Rails 3 - How can you get access to Devise's current_user in the IRB console?
Solution 1
current_user
is a property of the controller so after app.post('/sign_in', ...
you can call app.controller.current_user
in your rails console to get the User object
Solution 2
It might be possible that you are not really logging in. One thing to keep in mind is that Devise I build on top of Warden which is rack middleware.
I tried your app.post method of logging in on an app I'm working on that uses Devise. After posting to the login page and getting a 302 redirect the app.session
showed the warden user id.
>> app.session
{
"_csrf_token"=>"dT0/BqgLb84bnE+f1g...",
"warden.user.user.key"=>["User", [42843], "$2a$10$1OU.1BixIba..."],
"session_id"=>"0dd49c05ff4e6362c207c6eb877f86cd"
}
I was able to fetch the user like this:
>> current_user = User.find(app.session["warden.user.user.key"][1][0])
When I logged out and then tried logging in with a bad password I get a 200 and then the app.session is missing the warden user info and only contained the csrf token and session id like your example.
BTW: Once logged in app.controller.current_user
was nil even when the warden user id was in the session.
Related videos on Youtube
Don Leatham
I'm interested in security/identity and the technology to build secure applications and solutions. Not currently a programmer by trade, but have been tracking and experimenting with development technologies and methodologies since the 1990's. I've coded in Assembly, Pascal, C, C++, Java, Ruby, and recently Python.
Updated on June 05, 2022Comments
-
Don Leatham almost 2 years
I'm doing some design/debugging in IRB and need to login a user and then be able to use current_user in my efforts.
From Brian Deterling's answer to another question, I have been able to successfully login and access a page response with this sequence:
>> ApplicationController.allow_forgery_protection = false >> app.post('/sign_in', {"user"=>{"login"=>"some-login-id", "password"=>"some-password"}}) >> app.get '/some_other_path_that_only_works_if_logged_in' >> pp app.response.body
NOTE: If you get a 200 response you are not logged in. You need a 302 redirect to indicate a successful login. See Tim Santeford's answer.
I've been able to get session info:
1.9.3-p125 :009 > app.session => {"_csrf_token"=>"1yAn0jI4VWzUH84PNTH0lVhjpY98e9echQGS4=", "session_id"=>"89984667d30d0fec71f2a5cbb9017e24"}
I've tried everything I can think of to try to get to
current_user
viaapp
andapp.session
, but no luck. How can I getcurrent_user
? -
Don Leatham about 12 yearsI tried it and current_user is nil. When I do the login procedure described in the question, I get a 200 response and app.session returns the csrf_token, so I know I'm logged in OK. app.controller responds with pages and pages of data. But app.controller.current_user returns nil. I'm using Devise - are you?
-
Don Leatham about 12 yearsLooks like some mass assignment issue on app.post was causing my login to be unsuccessful (a 200 response is not a successful post in this case - very confusing.) Once I got a 302 response, then app.controller.current_user works. I would not have figured out the login issue without Tim Santeford's answer.
-
Don Leatham about 12 yearsTim - Thanks for pointing out the 200 vs 320 issue. I decided to choose Suguha's answer because of its simplicity, although I tested yours and it works also. Sorry I can't choose both.
-
Tim Santeford about 12 yearsNo problem. I didn't know you could login using the app object like this prior to your question so I learn something by answering.
-
Pierre about 12 yearsI guess it's because the 200 means the app renders the sign in form succesfully (along the flash message saying you cannot be identified).