No token on response header

[lvalenzuela]

Hi. I'm trying to make this gem work, but when I try to do an email login with Postman or curl, even if the login is successful I can't get the access-token or any of the other fields on the header response. I'm just getting user data.

{
  "data": {
    "id": 2,
    "username": "admin",
    "email": "[email protected]",
    "provider": "email",
    "uid": "[email protected]",
    "name": null,
    "nickname": null,
    "image": null
  }
}

The response header looks like this

HTTP/1.1 200 OK 
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: application/json; charset=utf-8
Etag: W/"df2d922e112ab644f964fee0a0fac0aa"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 6daa8131-ac42-4b65-99f2-74d44d3049fe
X-Runtime: 0.321393
Server: WEBrick/1.3.1 (Ruby/2.2.4/2015-12-16)
Date: Tue, 30 Aug 2016 20:47:00 GMT
Content-Length: 150
Connection: Keep-Alive

My Gemfile looks like this

ruby '2.2.4'
gem 'rails', '4.2.6'
gem 'pg', '~> 0.15'
gem "devise", "4.2.0"
gem "omniauth"
gem "devise_token_auth", "0.1.39"
gem "omniauth-facebook"
gem "omniauth-google-oauth2"
gem "rack-cors", :require => "rack/cors"

Thanks in advance for any help on this subject

[rahulnwn]

Hey,
I was also facing the same issue, wasn't getting any token-auth headers in response.
After going though the code and adding some debuggers in the gem, I found out resource.valid? is false here
https://github.com/lynndylanhurley/devise_token_auth/blob/master/app/controllers/devise_token_auth/concerns/set_user_by_token.rb#L81
This is the place where headers are being set in HTTP response. And then I realised I had added a new validation in my User model and if checked on an already existing old user, validation will fail. Hence resource.valid? was false. And even after the failure, the request completes with a successful response without headers. Maybe, your issue is also same.

[navkar]

Guys, can you post your config/routes.rb and the custom controller implementation if any. I haven't had any of those issues.

[lvalenzuela]

My config/routes.rb looks like this

...
devise_for :users, controllers: {
    sessions: 'users/sessions',
    confirmations: 'users/confirmations'
}
namespace :api, defaults: {format: :json} do
    namespace :v1 do
      mount_devise_token_auth_for 'User', at: 'auth'
    end
end
...

I've made the following base controller for my API

class Api::V1::BaseController < ApplicationController
    include DeviseTokenAuth::Concerns::SetUserByToken
    respond_to :json
    before_action :authenticate_user!
end

And this is my ApplicationController

class ApplicationController < ActionController::Base
  protect_from_forgery with: :null_session
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_url, :alert => exception.message
  end
end

I'm using devise for my non API authentications and it seems to work fine.

[lvalenzuela]

@rahulnwn I'm not clear on how you solved the problem. Can you explain a with a little more detail the steps you did?

[lvalenzuela]

Hi again.

I finally solved this issue. The problem was similar to the description given by @rahulnwn. To find the issue I did the following.

First, I overridden the Sessions controller with the following controller

class DeviseTokenAuthOverrides::SessionsController < DeviseTokenAuth::SessionsController
  def render_create_success
    render json: {data: @resource.errors}
  end
end

With this, I noticed that the output on a successful login was this, eventhough I did provide an email and password on the login request.

{
  "data": {
    "password": [
      "can't be blank"
    ]
  }
}

I checked my User model and noticed that I was validating that the field "password" wasn't blank, so removing that line solved the issue.

Hope this might be useful to some having similar problems

[Babbz75]

Just to clear things up a bit (word the answer above in a different way), this happens if you added a validation to your user model that your previous model instances don't meet.

i.e. I added a validation that my users would have an avatar (image) and the users already in my database didn't have an image but when I logged in with them it would still give me a successful login, status 200, but wouldn't return the headers.

Solution: Remove the validation if it's not necessary or make your previously created instance of the model meet the validation by either running a script inserting the necessary data or manually updating them through the console.

[fuelxc]

I hit the same issue. If something craps out or doesn't render. the headers are not sent. in my case it was that there was nothing to render. this stopped the headers from being set for some odd reason. it seems to me every response, even a 500/404/whatever, as long as the token sent is valid, should include the new token header coming back.

[zachfeldman]

Workarounds posted, closing for now.