Rails 3 - How can you get access to Devise's current_user in the IRB console?
Asked Answered
U

2

27

I'm doing some design/debugging in IRB and need to login a user and then be able to use current_user in my efforts.

From Brian Deterling's answer to another question, I have been able to successfully login and access a page response with this sequence:

>> ApplicationController.allow_forgery_protection = false
>> app.post('/sign_in', {"user"=>{"login"=>"some-login-id", "password"=>"some-password"}})
>> app.get '/some_other_path_that_only_works_if_logged_in'
>> pp app.response.body

NOTE: If you get a 200 response you are not logged in. You need a 302 redirect to indicate a successful login. See Tim Santeford's answer.

I've been able to get session info:

1.9.3-p125 :009 > app.session
 => {"_csrf_token"=>"1yAn0jI4VWzUH84PNTH0lVhjpY98e9echQGS4=", "session_id"=>"89984667d30d0fec71f2a5cbb9017e24"} 

I've tried everything I can think of to try to get to current_user via app and app.session, but no luck. How can I get current_user?

Uppish answered 3/3, 2012 at 7:19 Comment(0)
T
26

current_user is a property of the controller so after app.post('/sign_in', ... you can call app.controller.current_user in your rails console to get the User object

Tipster answered 28/3, 2012 at 4:2 Comment(3)
I tried it and current_user is nil. When I do the login procedure described in the question, I get a 200 response and app.session returns the csrf_token, so I know I'm logged in OK. app.controller responds with pages and pages of data. But app.controller.current_user returns nil. I'm using Devise - are you?Uppish
Looks like some mass assignment issue on app.post was causing my login to be unsuccessful (a 200 response is not a successful post in this case - very confusing.) Once I got a 302 response, then app.controller.current_user works. I would not have figured out the login issue without Tim Santeford's answer.Uppish
I guess it's because the 200 means the app renders the sign in form succesfully (along the flash message saying you cannot be identified).Limbert
D
4

It might be possible that you are not really logging in. One thing to keep in mind is that Devise I build on top of Warden which is rack middleware.

I tried your app.post method of logging in on an app I'm working on that uses Devise. After posting to the login page and getting a 302 redirect the app.session showed the warden user id.

>> app.session
{
 "_csrf_token"=>"dT0/BqgLb84bnE+f1g...",
 "warden.user.user.key"=>["User", [42843], "$2a$10$1OU.1BixIba..."],
 "session_id"=>"0dd49c05ff4e6362c207c6eb877f86cd"
}

I was able to fetch the user like this:

>> current_user = User.find(app.session["warden.user.user.key"][1][0])

When I logged out and then tried logging in with a bad password I get a 200 and then the app.session is missing the warden user info and only contained the csrf token and session id like your example.

BTW: Once logged in app.controller.current_user was nil even when the warden user id was in the session.

Danforth answered 28/3, 2012 at 6:23 Comment(2)
Tim - Thanks for pointing out the 200 vs 320 issue. I decided to choose Suguha's answer because of its simplicity, although I tested yours and it works also. Sorry I can't choose both.Uppish
No problem. I didn't know you could login using the app object like this prior to your question so I learn something by answering.Danforth

© 2022 - 2024 — McMap. All rights reserved.