DemianArdus DemianArdus - 8 days ago 5
JSON Question

Overriding devise SessionsController destroy

I'm trying to override the destroy method from Devise's

SessionsController
, but I have had no success yet. I've already done it for the
create
method, but I don't know why it's not working for the
destroy
method.

This is my
SessionsController
:

module Api
module V1
class SessionsController < Devise::SessionsController
skip_before_filter :verify_authenticity_token, if: :json_request?

def create
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#failure")
resource.update_token
sign_in_and_redirect(resource_name, resource)
end

def sign_in_and_redirect(resource_or_scope, resource=nil)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless warden.user(scope) == resource
return render :json => {:success => true}
end

# DELETE /resource/sign_out
def destroy
puts "DELETE /resource/sign_out"

return render :json => {:success => true}
end

def failure
return render :json => {:success => false, :errors => ["Login failed."]}
end

protected

def json_request?
request.format.json?
end
end
end
end


If i use the following
curl
request, the create method works just fine:

curl -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:3000/users/sign_in -d '{"user":{"email":"demian@toptierlabs.com", "password":"TopTier2011"}}'


But when I use this:

curl -X DELETE -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:3000/users/sign_out


I get
<html><body>You are being <a href="http://localhost:3000/">redirected</a>.</body></html>
as the response, and the
puts "DELETE /resource/sign_out"
call never happens.

This is what I get in the Rails
STDOUT
output:

Started DELETE "/users/sign_out" for 127.0.0.1 at 2014-10-07 14:51:40 -0200
Processing by Api::V1::SessionsController#destroy as JSON
Parameters: {"session"=>{}}
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
Redirected to http://localhost:3000/
Filter chain halted as :verify_signed_out_user rendered or redirected
Completed 302 Found in 278ms (ActiveRecord: 0.0ms)


Thank you and sorry for my English!

Answer

You probably need to skip_before_filter :verify_signed_out_user. Take a look at https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb line 4.

Comments