How can I sign out a devise user from the Rails console?

42
votes

My devise users are "database_authenticatable" and "token_authenticatable". I've tried deleting the "authentication_token" field in the database for that user from the console, but they still seem to be able to use their existing auth token. Deleting the user entirely works, but I don't want to go that far.

Edit: for clarity. I want to use the rails console to sign out a user. i.e. run rails console and then some command.

8
ruby-on-railsdeviselogout

8 Answers

18
votes

Devise provides helper methods to do these things:

user = User.find(params[:id])
sign_in user
sign_out user

Hope this helps.

0
votes

If you are using Devise you could use the below in your rails console. This works perfect for me as in my app if you are using only 1 session per user account. I am storing my sessions in redisDB.

user = User.first
user.update_attributes(unique_session_id: "")

All I had to do was clear my users unique_session_id for that user and rails kicks the user out of the session.

But for multiple sessions for the same User account this does not work.

If you want to clear all user sessions you can do the below from terminal

rake db:sessions:clear
0
votes

To sign_in by Devise check this way in console:

$ rails console
include Warden::Test::Helpers
def sign_in(resource_or_scope, resource = nil)
  resource ||= resource_or_scope
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  login_as(resource, scope: scope)
end

def sign_out(resource_or_scope)
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  logout(scope)
end

@user = User.find(1)
sign_in @user

Then open http://127.0.0.1:3000/users/sign_in to test, in my case it will bypass this page and go to home page! Same to sign_out!

-2
votes

You may be able to use the helpers that others have mentioned after including the necessary module:

include Devise::Controllers::SignInOut

source: Module: Devise::Controllers::SignInOut

There's also another SO question where someone shares a method that doesn't involve using Devise helpers here.

-3
votes

I'm not a fan of the sign_out @user pattern because, at least for the devise version I'm using, that signs out the current user, regardless of the argument I pass it. If you're storing sessions in your database then you can do this:

@user.update_attributes(current_sign_in_token: "")

TBH I don't think that's the best way to do it, but it's the best way I've seen in my own research.

-3
votes

I believe you can simply update the password_salt and it will invalidate the user session on their next request.

user = User.first
user.update_column(:password_salt, 'reset')

Reference: http://www.jonathanleighton.com/articles/2013/revocable-sessions-with-devise/

-3
votes

For old devise versions

Seems attribute tokens save sessions:

user.tokens = nil
user.save
-8
votes

You can create a logout link in views->layouts->application.html.erb as:-

<= link_to 'Log Out', destroy_user_session_path, method: :delete %>

It worked for me - hope it does for others as well.