36

I am using Devise in my site I create admin namespace and giving functionality of create user by admin.
my routes are as under

devise_for :users,:has_many => :comments, :controllers => {:sessions =>'devise/sessions',:registrations => 'devise/registrations'} do    
  get "/login", :to => "devise/sessions#new", :as => :login  

  get "/signup", :to => "devise/registrations#new", :as => :signup     

  get "/logout", :to => "devise/sessions#destroy", :as => :logout
end

when i click on add_user link which has signup_path causing following error:

My Error

 Started GET "/signup" for 127.0.0.1 at Fri Mar 09 12:49:11 +0530 2012    
 Processing by Devise::RegistrationsController#new as HTML    
 User Load (0.1ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 35 LIMIT 1    
 Redirected to http://localhost:3000/admin     
 Filter chain halted as :require_no_authentication rendered or redirected
 Completed 302 Found in 3ms (ActiveRecord: 0.1ms)

I think it going to the devise registration controller but due to following line it cause an error in devise registration controller 

prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
Arslan Ali
  • 17,418
  • 8
  • 58
  • 76
urjit on rails
  • 1,763
  • 4
  • 19
  • 36
  • 6
    Are you sure that you don't have a logged in user ? Try to logout (or clean your domain's cookies) and see if it works. – Rodrigo Flores Mar 09 '12 at 12:17
  • yes, I logged in as admin and admin can add user so add user page(registration) can be open and not redirected to localhost:3000/admin. – urjit on rails Mar 10 '12 at 07:37
  • as i said i think problem is prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]. should i have require_no_authentication method in my helper? – urjit on rails Mar 10 '12 at 07:38
  • In addition to the above, I created a 'welcome_controller.rb' file with a blank method 'index' under app/controllers and also added 'root to: 'welcome#index' in config/routes.rb file. – Raj Apr 12 '20 at 13:01

5 Answers5

33

The mentioned line on Devise's Controller makes sense in general cases: a logged in user can't sign up. As you're on a case where only an admin can create a user, I would suggest that you don't use Devise's controller on Registerable module and write your own controller with your own rules. You can write it based on Devise's controller changing only the mentioned line.

If you want to use it, try skipping the before_filter with skip_before_filter. I don't think it is the best solution. and I would write my own controller.

Rodrigo Flores
  • 2,411
  • 18
  • 17
9

I was receiving the following error in my development log.

Filter chain halted as :require_no_authentication

An endless loop was created because devise's after_sign_in_path_for in application_controller.rb was redirecting back to the previous page with 

stored_location_for(resource)

Devise's gem signs in the user when the password is edited.

Natus Drew
  • 1,876
  • 1
  • 21
  • 23
8

Like you, I wanted an Admin user to be able to add new users. But I didn't want to mess with the Devise Registerable, since I actually wanted users to still be able to register themselves. I have some admin users with permission to add a new user, so I created additional methods in my users controller and additional views to handle that case.

My additional methods are not referenced by Devise's prepend_before_filter :require_no_authentication, so they don't get the error.

My recipe:

In app/controllers/users_controller.rb (or whatever object you are using devise for): Copy the new, create and update methods and rename the copies to admin_new, admin_create, and admin_update.

In app/views/users, copy new.html.erb to admin_new.html.erb Change the partial to refer to admin_form instead of form:

 <%= render 'admin_form' %>

Then copy the partial _form.html.erb to _admin_form.html.erb. In _admin_form.html.erb, change the form_for to use a different URL:

form_for(@user, :url => '/users/admin_create')

Add routes in config/routes.rb to point to the alternate methods in the user controller:

devise_scope :user  do
    ...
    get  'users/admin_new' => 'users#admin_new'
    post 'users/admin_create' => 'users#admin_create'
end

Now you can add users while you are logged in by going to /users/admin_new, and users are still able to create their own user (register) using the devise mechanism that you have not disturbed.

Don Law
  • 1,329
  • 13
  • 7
6

I got an even simpler solution:

prepend_before_filter :require_no_authentication, only: [:cancel ]

By removing :new, :create from the prepend_before_filter it overrides devise source code and solve the problem. I had the same issue and it solved my problem.

peterh
  • 11,875
  • 18
  • 85
  • 108
Antoine
  • 559
  • 8
  • 21
  • one liner. +1 for being succinct – Jerome May 07 '16 at 14:09
  • @antoine where to add this code ?? can u explain a bit more – thedudecodes May 25 '17 at 20:54
  • 1
    @pawankumar There is a method to manager Devise registrations using a `class RegistrationsController < Devise::RegistrationsController` In it, the first line would state `prepend_before_filter :require_no_authentication, only: [:cancel ]` – Jerome Sep 05 '17 at 14:09
0

I also noticed in my application that when I create a user and log in as that user, the above messages are displayed by the rails server console and I am redirected to rails localhost default window 'Yay, You are on Rails'.

This is because no page is defined to take the logged-in user. When I defined a welcome page 'index.html.erb' in a folder, say, 'welcome' under 'views' folder, the login was successful and it worked. You can try this.

Raj
  • 51
  • 1
  • 5