3

I'm trying to login an user using Angular instead of regular login (which works atm). Here's my authenticate method:

def authenticate
  authenticate_or_request_with_http_token do |token, options|
    User.find_by(:auth_token => token)
  end
end

Here's my controller:

  if user && user.authenticate(params[:session][:password])
     sign_in user
     user.update_attribute(:last_login, DateTime.now)
  if user.admin?
    redirect_to admin_path
  else
    redirect_to user
  end
  else
    redirect_to signin_path, notice: "Invalid email/password combination"
  end

This works fine with a Rails based login (no Angular or Ajax).

Now, when I try to implement Angular login (basic for the moment):

$http.post('/api/signin', $scope.user).success(function (data) {
  console.log(data);
});

I get the error Invalid email/password combination. I'm assuming is to with CSRF token, which is not passed via Angular $http but I'm using protect_from_forgery with: :null_session in the sessions controller.

Other point that is I haven't added csrf_meta_tags in my Angular html. Would I need to? And how would it render if the html is not served by rails?

What am I missing here?

Improve this question
1
  • Please provide lines from log/development.log (or log/production.log), related to this request from Angular. Commented Aug 2, 2015 at 14:17

1 Answer 1

Reset to default
1

It would be better if you return a json from rails, saying if user is authenticated, then check this on angular

# rails controller
if user && user.authenticate(params[:session][:password])
 sign_in user
 user.update_attribute(:last_login, DateTime.now)
 render json: user
else
 render json: { error: "Invalid email/password combination" }
end

# angular
$http.post('/api/signin', $scope.user).success(function (data) {
  if (data.error) {
   // invalid login
  } else {
   // logged in
  }
});

something like that. Any redirect_to wouldn't work because you are nothing rendering html from rails.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.