2

I'm trying to create an API and for one of my actions I'm restricting it to just admins. To do this, I'm using a before_filter that goes like this:

def authorize_admin!
  if !@current_user.admin?
    error = { :error => "You must be an admin to do that." }
    render params[:format].to_sym => error, :status => 401
  end
end

The problem is that when we send back a 401 response, the error is transformed into:

"{\"error\":\"You need to sign in or sign up before continuing.\"}"

This is the response that Devise sends back for when you send a 401 response.

Is there a way that I can turn off this functionality?

Ryan Bigg
  • 106,965
  • 23
  • 235
  • 261

2 Answers2

4

What is the Devise version? This wiki page suggests that it should work on 1.2.

https://github.com/plataformatec/devise/wiki/How-To:-Provide-a-custom-failure-response-with-Warden

Heikki
  • 15,329
  • 2
  • 54
  • 49
  • That could be it. I am using 1.1.5. – Ryan Bigg Jan 21 '11 at 09:07
  • And to the victor go the spoils. Thank you. Works like a charm on 1.2. – Ryan Bigg Jan 21 '11 at 09:29
  • @Heikki that page is gone? do you know where I could find a new link? – baash05 May 24 '12 at 04:56
  • I think the same info is on the page mentioned in the other answer. "Notice that since Devise 1.2, it won’t automatically intercept 401 by default, so you don’t need to call warden.custom_failure! as above." https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication – Heikki Jun 12 '12 at 21:43
0

I think that this page from the Devise wiki can help you. How To Use HTTP Authentication in Devise

rxgx
  • 5,089
  • 2
  • 35
  • 43
Fran
  • 1,073
  • 10
  • 19