Devise ignoring custom strategy

Question

This is just plain weird.

I\'ve got Rails 3 RC running with Devise installed. I\'ve defined a custom strategy to try and use Kerberos for authentication.

Answer 1

I have run into a similar problem. After a short session of debugging I found out the reason. My user was not confirmed, so after initial successful signing in with my strategy, he was logged out by one of the following modules which is confirmable module :)

Btw, the easiest way to debug rails application is to use following code:

require 'ruby-debug'
Debugger.wait_connection = true
Debugger.start_remote
debugger

and then rdebug -c from terminal.

Answer 2

In case someone else comes across this, here's what I believe the problem is:

According to Warden Strategies:

valid?

The valid? method acts as a guard for the strategy. It’s optional to declare a valid? method, and if you don’t declare it, the strategy will always be run. If you do declare it though, the strategy will only be tried if #valid? evaluates to true.

The strategy above is reasoning that if there’s either a ‘username’ or a ‘password’ param, then the user is trying to login. If there’s only one of them, then the ‘User.authenticate’ call will fail, but it was still the desired (valid) strategy.

So your valid method:

def valid?
  params[:username] || params[:password]
end

It's returning false, so the authenticate! is never called. params is a nested hash, so it should be params[:user][:username] instead of params[:username].

Changing your valid method to:

def valid?
  params[:user] && (params[:user][:username] || params[:user][:password])
end

will return true and cause the authenticate! method to be called.