Override Devise auth finder hook
For Authenticatable, Devise uses the hook method Model.find_for_authentication. Override it to include your additional query parameters:
# app/models/user.rb
class User < ActiveRecord::Base
def self.find_for_authentication(warden_conditions)
where(:email => warden_conditions[:email], :subdomain => warden_conditions[:subdomain]).first
end
end
Congrats, User login is now scoped to subdomain!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With