Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/sign_out route is returning 404 not found #713

Closed
dnlsandiego opened this issue Aug 27, 2016 · 7 comments
Closed

/sign_out route is returning 404 not found #713

dnlsandiego opened this issue Aug 27, 2016 · 7 comments

Comments

@dnlsandiego
Copy link

dnlsandiego commented Aug 27, 2016
edited
Loading

I currently have a Rails 5 app that's in API mode using this gem's version 0.1.37 and for some reason the /sign_out route is missing and is returning 404 not found but it's present when viewing the rake routes output. The /sign_in and all other routes work. This also happens even in a fresh Rails 5 app in API mode with the latest devise_token_auth gem and version 0.1.37. But in a fresh Rails 5 app that's not in API mode, the /sign_out route is there but returns Can't verify CSRF token authenticity.. Maybe 0.1.37 and the latest version is not compatible with the Rails 5 in API mode?

Routes definition:

namespace :v1 do
    mount_devise_token_auth_for 'User', at: 'auth'
    ...
end

Routes output:

            Prefix Verb   URI Pattern                         Controller#Action
        new_v1_user_session GET    /v1/auth/sign_in(.:format)          devise_token_auth/sessions#new
            v1_user_session POST   /v1/auth/sign_in(.:format)          devise_token_auth/sessions#create
    destroy_v1_user_session DELETE /v1/auth/sign_out(.:format)         devise_token_auth/sessions#destroy
           v1_user_password POST   /v1/auth/password(.:format)         devise_token_auth/passwords#create
       new_v1_user_password GET    /v1/auth/password/new(.:format)     devise_token_auth/passwords#new
      edit_v1_user_password GET    /v1/auth/password/edit(.:format)    devise_token_auth/passwords#edit
                            PATCH  /v1/auth/password(.:format)         devise_token_auth/passwords#update
                            PUT    /v1/auth/password(.:format)         devise_token_auth/passwords#update
cancel_v1_user_registration GET    /v1/auth/cancel(.:format)           devise_token_auth/registrations#cancel
       v1_user_registration POST   /v1/auth(.:format)                  devise_token_auth/registrations#create
   new_v1_user_registration GET    /v1/auth/sign_up(.:format)          devise_token_auth/registrations#new
  edit_v1_user_registration GET    /v1/auth/edit(.:format)             devise_token_auth/registrations#edit
                            PATCH  /v1/auth(.:format)                  devise_token_auth/registrations#update
                            PUT    /v1/auth(.:format)                  devise_token_auth/registrations#update
                            DELETE /v1/auth(.:format)                  devise_token_auth/registrations#destroy
       v1_user_confirmation POST   /v1/auth/confirmation(.:format)     devise_token_auth/confirmations#create
   new_v1_user_confirmation GET    /v1/auth/confirmation/new(.:format) devise_token_auth/confirmations#new
                            GET    /v1/auth/confirmation(.:format)     devise_token_auth/confirmations#show
     v1_auth_validate_token GET    /v1/auth/validate_token(.:format)   devise_token_auth/token_validations#validate_token

Is there something I'm missing in this setup? or might not be doing that's causing this issue? I can provide a repo that reproduces this issue if that will help.

P.S.
Thanks for this great gem!
@Valindo
Copy link

Valindo commented Dec 3, 2016

Did you find a solution? if yes, then please share it :D

@tomlobato
Copy link

I had the same issue and in my case the sign_out request was not sending the auth headers access-token, client, expiry, token-type and uid for sign_out (because of a bug in a tweak I needed to make in the client side). It makes this gem to respond with 404.
Once I`ve included these headers again, sign_out worked.

@Neithenn
Copy link

Thanks @tomlobato , I'm struggling with the same issue. Could you explain how did you pass those auth headers? I'm using ng-token-auth -> $auth.signOut() method.
Thanks

@bananatron
Copy link
Contributor

A test setup to illustrate how this works (to hopefully help some folks) looks something like:

rad_user = User.create!(# my user goods)

auth_headers = rad_user.create_new_auth_token
# ^ A nifty devise_token_auth thing to generate the props mentioned above (access-token, client, etc.)

delete '/api/auth/sign_out', {headers: auth_headers}

A simple delete '/api/auth/sign_out' with no headers won't work because we don't know what user we're working with.

@AmanRelan
Copy link

How did you @dnlsandiego solve this issue? I am using the same on an ios front end and getting
{"success":false,"errors":["User was not found or was not logged in."]}

@dkrusenstrahle
Copy link

I think this issue is due to devise_token_auth sending the logout request as GET but devise expects it as a DELETE method request. In normal Device gem this is configurable with the below code, can I do the same in this library?

config.sign_out_via = :get

@shohey1226
Copy link

From https://stackoverflow.com/questions/32507637/why-am-i-unable-to-sign-out-using-devise-token-auth-and-curl , I found the curl with -F (form) options works, so the below works for me.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@dkrusenstrahle @tomlobato @shohey1226 @bananatron @Valindo @Neithenn @dnlsandiego @AmanRelan