w Devise, how to allow a SignIn user to sign in as another user

Question

My app auto-creates a guest user account. The problem there is that the guest user may want to sign-in to the real account.

I therefore want to let users Sign In that are already signed_in? according to devise.

While I can render the form, if I submit the signin form, devise kicks it to a redirect:

Started POST "/users/sign_in" for 127.0.0.1 at 2011-07-19 18:21:45 -0700
  Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"RE/xxx=", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Sign In"}
  User Load (0.6ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 102 LIMIT 1
Redirected to http://localhost:3000/
Completed 302 Found in 266ms

Update

I tried:

class SessionsController < Devise::SessionsController

  def create
    Rails.logger.info 'XXXXX 2'
    super
    Rails.logger.info 'XXXXX 4'
  end

end

But devise seems to be kicking out the request before it even hits that method and the logger's aren't in the log file

Any ideas on how I can allow a signed_in user to sign in?

Answer 1

Devise has support for switching to another user using the sign_in method. https://github.com/plataformatec/devise/wiki/How-To:-Sign-in-as-another-user-if-you-are-an-admin. It also has the concept of Guest user: https://github.com/plataformatec/devise/wiki/How-To:-Create-a-guest-user

Answer 2

Well if you create an account automatically, does that mean your current_{resource} is gonna return an user? if so its normal that devise redirects you from sign_in and sign_up routes(if you see the source code there is a prepend_before_filter :require_no_authentication).

That's to explain the redirect... now to solve your problem to have to extend the controllers and create a before filter with require authentication only for non guest users.

Take attention to this:

In https://github.com/plataformatec/devise/blob/master/app/controllers/devise_controller.rb

there is the definition of require_no_authentication, which does a little bit more than verifying if your user is authenticated. so got add another before filter just for guest_users

For example:

P.S. Everywhere you read {resource} is the name of your model class. If User then user, if Profile then profile, attention to downcasing.

class RegistrationsController < Devise::RegistrationsController
  before_filter :require_no_authentication, :unless => :guest_user?, :only => [:new,:create, :cancel]
  before_filter :require_no_authentication_for_guests, :if => :guest_user?, :only => [:new,:create, :cancel]

  private

  def guest_user?
    current_{resource}.is_guest?
  end

  def require_no_authentication_for_guests
    assert_is_devise_resource!
  end 
end

On your model:

Class {resource}
  def is_guest?
    # here you put the code that distinguishes a guest user which should return true if its one>
  end
end

also need to change the routes file:

if your registrations controller is called like in the example and the if the resource is user

devise_for :users, :controllers => {:sessions => "sessions",
                                  :registrations => "registrations"}

Then you do the same on your sessions controller. by that I mean to apply the same before filters on a custom sessions controller.

Attention where you wanna apply the before filter and examine your requirements before.

Did it help?