You can end a session via get by changing the devise configuration in initializers. # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :get Just open the link and your session is removed.
I think you’ll need to manage the Devise views yourself. Try the following in a console: rails generate devise:views This will generate all the views Devise uses (including mailer templates), which you can now customize. The mailers you’re looking for should then be in ‘app/views/devise/mailer’ If you want to generate scoped views, or only a … Read more
config/routes.rb Create your own registration controller like so … (see Devise documentation for the details of overriding controllers here …) … which is more elegant way as opposed to doing it via the ApplicationController devise_for :users, controllers: {registrations: ‘users/registrations’} app/controllers/users/registrations_controller.rb Override the new method to create a Profile associated with the User model as below … Read more
Simply add after_filter in ApplicationController after_filter :user_activity private def user_activity current_user.try :touch end Then in user model add online? method def online? updated_at > 10.minutes.ago end Also u can create scope scope :online, lambda{ where(“updated_at > ?”, 10.minutes.ago) }
Jimbo did an awesome job explaining the “why” behind the issue you’re running into. There are two approaches you can take to resolve the issue: (As recommended by Jimbo) Override Devise::SessionsController to return the new csrf-token: class SessionsController < Devise::SessionsController def destroy # Assumes only JSON requests signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) render … Read more
Here’s one way I was able to do it: >> ApplicationController.allow_forgery_protection = false >> app.post(‘/sign_in’, {“user”=>{“login”=>”login”, “password”=>”password”}}) Then you can do: >> app.get ‘/some_other_path_that_only_works_if_logged_in’ >> pp app.response.body
Assuming you have a User model with a has_one Profile association, you simply need to allow nested attributes in User and modify your devise registration view. Run the rails generate devise:views command, then modify the devise registrations#new.html.erb view as shown below using the fields_for form helper to have your sign up form update your Profile … Read more
Okay, so I worked it through and came to the following solution. I needed to costumize devise a little bit, but it’s not that complicated. The User model # user.rb class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable attr_accessible :email, :password, :password_confirmation, :remember_me belongs_to :rolable, :polymorphic => true end The Customer model … Read more
This gem works well: https://github.com/devise-security/devise-security Add to Gemfile gem ‘devise-security’ after bundle install rails generate devise_security:install Then run rails g migration AddSessionLimitableToUsers unique_session_id Edit the migration file class AddSessionLimitableToUsers < ActiveRecord::Migration def change add_column :users, :unique_session_id, :string, limit: 20 end end Then run rake db:migrate Edit your app/models/user.rb file class User < ActiveRecord::Base devise :session_limitable … Read more
Once again, it was a matter of reading the manual … The magic word is :account_update and thus the working version becomes def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname, :nickname) } devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :middlename, :lastname, :nickname) } end Note that if you’re in the business … Read more