Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rails 5 API Mode - no headers in response #606

Closed
muzykabart opened this issue Apr 12, 2016 · 20 comments
Closed

Rails 5 API Mode - no headers in response #606

muzykabart opened this issue Apr 12, 2016 · 20 comments

Comments

@muzykabart
Copy link

Hi everyone, we're trying to add authentication with devise_token_auth to an API we're building. We're using Rails (5.0.0.beta3) and devise_token_auth (0.1.37).

# Gemfile

ruby '2.3.0'
gem 'rails', '>= 5.0.0.beta3', '< 5.1'

gem 'pg', '~> 0.18'
gem 'puma'

gem 'active_model_serializers', github: 'rails-api/active_model_serializers'
gem 'rack-cors'

gem 'devise', github: 'plataformatec/devise'
gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth'
gem 'omniauth', '>= 1.0.0'

Our routes look like that:

Rails.application.routes.draw do
  constraints subdomain: 'api' do
    scope module: 'api' do
      mount_devise_token_auth_for 'User', at: 'users', skip: [:omniauth_callbacks]
      ...
    end
  end
end

We set CORS with rack-cors following your README.md#cors:

# config/initializers/cors.rb

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*',
             headers: :any,
             expose: %w(access-token expiry token-type uid client),
             methods: [:get, :post, :put, :patch, :delete, :options]
  end
end

Then we added SetUserByToken concern to the ApplicationController:

class ApplicationController < ActionController::API
  include DeviseTokenAuth::Concerns::SetUserByToken
end

Also, we set DeviseTokenAuth.change_headers_on_each_request to false.

Now, we start server with rails s -b api.example.dev (we'd set it up in /etc/hosts).
Then when we send curl request there is no [access-token, ..] headers:

curl -v -X POST -H 'Content-Type: application/json' -d '{"email": "[email protected]", "password": "admin123"}' http://api.example.dev:3000/users/sign_in
*   Trying 127.0.0.1...
* Connected to api.example.dev (127.0.0.1) port 3000 (#0)
> POST /users/sign_in HTTP/1.1
> Host: api.example.dev:3000
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 51
> 
* upload completely sent off: 51 out of 51 bytes
< HTTP/1.1 200 OK
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Type: application/json; charset=utf-8
< ETag: W/"0145160dc42d2b8f0aa70ee5ed079729"
< Cache-Control: max-age=0, private, must-revalidate
< X-Request-Id: c5d4b4f4-ce39-409c-b0c4-ce2ed607ee69
< X-Runtime: 0.271850
< Vary: Origin
< Transfer-Encoding: chunked
< 
* Connection #0 to host api.example.dev left intact
{"data":{"id":1,"email":"[email protected]","provider":"email","uid":"[email protected]","name":"Admin","nickname":null,"image":null}}

Is there anything we're doing wrong? How can we fix it?
Thanks in advance!

@jpmermoz
Copy link

Same issue here... Not getting access token in response :(

@jpmermoz
Copy link

Setting:

config.enable_standard_devise_support = true

worked for me

@muzykabart
Copy link
Author

Thanks @jpmermoz

Setting DeviseTokenAuth.enable_standard_devise_support = true fixed the issue in an ugly way: headers are present in the response but it creates 3 different tokens for the User.

@jpmermoz
Copy link

I think the problem is that devise_token_auth regards on devise 3.5, but we need devise 4.0 in order to work with rails 5 api, and that comes into these issues.

@muzykabart
Copy link
Author

@jpmermoz Hmm, I don't think that's the problem, we're using:

  • devise (4.0.0.rc2)
  • devise_token_auth (0.1.37)

@jpmermoz
Copy link

@muzykabartek exactly.. i'm using those same versions too. I guess devise_token_auth is not fully compatible with devise 4.0.0 yet

@bobmshannon
Copy link

bobmshannon commented Apr 20, 2016

Same issue here, although it was working fine with the same setup as @muzykabartek until I ran a bundle update.

@muzykabart
Copy link
Author

@bobmshannon Just ran bundle update and it still works. Devise version has changed, now we're using:

  • devise (4.0.0)
  • devise_token_auth (0.1.37)

@bobmshannon
Copy link

bobmshannon commented Apr 21, 2016

@muzykabartek I should clarify that was with config.enable_standard_devise_support = false. I was running those two versions for a few months without issues, and it wasn't until I ran a bundle update that this issue started occurring.

What does your Gemfile.lock look like?

@bobmshannon
Copy link

bobmshannon commented Apr 21, 2016

@muzykabartek @jpmermoz @aaronshim Looks like there is a bug (?) in active_model_serializers v0.10.0.rc5 that is causing this issue, see rails-api/active_model_serializers#1667.

Try downgrading to v0.10.0.rc4 for the time being until a fix is found.

Also see: #600.

@tommoor
Copy link

tommoor commented Apr 30, 2016

@bobmshannon do you have a working setup now? Struggling to find the precise combination of gems that will enable this to work correctly!

@bobmshannon
Copy link

bobmshannon commented Apr 30, 2016

@tommor Hey Tom -- I do have everything working right now. This is what I am currently using:

  • active_model_serializers v0.10.0.rc4
  • devise_token_auth v0.1.37
  • devise v4.0.0

It was downgrading active_model_serializers to v0.10.0.rc4 that ultimately did the trick for me.

@tommoor
Copy link

tommoor commented Apr 30, 2016

Thanks @bobmshannon - that seems to have it working - turns out on my end the new JavaScript fetch api was also returning cached headers including cached tokens from previous responses. That took some figuring out 😄

@fowkswe
Copy link

fowkswe commented May 4, 2016

I was also having issues with w/ v0.10.0.rc5, though different than described above.

Login was creating multiple tokens, always one w/ the hashed client_id, and one with a client_id of 'default'.

Downgrading to v.0.10.0.rc4 fixed the issue for me.

@muzykabart
Copy link
Author

Downgrading active_model_serializers to v0.10.0.rc4 fixes the issue. Newest version (0.10.0) doesn't seem to have fix for it.

@jeremyrajan
Copy link

jeremyrajan commented Jun 12, 2016

I tried the above setup but doesnt fix it. I still dont get the access_token back after an api from postman.

#Gemfile
gem 'active_model_serializers', '~> 0.10.0.rc4'
gem 'devise_token_auth', '~> 0.1.37'
gem 'devise', '~> 4.0.0'
#devise_token_auth.rb
enable_standard_devise_support = true

image

Any help will be highly appreciated.

@jeremyrajan
Copy link

jeremyrajan commented Jun 12, 2016

worked now :D apparently, my gemfile.lock was getting update with the one not in gemfile (which was rc4). I have to manually add rc4 to it (lock file) and things work. Not sure, why tho...

Cheers!

@fernandobrito
Copy link

I also had the same problem (no headers in response) and downgrading 'active_model_serializers' to ' 0.10.0.rc4' fixed the problem. Using enable_standard_devise_support = true was not necessary for me.

Current versions:

Installing active_model_serializers 0.10.0.rc4 (was 0.10.1)
Using devise 4.1.1
Using devise_token_auth 0.1.37 from git://github.com/lynndylanhurley/devise_token_auth.git (at master@bc04747

@kleber-gueriero
Copy link

Was this problem solved in current version?
I'm still not receiving the token in header of my requests

@kleber-gueriero
Copy link

OK, I figured out that I was expecting the wrong behavior, as mentioned in #851

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants