ntegração do @SSL com o Devise How-To, não autenticando
Estou usandoSSL Requirementsement para obter os redirecionamentos adequados com Devise. Estou usando controladores de dispositivos personalizados para poder inserir o ssl_required nele
Gemfilegem 'bartt-ssl_requirement', '1.2.7', :require => 'ssl_requirement'
application_controller.rbclass ApplicationController < ActionController::Base
protect_from_forgery
include ::SslRequirement
Eu também customizei o nome do host para SSLRequirement
production.rbconfig.after_initialize do
SslRequirement.ssl_host = 'secure.website.com'
end
Configurar controladores de dispositivos personalizados é tão simples quanto criar um novo arquivo de controlador e ter a nomeação apropriada: (por exemplo, Session Controller). Certifique-se de gerar as visualizações e movê-las para a pasta apropriada para que seu controlador personalizado possa usá-la
session_controller.rbclass SessionsController < Devise::SessionsController
ssl_exceptions
def new
super
end
...
Tudo isso está funcionando ainda que, uma vez que eu ative o ssl_required (ou ssl_exceptions), o Devise não poderá mais se autenticar. Ele me redireciona para indexar ou me mantém na página de logi
Eu fiz questão de entrar em session_store.rb e atualizar meu cookie_store para incluir
session_store.rbApp::Application.config.session_store :cookie_store, :key => '_app_session', :httponly => true, :secure => true, :domain => '.website.com'
para mim, adicionando:domain => :all
também não estava resolvendo o problema
@ entrou no meu arquivo devise.rb e incluiu:
devise.rbconfig.cookie_options = { :secure => true
} ainda sem sucesso ... até escreveu todas as rotas personalizadas ignorando os padrões do Devise para incluir o protocolo https e o host seguro do subdomínio e ignorar as rotas padrão do inventário para se livrar dos caminhos duplicados ... Estou ficando sem opções neste momento:
constraints :protocol => "https", :host => "secure.website.com" do
devise_for :users, :controllers => { :sessions => 'sessions', :registrations => 'registrations', :passwords => 'passwords', :confirmations => 'confirmations', :unlocks => 'unlocks' }, :skip => [:sessions, :passwords, :registrations]
devise_scope :user do
#sessions
get "/users/sign_in" => "sessions#new", :as => nil
get "/users/sign_in" => "sessions#new", :as => :new_user_session
get "/users/sign_in" => "sessions#new", :as => :users_sign_in
get "/users/sign_out" => "sessions#destroy", :as => :destroy_user_session
get "/users/sign_out" => "sessions#destroy", :as => :users_sign_out
post "/users/sign_in" => "sessions#create", :as => :user_session
post "/users/sign_in" => "sessions#new", :as => nil
#registrations
get "/users/sign_up" => "registrations#new", :as => :users_sign_up
get "/users/sign_up" => "registrations#new", :as => :new_user_registration
get "/users/edit" => "registrations#edit", :as => :users_edit
get "/users/edit" => "registrations#edit", :as => :edit_user_registrations
get "/users/cancel" => "registrations#cancel", :as => :cancel_user_registration
post "/users/" => "registrations#create", :as => :user_registration
put "/users" => "registrations#update"
delete "/users" => "registrations#destroy"
#passwords
get "/users/password/new" => "passwords#new", :as => :users_password_new
get "/users/password/new" => "passwords#new", :as => :new_user_password
get "/users/password/edit" => "passwords#edit", :as => :edit_user_password
post "/users/password" => "passwords#create"
put "/users/password" => "passwords#update"
end
devise_for :admins, :controllers => { :sessions => 'sessions', :registrations => 'registrations', :passwords => 'passwords', :confirmations => 'confirmations', :unlocks => 'unlocks' }, :skip => [:sessions, :unlocks]
as :admin do
#sessions
get "/admins/sign_in" => "sessions#new"
get "/admins/sign_in" => "sessions#new", :as => :admins_sign_in
get "/admins/sign_in" => "sessions#new", :as => :new_admin_session
get "/admins/sign_out" => "sessions#destroy", :as => :destroy_admin_session
get "/admins/sign_out" => "sessions#destroy", :as => :admins_sign_out
post "/admins/sign_in" => "sessions#new"
post "/admins/sign_in" => "sessions#new", :as => :admin_session
#unlocks
get "/admins/unlock" => "unlocks#show"
get "/admins/unlock/new" => "unlocks#new", :,as => :admins_unlock_new
get "/admins/unlock/new" => "unlocks#new", :as => :new_admin_unlock
post "/admins/unlock" => "unlocks#create", :as => :admin_unlock
end
fi
otas @rake GET /users/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
new_user_session GET /users/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
users_sign_in GET /users/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
destroy_user_session GET /users/sign_out(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"destroy"}
users_sign_out GET /users/sign_out(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"destroy"}
user_session POST /users/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"create"}
POST /users/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
users_sign_up GET /users/sign_up(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"new"}
new_user_registration GET /users/sign_up(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"new"}
users_edit GET /users/edit(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"edit"}
edit_user_registrations GET /users/edit(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"edit"}
cancel_user_registration GET /users/cancel(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"cancel"}
user_registration POST /users(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"create"}
users PUT /users(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"update"}
DELETE /users(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"registrations", :action=>"destroy"}
users_password_new GET /users/password/new(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"passwords", :action=>"new"}
new_user_password GET /users/password/new(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"passwords", :action=>"new"}
edit_user_password GET /users/password/edit(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"passwords", :action=>"edit"}
users_password POST /users/password(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"passwords", :action=>"create"}
PUT /users/password(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"passwords", :action=>"update"}
admins_sign_in GET /admins/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
admins_sign_in GET /admins/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
new_admin_session GET /admins/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
destroy_admin_session GET /admins/sign_out(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"destroy"}
admins_sign_out GET /admins/sign_out(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"destroy"}
POST /admins/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
admin_session POST /admins/sign_in(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"sessions", :action=>"new"}
admins_unlock GET /admins/unlock(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"unlocks", :action=>"show"}
admins_unlock_new GET /admins/unlock/new(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"unlocks", :action=>"new"}
new_admin_unlock GET /admins/unlock/new(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"unlocks", :action=>"new"}
admin_unlock POST /admins/unlock(.:format) {:protocol=>"https", :host=>"secure.website.com", :controller=>"unlocks", :action=>"create"}
Tenho quase certeza de que tem a ver com meus cookies, alguém tem 2 centavos?
Posso postar mais código do aplicativo ou console, se necessário. Espero que isso tenha ajudado qualquer um a configurar o Devise personalizado e a incorporar SSL em seu aplicativo rails3 usando o Devise e o SSLRequiremen
Felizmente, podemos obter um artigo completo para um exemplo sólido para todos. Obrigado e deixe-me saber se você tiver alguma dúvida sobre como configurar controladores / visualizações de dispositivos personalizados / etc ...