TechQA.

Devise / Rails 4 Mobile authentication failure

252 views Asked by At

Im using devise with a rails 4 application.

Authentication works fine on most devices, including some old feature phones.

I am however running into problems with the Nokia Lumia and Blackberry Z10

Please see log snippet below. By the looks of things this appears to be a rails issue rather than a devise problem.

Please Help!

014-05-30T09:47:38.668478+00:00 app[web.1]: Started POST "/users/sign_in" for 197.111.223.249 at 2014-05-30 09:47:38 +0000 2014-05-30T09:47:38.668505+00:00 app[web.1]: Started POST "/users/sign_in" for 197.111.223.249 at 2014-05-30 09:47:38 +0000 2014-05-30T09:47:38.672961+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML 2014-05-30T09:47:38.672968+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML 2014-05-30T09:47:38.674163+00:00 app[web.1]: Can't verify CSRF token authenticity 2014-05-30T09:47:38.673021+00:00 app[web.1]: Parameters: {"utf8"=>"✓", "authenticity_token"=>"Ckyw9vAfxbgksugLMainfWoG2jRdq7GB5xBBGxqYhCs=", "user"=>{"email"=>"", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"} 2014-05-30T09:47:38.673027+00:00 app[web.1]: Parameters: {"utf8"=>"✓", "authenticity_token"=>"Ckyw9vAfxbgksugLMainfWoG2jRdq7GB5xBBGxqYhCs=", "user"=>{"email"=>"", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"} 2014-05-30T09:47:38.674170+00:00 app[web.1]: Can't verify CSRF token authenticity 2014-05-30T09:47:38.677792+00:00 app[web.1]: Completed 422 Unprocessable Entity in 5ms 2014-05-30T09:47:38.677799+00:00 app[web.1]: Completed 422 Unprocessable Entity in 5ms 2014-05-30T09:47:38.683294+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): 2014-05-30T09:47:38.683299+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:170:in handle_unverified_request' 2014-05-30T09:47:38.683289+00:00 app[web.1]: 2014-05-30T09:47:38.683298+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:163:inhandle_unverified_request' 2014-05-30T09:47:38.683303+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:177:in verify_authenticity_token' 2014-05-30T09:47:38.683305+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.1/lib/active_support/callbacks.rb:417:in_run__3672081613755604432__process_action__callbacks'

Form : 

<%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => {:class => "form-signin"}) do |f| %>


<h2 class="form-signin-heading">Sign in</h2>

  <%= devise_error_messages! %>

 <div><%= f.label :email %><br />
 <%= f.email_field :email, :autofocus => true, :class=> "form-control" %></div>

 <div><%= f.label :password %><br />
 <%= f.password_field :password , :class=> "form-control"%></div>

 <% if devise_mapping.rememberable? -%>
   <div><%= f.check_box :remember_me, :class=> "form-control"%> <%= f.label :remember_me %></div>
 <% end -%>

<div><%= f.submit "Sign in" ,:class => "btn btn-lg btn-primary btn-block"%></div>

<input name="authenticity_token" type="hidden" value="<%= form_authenticity_token %>"/>

 <%= render "devise/shared/links" %>
<% end %>

HTML in browser

  <!DOCTYPE html>
<html>
<head>
<script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"beacon-6.newrelic.com","errorBeacon":"bam.nr-data.net","licenseKey":"007e4afc34","applicationID":"3726760","transactionName":"egsMQRdZXAoARBwAUU8NEVBKRVUVFl9cCkcWCgdC","queueTime":9,"applicationTime":8,"ttGuid":"","agentToken":null,"agent":"js-agent.newrelic.com/nr-411.min.js"}</script>
<script type="text/javascript">window.NREUM||(NREUM={}),__nr_require=function(t,n,e){function r(e){if(!n[e]){var o=n[e]={exports:{}};t[e][0].call(o.exports,function(n){var o=t[e][1][n];return r(o?o:n)},o,o.exports)}return n[e].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<e.length;o++)r(e[o]);return r}({D5DuLP:[function(t,n){function e(t,n){var e=r[t];return e?e.apply(this,n):(o[t]||(o[t]=[]),void o[t].push(n))}var r={},o={};n.exports=e,e.queues=o,e.handlers=r},{}],handle:[function(t,n){n.exports=t("D5DuLP")},{}],G9z0Bl:[function(t,n){function e(){var t=l.info=NREUM.info;if(t&&t.agent&&t.licenseKey&&t.applicationID&&p&&p.body){l.proto="https"===f.split(":")[0]||t.sslForHttp?"https://":"http://",i("mark",["onload",a()]);var n=p.createElement("script");n.src=l.proto+t.agent,p.body.appendChild(n)}}function r(){"complete"===p.readyState&&o()}function o(){i("mark",["domContent",a()])}function a(){return(new Date).getTime()}var i=t("handle"),u=window,p=u.document,s="addEventListener",c="attachEvent",f=(""+location).split("?")[0],l=n.exports={offset:a(),origin:f,features:[]};p[s]?(p[s]("DOMContentLoaded",o,!1),u[s]("load",e,!1)):(p[c]("onreadystatechange",r),u[c]("onload",e)),i("mark",["firstbyte",a()])},{handle:"D5DuLP"}],loader:[function(t,n){n.exports=t("G9z0Bl")},{}]},{},["G9z0Bl"]);</script>
  <title>Appraiser Events</title>
  <link data-turbolinks-track="true" href="/assets/application-d90aa6b607e1084c9802752503a4569f.css" media="all" rel="stylesheet" />
  <script data-turbolinks-track="true" src="/assets/application-63257f1821daa59804517c178ec3a2be.js"></script>
  <meta content="authenticity_token" name="csrf-param" />
<meta content="eV2KxHpxUoVW9QS8FWt6IaP8SJXoHoJPtYycJPUmVbU=" name="csrf-token" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
    <div class="container">

        <p class="notice"></p>

<form accept-charset="UTF-8" action="/users/sign_in" class="form-signin" id="new_user" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /><input name="authenticity_token" type="hidden" value="eV2KxHpxUoVW9QS8FWt6IaP8SJXoHoJPtYycJPUmVbU=" /></div>

    <h2 class="form-signin-heading">Sign in</h2>



  <div><label for="user_email">Email</label><br />
  <input autofocus="autofocus" class="form-control" id="user_email" name="user[email]" type="email" value="" /></div>

  <div><label for="user_password">Password</label><br />
  <input class="form-control" id="user_password" name="user[password]" type="password" /></div>

    <div><input name="user[remember_me]" type="hidden" value="0" /><input class="form-control" id="user_remember_me" name="user[remember_me]" type="checkbox" value="1" /> <label for="user_remember_me">Remember me</label></div>

  <div><input class="btn btn-lg btn-primary btn-block" name="commit" type="submit" value="Sign in" /></div>

  <input name="authenticity_token" type="hidden" value="eV2KxHpxUoVW9QS8FWt6IaP8SJXoHoJPtYycJPUmVbU="/>



  <a href="/users/password/new">Forgot your password?</a><br />




</form>


        </div>
    </body>
   </html>
ruby-on-rails windows devise nokia lumia
Original Q&A
1

There are 1 answers

10
crispychicken On

Could you please share your form? It seems to be an issue with the authenticity token.

You can try to add the token in the form options:

<%= form_tag ..., authenticity_token: true do %>

In your case:

<%= form_for(resource, :as => resource_name, :url => session_path(resource_name), authenticity_token: true, :html => {:class => "form-signin"}) do |f| %>

Related Questions in RUBY-ON-RAILS

Related Questions in WINDOWS

Related Questions in DEVISE

Related Questions in NOKIA

Related Questions in LUMIA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions