If, like me, and Ryan Bates, you like doing the important things yourself, so that if there are errors, they’re your errors, chances are you will want to create your Rails authentication from scratch yourself. Ryan of Railscasts has an excellent screencast about this.
I switched from Devise to this in a breeze, and then comes the customization. One of these is the all-important redirecting back to the funnel a user came from after they are done signing in, or up. This can actually be achieved very easily, following some
Devise conventions.
Say I have a CharitiesController, that I want to close to unauthenticated users. In line with Devise, I would do this to force them to authenticate:
class CharitiesController < ApplicationController before_filter :authenticate_user!, :except => [:show, :index]
And in my ApplicationController, given i have set the user sign in route to user_login, I can define a return point:
class ApplicationController < ActionController::Base def authenticate_user!(return_point = request.url) unless user_signed_in? set_return_point(return_point) redirect_to user_login_path end def return_point session[:return_point] ? session[:return_point] : root_path end end
And then, in my UserSessionsController, I can redirect the user back to the return point:
class UserSessionsController < ApplicationController def create user = User.find_by_email(params[:email]) if user and user.authenticate(params[:password]) session[:user_id] = user.id redirect_to return_point, :notice => "You are now signed in" end end [...]
Now, whenever a controller calls authenticate_user!, my ApplicationController will save the calling URL before redirecting to the login page, and by fetching return_point from the UserSessionsController, I can redirect them back to that page. I can even override it, such that I can send them wherever I want, should I so desire. Awesome!
