在 Rails 和 Devise 注册后，将用户登录到他们的子域 [英] Log a user into their subdomain after registration with Rails and Devise

问题描述

我在 Rails 3 应用程序中使用 Devise 进行身份验证.该应用程序使用 PostgreSQL 模式和 Apartment gem 来促进多租户.

I'm using Devise for authentication in my Rails 3 app. The application uses PostgreSQL schemas and the Apartment gem to facilitate multi-tenancy.

在创建帐户后登录和退出特定子域效果很好.用户只能登录其特定帐户的子域，这很好.

Logging in and out of a specific subdomain is working great after an account is created. Users can only login on the subdomain for their specific account, which is great.

这里是我遇到问题的地方...

Here's where I'm running into issues...

一个全新的用户点击注册网址:

A brand new user hits the sign up URL at:

http://foo.com/signup

默认情况下，当他们点击提交时，新帐户被创建，但用户被发送到:

By default, when they click submit, the new account is created, but the user is sent to:

http://foo.com/dashboard

相反，我希望他们去:

http://myaccount.foo.com/dashboard

为了实现这一点，我覆盖了 registrations_controller.rb 文件中的 after_sign_up_path_for 方法:

In order to achieve this, I overrode the after_sign_up_path_for method in my registrations_controller.rb file:

def after_sign_up_path_for(resource)
  root_url(:subdomain => resource.account.subdomain)
end

这按预期工作——它加载了正确的 URL——但用户的会话是为根域 (foo.com) 而不是子域创建的，因此要求用户登录.

This works as intended--it loads the correct URL--but the user's session was created for the root domain (foo.com) instead of the subdomain, so the user is asked to sign in.

我发现的一个建议是将 config/initializers/session_store.rb 更改为:

One suggestion I found is to change the config/initializers/session_store.rb to:

config.session_store :cookie_store, :key => '_domain_session', :domain => :all

但这允许任何人登录任何子域的帐户，这显然不酷.

But this allows anyone to login to an account on any subdomain, which obviously isn't cool.

问题:如何确保在注册时创建的会话对注册过程中创建的子域有效

Question: How can I ensure that the session created upon signup is valid for the subdomain that was created during the signup process

推荐答案

您可以在 config.session_store 中使用 domain: :all 选项，并按照评论中的某些建议使用 before_action.

You could use domain: :all option in your config.session_store and just have a before_action just as suggested by some in the comments.

所以你的代码仍然在 config/initializers/session_store.rb 或 config/application.rb 中:

So you'll still have the code in config/initializers/session_store.rb or in config/application.rb:

config.session_store :cookie_store, :key => '_domain_session', :domain => :all

然后在您的 application_controller 中添加以下代码:

Then in your application_controller add the following code:

#app/controllers/application_controller.rb
before_action :check_subdomain

def check_subdomain
  unless request.subdomain == current_user.account.subdomain
    redirect_to root_path, alert: "You are not authorized to access that subdomain."
  end
end

这篇关于在 Rails 和 Devise 注册后，将用户登录到他们的子域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！