The acts_as_tenant gem works really well. No problems saving and retrieving data for multiple tenants. However, I ran into a challenge when I access my dev site without the subdomain.
THE PROBLEM: IF I don’t specify a subdomain, users from any tenant can still login.
Example – a user for cheese.lvh.me:3000 would not be able to log into and access data from bacon.lvh.me:3000 (and vice versa). BUT both cheese and bacon users can log into lvh.me:3000. Once logged in, the tenant scope does not apply anymore so all new inserts get a NULL account_id.
I’D LIKE TO: Prevent user login if subdomain is NOT specified.
I’m using M.Hartl’s user login method from the popular railstutorial.org.
def create
user = User.find_by_email(params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
flash[:success] = "Welcome user!"
redirect_to users_path
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
Would appreciate any advice.
The easiest way I can think of would be to wrap the routes you don’t want accessed without a subdomain in a subdomain constraint:
This
SubdomainRequiredconstant is best, I think, defined within thelib/constraintsdirectory of your application, in a file named after the class (lib/constraints/subdomain_required.rb):Then it’s simply a matter of requiring this constraint at the top of your routes file:
If the subdomain is present with this, then the route will be found. If the request is not made with a subdomain then it will not be found.