Based on Devise documentation and other research, it appeared that several things needed to be done. First, one needs to create a membership id in the User table, and to add this parameter to the list of permitted parameters. Second, the log in form needs to be modified so that it includes the membership id only.
However, adding the membership id to the list of permitted parameters was only a partial solution. It would allow me to register the user using the membership id but when I would try to log the user in, I would get an authorization error.
Since Devise uses Warden for authorization and the default settings include email and password, the solution was to add another Warden strategy, so that the membership id would be recognized as a legitimate choice.
In
initializers directory I created a file named membership_strategy.rb:require 'devise/strategies/authenticatable'
module Devise
module Strategies
class Membershipid < Authenticatable
def valid?
true
end
def authenticate!
if !params[:user].nil?
auth_params = {}
auth_params[:membershipid] = params[:user][:membershipid]
resource = mapping.to.find_for_authentication(auth_params)
if validate(resource){ resource.find_for_database_authentication(auth_params) }
success!(resource)
else
fail!(:invalid)
end
end
end
end
end
end
Warden::Strategies.add(:membershipid, Devise::Strategies::Membershipid)
In initializers/devise.rb the following line needs to be appended to the beginning:config.warden do |manager| manager.default_strategies(:scope => :user).unshift :membershipid end
No comments :
Post a Comment