Rails devise, find current_user by session_store key

0
votes

We have a production system (main app) running on Rails with devise gem configured (using Redis session store)(session is enabled for all subdomain)

I need to build a custom authentication service for one of our subdomain based microservice. For each request, this microservice will be calling our main app with session id (the cookie value of rails session store key) (which is configured in config/initializers/session_store.rb).

So the question is, can I find the user just by session id? (Using Devise or Warden)

1
ruby-on-railsruby-on-rails-3authenticationdevisewarden

1 Answers

2
votes

You can do this with a method Devise's Authenticatable module adds to your resource called serialize_from_session. You can pass in an expanded Warden session variable, which includes both the key and salt (serialize_from_session accepts both of those as parameters). For example, if you are using Devise on a User model:

user = User.serialize_from_array(*session['warden.user.user.key'])

The session['warden.user.user.key'] variable is an array of the record ID (as an array) and a salt. It would look something like [[1], "$2f$23$2DIUF7Vr.J5sbfGwHTew"].