Login/Register
Device token_authenticatable is not working with encrypted auth_tokens
Asked Answered
ruby-on-railsencryptiondevisedevise-token-auth
L

0

0

We have recently encrypted all our auth_tokens in the users table. I have modified the authenticate_user_from_token! in ApplicationController to encrypt the params[:auth_token] before comparing in database. It fetches the user record and sign_in user, store: false creates an entry in sessions table. 

def authenticate_user_from_token!
  user_token = encrypt(params[:auth_token].presence)
  user = user_token && User.find_by_authentication_token(user_token)
  if user
    sign_in user, store: false
  end
end

However, it doesn't actually log the user in. It takes me to the login page. Is Devise using the auth_token somewhere else where I need to encrypt it or am I missing something else?

Lour answered 26/2, 2018 at 23:47 Comment(4)
What is the console output when you try to log in?Pipage
shouldn't this be encrypt(params[:auth_token])?Ogpu
Khaled, yes it should be encrypt(params[:auth_token]), it was a typo. I have corrected it in question.Lour
Maybe you should check devise sessions_controllerIrritability

© 2022 - 2024 — McMap. All rights reserved.