 |
From: Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
Date: Wed, 25 Apr 2012 09:37:03 -0300
Local: Wed, Apr 25 2012 8:37 am
Subject: Re: [devise] Protecting Users::OmniauthCallbacksController
The main question is: why would you want to protect this controller against anonymous users? Technically it's for anonymous users to get access to your application right? I think the best you can do to "protect" your controller, is to redirect to another place in case the omniauth hash is not present in the env - which probably means it didn't come from Facebook. -- On Wednesday, April 25, 2012 at 9:20 AM, Claudio Poli wrote:
> I'm trying to guard Users::OmniauthCallbacksController against anonymous users. > If we take a look at lib/devise/controllers/helpers.rb in define_helpers, authenticate_#{mapping} calls warden only if this is not a devise controller or if force. > Since Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController is a devise controller, I though using this: > before_filter :authenticate_user!, force: true > But it still does not have any effect. Should I start using user_signed_in? > Thanks. You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||