nongio-zz/CORS with Rails Devise

## CORS with Rails Devise
References:
http://blog.carbonfive.com/2012/02/27/supporting-cross-domain-ajax-in-rails-using-jsonp-and-cors/
https://github.com/cyu/rack-cors
http://nelm.io/blog/2011/11/cors-with-sencha-touch/
http://jessehowarth.com/2011/04/27/ajax-login-with-devise

=============================================================================================================
GEMFILE
=============================================================================================================
gem 'rack-cors', :require => 'rack/cors'

=============================================================================================================
config/application.rb
=============================================================================================================
# Ensure Rack::Cors to run before Warden::Manager used by Devise
config.middleware.insert_before Warden::Manager, Rack::Cors do
  allow do
    origins '*'
    resource '*',
    :headers => :any,
    :methods => [:get, :post, :options]
  end
end

=============================================================================================================
config/initializers/devise.rb
=============================================================================================================
config.http_authenticatable_on_xhr = false
config.navigational_formats = ["*/*", :html, :json]

=============================================================================================================
Custom Devise Sessions Controller: app/controllers/sessions_controller.rb
=============================================================================================================
class SessionsController < Devise::SessionsController

  def create
    if request.xhr?
      resource = warden.authenticate!(:scope => resource_name, :recall => "sessions#failure")
      return sign_in_and_redirect(resource_name, resource)
    else
      super
    end
  end

  def sign_in_and_redirect(resource_or_scope, resource=nil)
    scope = Devise::Mapping.find_scope!(resource_or_scope)
    resource ||= resource_or_scope
    sign_in(scope, resource) unless warden.user(scope) == resource
    return render :json => {:success => true, :redirect => stored_location_for(scope) ||
    after_sign_in_path_for(resource)}
  end

  def failure
    return render:json => {:success => false, :errors => ["Login failed."]}
  end

end

=============================================================================================================
Custom Devise Sessions Controller: config/routes.rb
=============================================================================================================
devise_for :users, :controllers => {:sessions => 'sessions'}
	References:
	http://blog.carbonfive.com/2012/02/27/supporting-cross-domain-ajax-in-rails-using-jsonp-and-cors/
	https://github.com/cyu/rack-cors
	http://nelm.io/blog/2011/11/cors-with-sencha-touch/
	http://jessehowarth.com/2011/04/27/ajax-login-with-devise

	=============================================================================================================
	GEMFILE
	=============================================================================================================
	gem 'rack-cors', :require => 'rack/cors'

	=============================================================================================================
	config/application.rb
	=============================================================================================================
	# Ensure Rack::Cors to run before Warden::Manager used by Devise
	config.middleware.insert_before Warden::Manager, Rack::Cors do
	allow do
	origins '*'
	resource '*',
	:headers => :any,
	:methods => [:get, :post, :options]
	end
	end

	=============================================================================================================
	config/initializers/devise.rb
	=============================================================================================================
	config.http_authenticatable_on_xhr = false
	config.navigational_formats = ["/", :html, :json]

	=============================================================================================================
	Custom Devise Sessions Controller: app/controllers/sessions_controller.rb
	=============================================================================================================
	class SessionsController < Devise::SessionsController

	def create
	if request.xhr?
	resource = warden.authenticate!(:scope => resource_name, :recall => "sessions#failure")
	return sign_in_and_redirect(resource_name, resource)
	else
	super
	end
	end

	def sign_in_and_redirect(resource_or_scope, resource=nil)
	scope = Devise::Mapping.find_scope!(resource_or_scope)
	resource \|\|= resource_or_scope
	sign_in(scope, resource) unless warden.user(scope) == resource
	return render :json => {:success => true, :redirect => stored_location_for(scope) \|\|
	after_sign_in_path_for(resource)}
	end

	def failure
	return render:json => {:success => false, :errors => ["Login failed."]}
	end

	end

	=============================================================================================================
	Custom Devise Sessions Controller: config/routes.rb
	=============================================================================================================
	devise_for :users, :controllers => {:sessions => 'sessions'}