I'm trying to login with Devise, but the login fails with a 406 Not Acceptable message from Rails 4. Specifically:
Started POST "/login.user" for 127.0.0.1 at 2015-04-03 14:37:21 -0600
Processing by Devise::SessionsController#create as
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"RLOQtv2L80h1VnMKynBuGsqsTEoggZzk3dWk6h8WdfQLOaOcoznTsPDortDQD5ql8qHm52l3+qnAxTf6U+dLxQ==",
"user"=>{"email"=>"jack@example.com",
"password"=>"[FILTERED]",
"remember_me"=>"0"},
"commit"=>"Log in"}
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["email", "jack@example.com"]]
(0.2ms) BEGIN
Role Load (0.4ms) SELECT "roles".* FROM "roles" INNER JOIN "unities" ON "roles"."id" = "unities"."role_id" WHERE "unities"."user_id" = $1 AND (((roles.name = 'nil') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 4]]
SQL (0.5ms) UPDATE "users" SET "last_sign_in_at" = $1, "current_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 WHERE "users"."id" = $5 [["last_sign_in_at", "2015-04-03 20:27:03.080761"], ["current_sign_in_at", "2015-04-03 20:37:21.763619"], ["sign_in_count", 7], ["updated_at", "2015-04-03 20:37:21.797872"], ["id", 4]]
(1.7ms) COMMIT
Completed 406 Not Acceptable in 160ms (ActiveRecord: 6.0ms)
I am trying to adapt the Sessions Controller I found here; these are the relevant parts:
class Users::SessionsController < DeviseController
prepend_before_filter :require_no_authentication, only: [:new, :create]
prepend_before_filter :allow_params_authentication!, only: :create
prepend_before_filter :verify_signed_out_user, only: :destroy
prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
# GET /resource/sign_in
def new
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(resource)
yield resource if block_given?
respond_with(resource, serialize_options(resource))
end
# POST /resource/sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in) if is_flashing_format?
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
end
end
Here are the relevant routes:
Prefix Verb URI Pattern Controller#Action
new_user_session GET /login(.:format) devise/sessions#new
user_session POST /login(.:format) devise/sessions#create
destroy_user_session GET /sign_out(.:format) users/sessions#destroy
My sessions/new.html.erb view uses this form:
<%= form_for(resource, as: resource_name, url: user_session_path(resource_name)) do |f| %>
<input name="authenticity_token"
type="hidden"
value="<%= form_authenticity_token %>"/>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true %>
</div>
<div class="field">
<%= f.label :password %><br />
<%= f.password_field :password, autocomplete: "off" %>
</div>
<% if devise_mapping.rememberable? -%>
<div class="field">
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
</div>
<% end -%>
<div class="actions">
<%= f.submit "Log in" %>
</div>
<% end %>
Notice I added the hidden authenticity_token in an attempt to address the 406 Not Acceptable message (I also have <%= csrf_meta_tags %> in my application.html.erb view), and from the POST I can see it's being sent.
My user model has devise: :database_authenticatable and validates_presence_of :email, :password.
I appreciate any tips or suggestions! I've tried many suggestions and there is a similar question here. I can provide any other info that might help.
