Rails + Devise: When a user tries to sign in before confirming with the confirmation email, no error notice appears?

2
votes

So I have a Rails app with Devise set up. I have :confirmable set up in my Users table, and sending confirmation emails works perfectly.

However, I'm running into a small issue with unconfirmed users trying to sign in.

When an invalid email/password combination are input into the login, I get a flash notice that says "Invalid email or password.". However, if an unconfirmed user signs in correctly, they are redirected back to /users/sign_in, but there is no flash message for "You have to confirm your account before continuing.", which is defined in /config/locales/devise.en.yml.

I have overridden thses methods:

RegistrationsController) :new, :create

SessionsController) :create

ConfirmationsController) :after_confirmation_path_for

What exactly does Devise do when an unconfirmed user signs in with the correct credentials? I tried putting a binding.pry statement at the top of my sessions#create method, but it never hits it, meaning Devise must have some sort of outside check for this. I've attempted to look at the source code to no avail.

This is what the log states is happening:

Started POST "/users/sign_in" for 127.0.0.1 at 2013-10-18 15:04:26 -0400
Processing by SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"03kQgiMGyXcq/nW8jlVyGkGDw1Q9lpP+JZ03e+LZHPU=", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}, "commit"=>"Login"}
  [1m[35mUser Load (0.7ms)[0m  SELECT `users`.* FROM `users` WHERE `users`.`email` = '[email protected]' LIMIT 1
  [1m[36m (0.2ms)[0m  [1mBEGIN[0m
  [1m[35m (0.1ms)[0m  COMMIT
Completed 401 Unauthorized in 90ms


Started GET "/users/sign_in" for 127.0.0.1 at 2013-10-18 15:04:27 -0400
Processing by SessionsController#new as HTML
  Rendered devise/shared/_links.haml (0.6ms)
  Rendered devise/sessions/new.html.haml within layouts/application (5.0ms)
  Rendered layouts/_header.html.haml (0.9ms)
  Rendered layouts/_navigation.html.haml (0.6ms)
  Rendered layouts/_footer.html.haml (0.9ms)
Completed 200 OK in 33ms (Views: 28.0ms | ActiveRecord: 0.0ms)

So it does look like the sessions#create method is being hit. So I'm not sure where to go from here. Any help would be appreciated!

config/routes.rb

 devise_for :users, :controllers => {
    :registrations => "registrations", 
    :sessions => "sessions", 
    :confirmations => "confirmations"}
1
ruby-on-railsdeviseruby-on-rails-4confirmation
Well it's hitting create, getting an "unauthorized" and re-rendering new. This is behaving as it should. Can you post your routes for devise, make sure it's hitting your custom controller.trh
I have my routes correct, as it does hit the create method when signing in with a valid email/password. I'm just trying to create a flash[:notice] message when an unconfirmed user tries to log in.justindao
I see, are you getting a message and not the message you expect or are you getting nothing?trh
Getting nothing. Although I do get a message when a valid user inputs the wrong info. I've read some things about maybe it's redirecting twice, which is why I'm losing the notice, but the log says otherwise.justindao

1 Answers

1
votes

Figured it out. When something in devise calls one of the message under :failures, it doesn't put the message in flash[:notice], it puts the message in flash[:alert], so I just needed to add

#alert= alert

to my haml.

Source: Always getting 401 Unauthorized with new install of Rails + Devise