Overriding devise SessionsController destroy

DemianArdus picture DemianArdus · Oct 7, 2014 · Viewed 8.5k times · Source

I'm trying to override the destroy method from Devise's SessionsController, but I have had no success yet. I've already done it for the create method, but I don't know why it's not working for the destroy method.

This is my SessionsController:

module Api
  module V1
    class SessionsController < Devise::SessionsController
      skip_before_filter :verify_authenticity_token, if: :json_request?

      def create
        resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#failure")
        resource.update_token
        sign_in_and_redirect(resource_name, resource)
      end

      def sign_in_and_redirect(resource_or_scope, resource=nil)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
        resource ||= resource_or_scope
        sign_in(scope, resource) unless warden.user(scope) == resource
        return render :json => {:success => true}
      end

      # DELETE /resource/sign_out
      def destroy
        puts "DELETE /resource/sign_out"

        return render :json => {:success => true}
      end

      def failure
        return render :json => {:success => false, :errors => ["Login failed."]}
      end

      protected

      def json_request?
        request.format.json?
      end
    end
  end
end

If i use the following curl request, the create method works just fine:

curl -X POST -H "Accept: application/json"  -H "Content-Type: application/json" http://localhost:3000/users/sign_in -d '{"user":{"email":"[email protected]", "password":"TopTier2011"}}'

But when I use this:

curl -X DELETE -H "Accept: application/json"  -H "Content-Type: application/json" http://localhost:3000/users/sign_out

I get <html><body>You are being <a href="http://localhost:3000/">redirected</a>.</body></html> as the response, and the puts "DELETE /resource/sign_out" call never happens.

This is what I get in the Rails STDOUT output:

Started DELETE "/users/sign_out" for 127.0.0.1 at 2014-10-07 14:51:40 -0200
Processing by Api::V1::SessionsController#destroy as JSON
  Parameters: {"session"=>{}}
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
Redirected to http://localhost:3000/
Filter chain halted as :verify_signed_out_user rendered or redirected
Completed 302 Found in 278ms (ActiveRecord: 0.0ms)

Thank you and sorry for my English!

Answer

pragma picture pragma · Oct 7, 2014

You probably need to skip_before_action :verify_signed_out_user. Take a look at https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb line 4.