在使用Rails和Devise注册后,将用户记录到子域中 [英] Log a user into their subdomain after registration with Rails and Devise
问题描述
登录和退出特定子域名在之后运行良好帐户已创建。用户只能在子域登录其特定帐户,这是非常好的。
这里是我遇到的问题...
一个全新的用户点击注册网址:
http://foo.com/signup
默认情况下,当他们点击提交时,新帐户被创建,但用户被发送到:
http://foo.com/dashboard
相反,我希望他们去到:
http://myaccount.foo.com/dashboard
为了实现这一点,我在 registrations_controller.rb
文件中覆盖了 after_sign_up_path_for
方法:
def after_sign_up_path_for(资源)
root_url(:subdomain => resource.account.subdomain)
结束
这个工作原理 - 加载正确的URL - 但用户的会话是为根域(foo.com)而不是子域n,所以用户被要求登录。
我发现一个建议是更改 config / initializers / session_store.rb
to:
config.session_store:cookie_store,:key => '_domain_session',:domain => :所有
但这允许任何人登录到任何子域中的帐户,这显然不是很酷
问题:如何确保在注册上创建的会话对已创建的子域有效在注册过程中
您可以使用 domain::all
在你的config.session_store中,只要有一个before_action就像一些在注释中提出的那样。
所以你仍然可以在config / initializers / session_store.rb或config / application.rb中找到代码:
config.session_store:cookie_store,:key => '_domain_session',:domain => :所有
然后在您的application_controller中添加以下代码:
#app / controllers / application_controller.rb
before_action:check_subdomain
def check_subdomain
除非request.subdomain == current_user .account.subdomain
redirect_to root_path,alert:您无权访问该子域。
end
end
I'm using Devise for authentication in my Rails 3 app. The application uses PostgreSQL schemas and the Apartment gem to facilitate multi-tenancy.
Logging in and out of a specific subdomain is working great after an account is created. Users can only login on the subdomain for their specific account, which is great.
Here's where I'm running into issues...
A brand new user hits the sign up URL at:
http://foo.com/signup
By default, when they click submit, the new account is created, but the user is sent to:
http://foo.com/dashboard
Instead, I want them to go to:
http://myaccount.foo.com/dashboard
In order to achieve this, I overrode the after_sign_up_path_for
method in my registrations_controller.rb
file:
def after_sign_up_path_for(resource)
root_url(:subdomain => resource.account.subdomain)
end
This works as intended--it loads the correct URL--but the user's session was created for the root domain (foo.com) instead of the subdomain, so the user is asked to sign in.
One suggestion I found is to change the config/initializers/session_store.rb
to:
config.session_store :cookie_store, :key => '_domain_session', :domain => :all
But this allows anyone to login to an account on any subdomain, which obviously isn't cool.
Question: How can I ensure that the session created upon signup is valid for the subdomain that was created during the signup process
You could use domain: :all
option in your config.session_store and just have a before_action just as suggested by some in the comments.
So you'll still have the code in config/initializers/session_store.rb or in config/application.rb:
config.session_store :cookie_store, :key => '_domain_session', :domain => :all
Then in your application_controller add the following code:
#app/controllers/application_controller.rb
before_action :check_subdomain
def check_subdomain
unless request.subdomain == current_user.account.subdomain
redirect_to root_path, alert: "You are not authorized to access that subdomain."
end
end
这篇关于在使用Rails和Devise注册后,将用户记录到子域中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!