I'm using Omniauth as my only method for signing into my Rails application.
The issue is: When a user clicks "Logout", the page reloads and the Logout link is still there (despite if user_signed_in? logic wrapping it). Which leads me to believe that users aren't actually getting logged out
Here's my index.html.erb:
<% if user_signed_in? %>
<%= link_to "Authenticate with Google", user_omniauth_authorize_path(:google_oauth2) %>
<% else %>
<%= link_to('Logout', destroy_user_session_path, :method => :delete) %>
<% end %>
And my user.rb
def self.from_omniauth(auth)
if user = User.find_by_email(auth.info.email)
user.provider = auth.provider
user.uid = auth.uid
user
else
where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
user.provider = auth.provider
user.uid = auth.uid
user.email = auth.info.email # THIS (user.email) value i want to provide to my registration form as default value
end
end
end
And my omniauth_callbacks_controller.rb:
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
skip_before_filter :redirect_to_login_if_required
def google_oauth2
@user = User.from_omniauth(request.env["omniauth.auth"])
if @user.persisted?
sign_in_and_redirect @user, :event => :authentication
return
else
session["devise.user_attributes"] = @user.attributes
redirect_to new_user_registration_path
end
end
end
And my routes.rb:
devise_for :users, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }
Unfortunately it's not bringing me back an error. It's just refreshing the index page as if nothing happened.
Edit: Here's the POST when I click Logout
Started DELETE "/users/sign_out" for ::1 at 2015-07-06 11:00:22 -0400
Processing by Devise::SessionsController#destroy as HTML
Parameters: {"authenticity_token"=>"7QXScU8eVW6NVedKG5P86rPxkaP8uJdUzyJ712ZrYXtK7QjP/m33eQ2WE/ituUvFQ2GeenXLRBaiVibxEjHG6w=="}
Redirected to http://localhost:3000/
Filter chain halted as :verify_signed_out_user rendered or redirected
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Edit 2: I've included this in my application_controller.rb
before_action :authenticate_user!
And now the error message I'm getting in the console is:
Started GET "/users/auth/google_oauth2/callback?state=c92f3f9e0a8db79485e56ec2a1defd91949e8e7d99a02130&code=4/pgl_HZFw113L7VJ-rSaV9-JYngABkfgx7lqRm06Dyqg" for ::1 at 2015-07-06 16:12:14 -0400
I, [2015-07-06T16:12:14.739138 #2442] INFO -- omniauth: (google_oauth2) Callback phase initiated.
Processing by OmniauthCallbacksController#google_oauth2 as HTML
Parameters: {"state"=>"c92f3f9e0a8db79485e56ec2a1defd91949e8e7d99a02130", "code"=>"4/pgl_HZFw113L7VJ-rSaV9-JYngABkfgx7lqRm06Dyqg"}
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT 1 [["email", "[email protected]"]]
(0.1ms) begin transaction
SQL (0.4ms) UPDATE "users" SET "last_sign_in_at" = ?, "current_sign_in_at" = ?, "sign_in_count" = ?, "updated_at" = ? WHERE "users"."id" = ? [["last_sign_in_at", "2015-07-06 20:11:47.636852"], ["current_sign_in_at", "2015-07-06 20:12:15.365770"], ["sign_in_count", 42], ["updated_at", "2015-07-06 20:12:15.366734"], ["id", 4]]
(1.4ms) commit transaction
Redirected to http://localhost:3000/
Completed 302 Found in 15ms (ActiveRecord: 2.1ms)
Started GET "/" for ::1 at 2015-07-06 16:12:15 -0400
Processing by ProductlinesController#index as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms)
From the logs you posted, you have
This is the reason for your problem.
Adding
skip_before_filter :verify_signed_out_user
to your controller should solve the problem.Update:
You need to change your code in index.html.erb to the following
Source: Devise Wiki