Device token_authenticatable is not working with encrypted auth_tokens

Asked Feb 26 '18 at 23:47

Active Feb 27 '18 at 16:35

Viewed 94 times

We have recently encrypted all our auth_tokens in the users table. I have modified the authenticate_user_from_token! in ApplicationController to encrypt the params[:auth_token] before comparing in database. It fetches the user record and sign_in user, store: false creates an entry in sessions table.

def authenticate_user_from_token!
  user_token = encrypt(params[:auth_token].presence)
  user = user_token && User.find_by_authentication_token(user_token)
  if user
    sign_in user, store: false
  end
end

However, it doesn't actually log the user in. It takes me to the login page. Is Devise using the auth_token somewhere else where I need to encrypt it or am I missing something else?

edited Feb 27 '18 at 16:35

asked Feb 26 '18 at 23:47

Saim

2,471
5
30
43

What is the console output when you try to log in? – kuwantum Feb 27 '18 at 02:01
shouldn't this be `encrypt(params[:auth_token])`? – khaled_gomaa Feb 27 '18 at 07:23
Khaled, yes it should be `encrypt(params[:auth_token])`, it was a typo. I have corrected it in question. – Saim Feb 27 '18 at 16:35
Maybe you should check devise `sessions_controller` – Fabrizio Bertoglio Feb 27 '18 at 21:22

Device token_authenticatable is not working with encrypted auth_tokens

0 Answers0

Linked