Is it possible to do Devise sign in, out, etc without any redirection whatsover?

Question

I'm using Devise, but not using the Devise controllers directly because I'm performing all of the actions through a custom built GraphQL API. One issue I have, for example, is that after enabling confirmable, if a user tries to sign in and I call Devise::Controllers::Helpers#sign_in the user gets redirected to /api/v1/users/sign_in, which doesn't exist and it would be wrong even if it exist. Instead, I need the failure to sign in to be returned back to my code (return value, exception, whatever), so that my API can encode that response to the frontend.

How can I do that?

For example, this is my log in function:

def resolve(email:, password:)
  user = User.find_for_authentication(email: email)
  if user&.valid_password?(password)
    context[:sign_in].call(user)
    { current_user: user }
  else
    { errors: [{ message: 'Email or password incorrect.' }] }
  end
end

context[:sign_in] is set up in the GraphqlController by including Devise::Controllers::Helpers and then simply:

context = {
  current_user: current_user,
  sign_in: method(:sign_in),
  sign_out: method(:sign_out)
}

Note: I am not using GraphqlDevise because I don't want to use Devise Token Auth, I'm using cookies.

Haven't had the chance to play with graphql yet, but I found this gem https://github.com/graphql-devise/graphql_devise — Int'l Man Of Coding Mystery, Mar 11 '20 at 08:30

score 0 · Answer 1 · answered Mar 11 '20 at 18:07

I believe passing devise's sign_in/sign_out methods via context is probably a deadend.

The suggestion in the comment to your question from @Int'l Man Of Coding Mystery is good ie you could use: https://github.com/graphql-devise/graphql_devise.

If you're not keen in introducing another dependency and figuring out how to wire everything you can perhaps go with overriding devise's SessionController. See for some examples here: Rails - How to override devise SessionsController to perform specific tasks when user signs in? (but also don't hesitate to look at the source code for the matching Devise release: https://github.com/heartcombo/devise/blob/master/app/controllers/devise/sessions_controller.rb)

Depending on your use case you might be even able to do what you need by using some of the config options - e.g. you can perhaps try to override after_sign_in_path etc.

I have no problem with introducing another dependency, but I'm not interested in Devise Token Auth, which is why I'm not using that gem. — Marta Silva, Mar 11 '20 at 20:25

Is it possible to do Devise sign in, out, etc without any redirection whatsover?

1 Answers1