I have a new app that I am trying to setup with devise and devise-jwt. For some reason my authenticate_user! call is causing an error because sessions have been disabled:
{"status":500,"error":"Internal Server Error","exception":"ActionDispatch::Request::Session::DisabledSessionError: Your application has sessions disabled. To write to the session you must first configure a session store"
Routes:
Rails.application.routes.draw do
namespace :api do
namespace :v1 do
resources :clients, only: [:show]
devise_for :users,
controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations'
}
end
end
end
User
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable,
:jwt_authenticatable,
jwt_revocation_strategy: JwtDenylist
end
Controllers:
class API::V1::Users::SessionsController < Devise::SessionsController
respond_to :json
private
def respond_with(resource, _opts = {})
render json: { message: 'Logged.' }, status: :ok
end
def respond_to_on_destroy
current_user ? log_out_success : log_out_failure
end
def log_out_success
render json: { message: "Logged out." }, status: :ok
end
def log_out_failure
render json: { message: "Logged out failure."}, status: :unauthorized
end
end
class Api::V1::ClientsController < ApplicationController
before_action :authenticate_api_v1_user!
def show
end
end
What else do I need to do? When I make a request to http://localhost:3000/api/v1/clients/ID I'd expect the response to be:
=> <html><body>You are being <a href="http://localhost:3000/users/sign_in">redirected</a>.</body></html>%
rather than this 500 error.
Careful when enabling session on rails api_only. By default api-only application has session disabled.
By default Warden required session to store. U could simple add to devise.rb the option false to store.
Extra: For who that wants acess sidekiq web, those will have to enable session just for the sidekiq route for example.