Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Active_admin issue #47

Closed
ACPK opened this issue Oct 15, 2014 · 7 comments
Closed

Active_admin issue #47

ACPK opened this issue Oct 15, 2014 · 7 comments

Comments

@ACPK
Copy link

ACPK commented Oct 15, 2014

The following code in my application_controller.rb is causing a "wrong number of arguments (1 for 0)".

When I take out "DeviseTokenAuth::Concerns::SetUserByToken", the error goes away....
I have:

class ApplicationController < ActionController::Base
  include DeviseTokenAuth::Concerns::SetUserByToken

  include DeviseTokenAuth::Concerns::SetUserByToken
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  before_action :set_device_type

  def authenticate_active_admin_user!
    authenticate_user!
    if current_user.superadmin?
    else
      flash[:error] = "Please Sign In"
      redirect_to '/signin'
    end
  end

end
@lynndylanhurley
Copy link
Owner

@ACPK - I don't think Active Admin will be able to share the same ApplicationController as the token auth routes. Active Admin does not use token-based authentication, so if it inherits from your ApplicationController, then it will be confused by the overrides that are necessary for this gem to work.

I haven't used Active Admin in a while - is it possible to configure it so that it doesn't inherit from ApplicationController?

@ACPK
Copy link
Author

ACPK commented Oct 16, 2014

Got a quick fix using an HTTP auth though I'll add a seperate model later.

I added this to the active_admin initializer:

config.before_filter do
authenticate_or_request_with_http_basic("Whatever") do |name, password|
name == "admin" && password == "password"
end
end

@ACPK ACPK closed this as completed Oct 16, 2014
@lynndylanhurley
Copy link
Owner

@ACPK - the model should be fine.

The issue is that Active Admin is expecting Devise to work using sessions, but AngularJS needs Devise to work using tokens. Rails can't work both ways at the same time using the same routes and controllers.

I'm not sure what the solution is, but it may involve mounting Devise routes in the standard way (using devise_for) for Active Admin, while mounting them differently for AngularJS (using mount_devise_token_auth_for) at a different route. In this scenario, all of the routes would use the same model.

Let me know if you figure this out and I'll post a note in the README.

@bpartridge
Copy link

Would an alternative workaround be to have all the API controllers inherit from a separate subclass of ApplicationController, say, APIController < ApplicationController, which includes the token authentication concern, so that the ApplicationController is untouched? I'm relatively new to using this gem, so I'm not sure what kinds of drawbacks this might have.

@wkoffel
Copy link

wkoffel commented Nov 17, 2014

I have this situation in my app, but my ActiveAdmin is mounted under a different subdomain. So I did two things:

In my routes, I add devise functionality separately depending on the subdomain:

Rails.application.routes.draw do
  constraints subdomain: /^#{Rails.configuration.admin_subdomain}/ do
    get '/' => redirect('/admin')
    devise_for :admin_users, ActiveAdmin::Devise.config
    ActiveAdmin.routes(self)
  end

  constraints subdomain: /^#{Rails.configuration.app_subdomain}/ do
    mount_devise_token_auth_for 'User', at: 'api/auth'

    namespace :api, defaults: {format: :json} do
      resources :widgets, only: [:index, :create, :update, :show]
    end
  end
end

And then I have my API Controllers subclass from Api::ApiController to include the controller concerns, so they don't clutter the ApplicationController global namespace that ActiveAdmin shares.

class Api::ApiController < ApplicationController
  include DeviseTokenAuth::Concerns::SetUserByToken
end

class Api::WidgetsController < Api::ApiController
end

@lynndylanhurley lynndylanhurley mentioned this issue Dec 11, 2014
Closed
@ACPK
Copy link
Author

ACPK commented Dec 18, 2014

@wkoffel Thanks!

@lynndylanhurley lynndylanhurley mentioned this issue Jan 9, 2015
Closed
@ghost ghost mentioned this issue Aug 5, 2016
Closed
@lsarni
Copy link

lsarni commented Oct 12, 2017

I got it working based on @wkoffel answer but without subdomains (a great thing if you are using Heroku without a custom domain):

routes.rb

Rails.application.routes.draw do
  get '/' => redirect('/admin')
  devise_for :admin_users, ActiveAdmin::Devise.config
  ActiveAdmin.routes(self)
  root to: 'admin/dashboard#index'

  concern :api_endpoints do
    mount_devise_token_auth_for 'User', at: 'users'
  end

  namespace :api, defaults: { format: :json } do
    namespace :v1 do
      concerns :api_endpoints
    end
  end
end

app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  include DeviseAuthHelpers
end

app/controllers/api/api_controller.rb

class Api::ApiController < ApplicationController
  protect_from_forgery with: :null_session
  include DeviseTokenAuth::Concerns::SetUserByToken
end

And all of my api controllers (except the ones from Devise) do:
class Api::V1::MenusController < Api::ApiController

@AgostinaDev AgostinaDev mentioned this issue Jul 4, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@wkoffel @bpartridge @lynndylanhurley @ACPK @lsarni