DeviseToken Auth Not Receiving token/header data to logout

0
votes

I am having an issue getting devise_token_auth logout working.

I am working based on these SO:

How to set header and options in axios?

Why am I unable to sign out using devise_token_auth and curl?

This is the devise token auth, destroy method. It does reach this method and stops at a breakpoint.

https://github.com/lynndylanhurley/devise_token_auth/blob/c92258038c05fcc8f6a0374ccce2e63b9f8d5312/app/controllers/devise_token_auth/sessions_controller.rb#L48

    def destroy
      # remove auth instance variables so that after_action does not run
      user = remove_instance_variable(:@resource) if @resource
      client = @token.client
      @token.clear!

      if user && client && user.tokens[client]
        user.tokens.delete(client)
        user.save!

        yield user if block_given?

        render_destroy_success
      else
        render_destroy_error
      end
    end

@token is set in another method and it doesn't appear to be called. I don't quite get how this method is supposed to clear tokens.

My @token is #<struct DeviseTokenAuth::TokenFactory::Token client=nil, token=nil, token_hash=nil, expiry=nil> and @resource is nil at my break point/top of the method.

Client Request (Vue):

 methods: {
      headers() {
        const config = {
          headers: {
            "uid": localStorage.getItem("uid"),
            "client": localStorage.getItem("client"),
            "access-token": localStorage.getItem("access-token")
          }
        }
        return config
      },

      async handleLogOut() {
        // e.preventDefault();
        const headers = this.headers()

        localStorage.removeItem('access-token')
        localStorage.removeItem('uid')
        localStorage.removeItem('client')

        this.logOut();

        let response = await axios.get('api/v1/auth/sign_out', null, headers)
      }
    }

Routes:

 destroy_api_user_session GET    /api/v1/auth/sign_out(.:format)                                                          api/v1/sessions#destroy

What am I doing wrong? How is the destroy method working?

1
ruby-on-railsvue.jsauthenticationdevise-token-auth
I think why your destroy method isn't working is because you're using axios.get(), and I believe you should use axios.delete() instead, because for devise sign out is using delete request method. - Khrisna Gunanasurya
I get this ActionController::RoutingError (No route matches [DELETE] "/api/v1/auth/sign_out"): I will add the routes I have. The routes could be different for devise vs devise_token_auth. - user3738936
could you show me the routes.rb? because I never use devise_token_auth but I think destroy must be a delete request method. as in here you can check that he is using delete method - Khrisna Gunanasurya
ah right by default. I changed it in the config though to use a get route. config.sign_out_via = :get - user3738936
I see you already get the answer, glad to see that :) - Khrisna Gunanasurya

1 Answers

1
votes

Ok, I missed this before_action method:

https://github.com/lynndylanhurley/devise_token_auth/blob/c92258038c05fcc8f6a0374ccce2e63b9f8d5312/app/controllers/devise_token_auth/concerns/set_user_by_token.rb#L26

This is where it takes your headers, checks them and sets instance variables.

By finding this I realized I was not sending the headers that I thought I was sending. I changed my http request it works fine.

axios.get('api/v1/auth/sign_out', headers)

Side Note: The logout action by default in devise is delete but this can be modified:

  config.sign_out_via = :get