I have a Rails app (5.x) with Devise (4.6) and the next custom sessions controller:
class LoginController < Devise::SessionsController
# no before_actions
def create
# nothing
end
end
When I pass valid credentials with the HTTP request - Devise (or Warden) authenticates the user and creates a session O_o . But my custom LoginController#create action does nothing!
What I see in the logs:
? /home/.rvm/gems/ruby-2.5.5/gems/devise-4.6.2/lib/devise/models/trackable.rb:39
User Update (1.0ms) UPDATE `users` SET `current_sign_in_at` = '2021-01-22 17:09:21', `last_sign_in_at` = '2021-01-22 17:09:21', `current_sign_in_ip` = '127.0.0.1', `last_sign_in_ip` = '127.0.0.1', `sign_in_count` = 1, `updated_at` = '2021-01-22 17:09:21' WHERE `users`.`id` = 1282660
And after page refreshing I see that user is logged in.
I want to do an authentication not just by username/password, but also using the code parameter. How can I do it? Why Devise silently authenticates the user?
question from:
https://stackoverflow.com/questions/65849792/overridden-devise-sessions-controller-doesnt-work-and-devise-authenticates-the 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
