vendredi 20 novembre 2015

Devise unwantedly authenticating on registrations request

I am trying to register a user via JSON api. Here I have a uniqueness validation on email.

The problem is whenever an existing user registers with his/her existing email and incorrect password(different from what it is in their existing account) in sign up page of android app, it gives a 401 unauthorized error instead of 403 as I am expecting here.

From devise docs, I have come to know that devise tries to authenticate every request for the particular model. In my case it does not proceed further if this authentication fails for registration. I want to return a 403 error here.

Is there a workaround for this?? TIA.

I have overridden the devise registrations controller for registrations from android app like this:

  class Api::V1::RegistrationsController < Devise::RegistrationsController
              skip_before_filter :verify_authenticity_token,
                                 :if => Proc.new { |c| c.request.format == 'application/json' }

              respond_to :json

              def create
                resource = build_resource(sign_up_params)

                if resource.save
                  render :status => 200,
                       :json => { :success => true,
                                  :info => "Successfully registered. A confirmation email has been sent.Please confirm it before you login!",
                                  :data => {:id => resource.id}
                                }
                else
                  render :status => 403,
                         :json => { :success => false,
                                    :info => resource.errors,
                                    :data => {} }
                end
              end
  end

My routes file reads something like:

 devise_for :users
    .
    .
    .
    .
    namespace :api do
        namespace :v1 do
           devise_scope :user do
            post 'confirmations/reconfirm' => 'confirmations#send_confirmation_mail'
            post 'registrations' => 'registrations#create', :as => 'register'
            put 'passwords' => 'passwords#update'
            post 'sessions' => 'sessions#create', :as => 'login'
            delete 'sessions' => 'sessions#destroy', :as => 'logout'
          end
        end
      end
    .
    .
    .
    Other routes here
    .
    .
    .

Aucun commentaire:

Enregistrer un commentaire