After signing in redirecting again to sign in with Completed 401 Unauthorized in 52ms

[Shailesh]

Hi,

I have upgraded my application from Rails 2.3.5 to Rails 3.1.3. I had
restful_authentication for authentication in Rails 2.3.5.

I have upgraded authentication system from restful_authenticatication
to devise (1.5.3).I have followed the wiki page to get it done.

I have created custom sessionsController and Registration controller.I
am using login for authentication instead of email.

When I am sign in with correct login and password then I am
redirecting back to sign in page.

What can be the problem.? Please help me out.

My log is as follows

Started POST "/users/sign_in" for 127.0.0.1 at 2012-03-27 12:09:40
+0530
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"wqAgP
+7+XVBOzEvM2IPa4BrMdunoTvswaJ/dpBVWESU=", "user"=>{"login"=>"basu",
"password"=>"[FILTERED]"}, "commit"=>"Sign in"}
WARNING: Can't verify CSRF token authenticity
Geokit is using the domain: test_domain.com
Category Load (1.9ms) SELECT categories.* FROM categories ORDER BY
name ASC
User Load (0.6ms) SELECT users.* FROM users WHERE (login = 'basu')
LIMIT 1
(0.3ms) BEGIN
(0.1ms) COMMIT
Completed 401 Unauthorized in 52ms

Started GET "/users/sign_in" for 127.0.0.1 at 2012-03-27 12:09:40
+0530
Processing by SessionsController#new as HTML
Geokit is using the domain: test_domain.com
Category Load (1.5ms) SELECT categories.* FROM categories ORDER BY
name ASC
Rendered sessions/new.html.erb within layouts/application (1.9ms)
Rendered shared/_search_box.html.erb (0.7ms)

[Walter Lee Davis]

I just went through this in a project that I upgraded from 2.3.9 to 3.0.12. Make sure the csrf helper is in place on your application layout file.

Walter

[Shailesh Kalamkar]

Hi Walter,

Thank you very much for reply. I have referred  this link for removing csrf warning and added following in layout file

<meta name="csrf-token" content="<%= form_authenticity_token %>" />
<meta name="csrf-param" content="authenticity_token" />

By result of that, the warning is removed but problem still exist.

--
Thanks & Regards,

Shailesh Kalamkar
Take up one idea. Make that one idea your life - think of it, dream of it, live on that idea. Let the brain, muscles, nerves, every part of your body, be full of that idea, and just leave every other idea alone. This is the way to success - Swami Vivekananda

[Walter Lee Davis]

On Mar 27, 2012, at 11:16 AM, Shailesh Kalamkar wrote:

> Hi Walter,
>
> Thank you very much for reply. I have referred this link for removing csrf warning and added following in layout file
>
> <meta name="csrf-token" content="<%= form_authenticity_token %>" />
> <meta name="csrf-param" content="authenticity_token" />
>
> By result of that, the warning is removed but problem still exist.

When you're having the redirect issue, are you trying with a new user that you registered on the site, or are you trying to use the old logins from your previous authentication system?

Walter

[Shailesh Kalamkar]

I have tried with both the approaches. I have configured devise in model as follows

devise :database_authenticatable, :registerable,:recoverable, :rememberable, :confirmable,:trackable,
         :encryptable,:encryptor => :restful_authentication_sha1,:authentication_keys => [:login]

In config/devise.rb file I have set configuration as

  config.authentication_keys = [ :login ]
  config.reset_password_keys = [ :login ]
  config.case_insensitive_keys = [ :login ]
  config.strip_whitespace_keys = [ :login ]

[Walter Lee Davis]

On Mar 27, 2012, at 11:34 AM, Shailesh Kalamkar wrote:

> I have tried with both the approaches. I have configured devise in model as follows
>
> devise :database_authenticatable, :registerable,:recoverable, :rememberable, :confirmable,:trackable,
> :encryptable,:encryptor => :restful_authentication_sha1,:authentication_keys => [:login]
>
> In config/devise.rb file I have set configuration as
>
> config.authentication_keys = [ :login ]
> config.reset_password_keys = [ :login ]
> config.case_insensitive_keys = [ :login ]
> config.strip_whitespace_keys = [ :login ]

My question was more related to the user you are testing with. Is this a newly-registered user, someone you added after converting to Devise, or is it an existing user? The difference is that for the former, you know the hashing will be identical, because you made the hash with the same technique you're trying to use to confirm it. With the latter, it's less clear. Even though you have set up a hasher that *should* be identical, you never can tell with hashes.

[Shailesh Kalamkar]

Yes I got your point. I also had same doubt about it, thats why I have created user after adding devise support and tried logging in with that user and I have also tried with the old user (which was registered before adding devise).

For both user I am facing same issue.

[Shailesh]

Hi,

I am able to get rid of this. Extra columns in user model provided by devise was missing in the older user table created by the restful_athentication. Though I followed the instructions from wiki to migrate to devise there was not mentioned that we have to add extra columns,  there was only column name change related changes in the migration.

Between my ?User.rb code is now.

devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :encryptable,:encryptor => :restful_authentication_sha1,:authentication_keys => [:login]

attr_accessible :login, :password, :password_confirmation, :remember_me

I am able to sign in successfully but helper methods from devise always return that I am not signed in.

current_user returns nil and user_signed_in returns false though I am signed in.


I can see User record in session.

Can anyone tell me what can be the problem.