I am intergrating Facebook login using device, and after allowing Facebook to get your info it redirects you to the sign up page. Here's my code:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user!
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :description, :photo ])
devise_parameter_sanitizer.permit(:account_update, keys: [:username, :first_name, :last_name, :description, :photo ])
end
end
Callback controller
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
#user = User.from_omniauth(request.env["omniauth.auth"])
if #user.persisted?
sign_in_and_redirect #user, :event => :authentication #this will throw if #user is not activated
set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format?
else
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
def failure
redirect_to root_path
end
end
And my user model is
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["raw_info"]
user.email = data["email"] if user.email.blank?
end
end
end
def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
user.email = auth.info.email
user.password = Devise.friendly_token[0,20]
user.first_name = auth.info.name # assuming the user model has a name
user.image = auth.info.image # assuming the user model has an image
end
end
I'd really appreciate an extra eye on what I'm doing wrong, or where I am missing something. Thanks!
You need to add this column for provider and uid to your users table, i think rails can't match your user :
rails g migration add_provider_and_uid_to_users provider:string uid: string
And try to write me the rails server response it Can help to figure out the bug source
RubyMine7.0.1 shows this alert in every controller class.
A controller class file below.
Thanks.
application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user, :logged_in?
before_action :authenticate
private
def current_user
return unless sessions[:user_id]
#current_user ||= User.find(session[:user_id])
end
def logged_in?
!!session[:user_id]
end
def authenticate
return if logged_in?
redirect_to root_path, alert: 'ログインして下さい。'
end
end
I got the very same error when I imported a project from existing sources and the Project SDK was not set properly for the project.
There are three models in my app: User, Subject and Note.
I've already embedded Note model into Subject model and it works. Now when I try to embed Subject into User always get Mongoid::Errors::InvalidFind coming from this line of code:
In the method one should define to use in before_action at the beginning of the controller
#user = User.find(params[:user_id])
subjects_controller
class SubjectsController < ApplicationController
#before_filter :authenticate_user!, only: [:index]
before_action :set_subject, only: [:show, :edit, :update, :destroy]
before_action :load_user
def index
#subjects = #user.subjects
end
def new
#subject = #user.subjects.build
end
def show
end
def create
#subject = #user.subjects.create(subject_params)
respond_to do |format|
if #subject.save
format.html {redirect_to subject_path(#subject)}
else
format.html {render 'new'}
end
end
end
def update
if #subject.update(subject_params)
redirect_to #subject
else
render 'edit'
end
end
def delete
end
private
def subject_params
params.require(:subject).permit(:name)
end
def set_subject
#subject = #user.subject.find(params[:id])
end
def load_user
#user = User.find(params[:user_id])
end
end
Routes
resources :users do
resources :subjects do
resources :notes
end
end
Right now I'm pretty stuck here because haven't found a way to work this around, hope someone around can give a hand.
Take into account this RoR best practice "Resources should never be nested more than 1 level deep." http://guides.rubyonrails.org/routing.html#nested-resources
A collection may need to be scoped by its parent, but a specific member can always be accessed directly by an id, and shouldn’t need scoping (unless the id is not unique, for some reason).
http://weblog.jamisbuck.org/2007/2/5/nesting-resources
I integrated omniauth-facebook using https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview. But I am getting error of :
Could not authenticate you from Facebook because "Invalid credentials".
And in logs, getting this:
Authentication failure! invalid_credentials: OAuth2::Error, : {"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}
I have devise installed. When i click on facebook sign in link, it comes back to devise sign "www.mealnut.com/user/sign_in#=" and gives above error. I checked the solution for "Invalid credentials" on https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview and as mentioned there, my app is header set for App Type = Web. Not getting why it is not working.
Also my app is pending review from facebook. But i don't think it is related to this error. Following are the things i did for omniauth-facebook:
Gemfile contains:
gem "omniauth", "~> 1.1.4"
gem 'omniauth-facebook', '1.4.1'
In user model, added:
devise :omniauthable, :omniauth_providers => [:facebook]
attr_accessible :provider, :uid
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
devise.rb
require "omniauth-facebook"
config.omniauth :facebook, "APP_ID", "APP_SECRET", :scope => "offline_access, email"
omniauth.rb:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], {:provider_ignores_state => true}
end
route.rb:
devise_for :user, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }
Omniauth controller:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
#user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
if #user.persisted?
sign_in_and_redirect #user, :event => :authentication #this will throw if #user is not activated
set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format?
else
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
end
Can anybody help in this?
Thought I'd chip in here since this came up for me when trying to search for a solution for Could not authenticate you from Facebook because “Invalid credentials”
The problem is with Facebook API version >=2.3 you need to set {token_params: {parse: :json}} to your provider config.
devise.rb
config.omniauth :facebook,
APP_ID,
APP_SECRET,
token_params: { parse: :json } # <----- this line is NB
Answer found on this issue for omniauth-oauth2
UPDATE Aug 2018: The "invalid credentials" issue reoccurred, I had to remove the token_params setting for it to work again - so this may not be an issue anymore
Got it working!
My routes.rb and user.rb were wrong. And changed omniauth.rb too! Here are the previous and after files:
My routes.rb was:
devise_for :user, controllers: { registration: "registration" }
devise_for :user, controllers: { omniauth_callbacks: "omniauth_callbacks" }
So it was calling devise twice. I changed it to:
devise_for :user, controller: { registration: "registration", omniauth_callbacks: "omniauth_callbacks" }
Changed my omniauth.rb from this:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], provider_ignores_state: true
end
to this:
OmniAuth.config.logger = Rails.logger
Also, i defined method def self.find_for_facebook_oauth(auth, signed_in_resource=nil) outside user.rb model (major mistake).
So got it working perfectly now :-)
Hope this helps someone.
Got it working too :)
We don't need to add this code in omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
end
if we already declare it in devise.rb
require "omniauth-facebook"
config.omniauth :facebook, "APP_ID", "APP_SECRET"
It helped me to solve a similar problem:
Note: v2.0.1 has an issue with callback url error. You need to add a callback url on config.
config.omniauth :facebook, "APP_ID", "APP_SECRET",
callback_url: "CALLBACK_URL"
https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview
Upgrading gem to 4.0.0 and adding require "omniauth-facebook" to devise.rb fixed this for me.
I stack with this problem and no one advice was help me.
Problem was in redirect_uri. Devise omniauth gems generated it without https.
Finally resolved this by two steps:
Add force_ssl for rails.
Do not forget to add proxy_set_header X-Forwarded-Proto https; for nginx config, if you are using it.
So I have a rails app 2.x app that works fine via the web, but when trying to perform a POST I keep getting "Redirected to http://localhost:3000/session/new Filter chain halted as [:require_user] rendered_or_redirected.". In my iPhone app, I can create a new session and sign-in via my iPhone app, but cannot POST to say the POSTS_Controller.
I have this in my code
Posts_Controller
before_filter :require_user, :only => [:create, :update, :destroy]
Application_Controller
# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
include AuthenticatedSystem
include Geokit::Geocoders
helper :all # include all helpers, all the time
#session :session_key => '_cwa_session_id'
#filter_parameter_logging :password
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery # :secret => 'eejj7eded74769099999944a729b4f'
#filter_parameter_logging(:password)
before_filter :login_from_cookie
before_filter :find_user_interests
before_filter :find_user_posts
protected
def find_user_interests
#user_interests = cur_user ? cur_user.interesting_posts : []
logger.debug "User interests hash: #{current_user.inspect}"
end
def find_user_posts
#user_posts = cur_user ? cur_user.posts : []
end
def cur_user
User.find(session[:user_id]) if session[:user_id]
end
def require_user
unless cur_user
flash[:error] = "You must be logged in to do that."
redirect_to '/session/new'
return false
end
end
geocode_ip_address
def geokit
#location = session[:geo_location]
end
end
I have been working on this for 2 months and cannot figure out the issue. In my iPhone app I am using ObjectiveResource. I am sending over json and have "Mime::Type.register_alias "application/json", :json" set up on the rails side.
I am not a rails developer, but the before filter for require_user is unable to pass the cur_user test in that is cannot find :user_id in the session hash. Are you sure that you have a session that persists when using the iPhone? Are you using devise for authentication? Just for kicks, does it work if you manually pass the user_id as params?