在使用Rails和Devise注册后，将用户记录到子域中 [英] Log a user into their subdomain after registration with Rails and Devise

问题描述

我在Rails 3应用中使用Devise进行身份验证。该应用程序使用PostgreSQL模式和公寓宝石以促进多租户。

登录和退出特定子域名在之后运行良好帐户已创建。用户只能在子域登录其特定帐户，这是非常好的。

这里是我遇到的问题...

一个全新的用户点击注册网址：

http://foo.com/signup

默认情况下，当他们点击提交时，新帐户被创建，但用户被发送到：

http://foo.com/dashboard

相反，我希望他们去到：

http://myaccount.foo.com/dashboard

为了实现这一点，我在 registrations_controller.rb 文件中覆盖了 after_sign_up_path_for 方法：

  def after_sign_up_path_for（资源）
 root_url（：subdomain => resource.account.subdomain）
结束
  

这个工作原理 - 加载正确的URL - 但用户的会话是为根域（foo.com）而不是子域n，所以用户被要求登录。

我发现一个建议是更改 config / initializers / session_store.rb to：

  config.session_store：cookie_store，：key => '_domain_session'，：domain => ：所有
  

但这允许任何人登录到任何子域中的帐户，这显然不是很酷

问题：如何确保在注册上创建的会话对已创建的子域有效在注册过程中

解决方案

您可以使用 domain：：all 在你的config.session_store中，只要有一个before_action就像一些在注释中提出的那样。

所以你仍然可以在config / initializers / session_store.rb或config / application.rb中找到代码：

  config.session_store：cookie_store，：key => '_domain_session'，：domain => ：所有
  

然后在您的application_controller中添加以下代码：

 ＃app / controllers / application_controller.rb 
 before_action：check_subdomain 
 
 def check_subdomain 
除非request.subdomain == current_user .account.subdomain 
 redirect_to root_path，alert：您无权访问该子域。 
 end 
 end 
  

I'm using Devise for authentication in my Rails 3 app. The application uses PostgreSQL schemas and the Apartment gem to facilitate multi-tenancy.

Logging in and out of a specific subdomain is working great after an account is created. Users can only login on the subdomain for their specific account, which is great.

Here's where I'm running into issues...

A brand new user hits the sign up URL at:

http://foo.com/signup

By default, when they click submit, the new account is created, but the user is sent to:

http://foo.com/dashboard

Instead, I want them to go to:

http://myaccount.foo.com/dashboard

In order to achieve this, I overrode the after_sign_up_path_for method in my registrations_controller.rb file:

def after_sign_up_path_for(resource)
  root_url(:subdomain => resource.account.subdomain)
end

This works as intended--it loads the correct URL--but the user's session was created for the root domain (foo.com) instead of the subdomain, so the user is asked to sign in.

One suggestion I found is to change the config/initializers/session_store.rb to:

config.session_store :cookie_store, :key => '_domain_session', :domain => :all

But this allows anyone to login to an account on any subdomain, which obviously isn't cool.

Question: How can I ensure that the session created upon signup is valid for the subdomain that was created during the signup process

解决方案

You could use domain: :all option in your config.session_store and just have a before_action just as suggested by some in the comments.

So you'll still have the code in config/initializers/session_store.rb or in config/application.rb:

config.session_store :cookie_store, :key => '_domain_session', :domain => :all

Then in your application_controller add the following code:

#app/controllers/application_controller.rb
before_action :check_subdomain

def check_subdomain
  unless request.subdomain == current_user.account.subdomain
    redirect_to root_path, alert: "You are not authorized to access that subdomain."
  end
end

这篇关于在使用Rails和Devise注册后，将用户记录到子域中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！