I have two Devise models, User and Business; I would like both to be able to sign in using a single sign in form. I am using backbone js and I have a customized view so the view is not a concern. An ajax request is used for the login, it works for users as expected but not for businesses.
I have searched google and come across a few solutions that mention using STI to solve this, but the project is very much done and I can't make such a change now. I was thinking along the lines of overriding the Devise sessions controller and:
- Check if the given email address is a User, then authenticate the user using Warden.
- If no user with that email is found then authenticate with the Business model using Warden.
I can't figure out how to change the code to achieve the above, I don't know how warden works and which params I need to tweak to achieve the above, what functions need to be called. Can anyone point me in the right direction or provide an example of how should I move forward with this.
Thanks.
Don't worry, you're not stuck.
I think your best option is to override Devise's session controller and alter the 'new' and 'create' methods for a session.
So in your own "sessions_controller.rb", you will have something like this:
class SessionsController < Devise::SessionsController
# GET /resource/sign_in
def new
resource = build_resource(nil, :unsafe => true)
clean_up_passwords(resource)
respond_with(resource, serialize_options(resource))
end
# POST /resource/sign_in
def create
resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_with resource, :location => after_sign_in_path_for(resource)
end
end
And in your routes, you would use something like (depending on what you named your user models):
devise_for :users, :controllers => {
:sessions => 'sessions'
}
devise_for :businesses, :controllers => {
:sessions => 'sessions'
}
The above session controller is not customized at all. I don't know your code, so I can't really help there. But the basic steps are:
- Inspect the
auth_options and resource_name variables to understand how they are storing data.
- Add your conditional logic to alter those variables if the
resource isn't found in the Users table.
Devise is great, and Roles are great, but sometimes having one User model, or even using STI, don't make sense. I'm writing a longer post on this exact issue soon, since I dealt with it in a recent project.
Consider using only the User model and use CanCan and Rolify to address the unique needs of each type of user. It might mean starting over with some of your code, but it may be easier to maintain in the long run.
Don't just take my word for it. Here's a related question with good responses.
I recently came up with this total hack to make this work. My advice is to strongly consider a single user model with a role, but this works -- at least with the current version of Devise.
https://gist.github.com/jeremyw/5319386
If you monkeypatch or otherwise override default behavior like this, make sure you have a good test suite in case you ever want to try to upgrade Devise.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 男人必须洒脱 的文章《Devise - single sign in form for multiple users》','https://www.manongdao.com/article-406541.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}