Little lost with multiple Accounts models

[jaahoo]

Hi,
I'd love it if someone could help me clarify a few things.
I want to separate the user account from the admin account through different tables and models.
I created config in rodauth_app.rb

  configure RodauthMain
  configure RodauthAdmin, :admin

  route do |r|
    # ...
    r.rodauth
    r.rodauth(:admin)
    #...

I created admin_account.rb model

class AdminAccount < ApplicationRecord
  # should be this?
  include Rodauth::Model
  # or this?
  include Rodauth::Model(:admin)
  # or this?
  include Rodauth::Model(RodauthApp.rodauth(:admin))
  enum :status, unverified: 1, verified: 2, closed: 3
end

It works with each type of include unless I add
rails_account_model AdminAccount to rodauth_admin.rb (should I even add it?)
rest of rodauth_admin.rb

class RodauthAdmin < Rodauth::Rails::Auth
  configure do

    # ... enable features ...
    rails_account_model AdminAccount

    methods.grep(/_table$/) do |table_method|
      public_send(table_method) { :"admin_#{super()}" }
    end

    prefix "/admin"
    session_key_prefix "admin_"
    # if using remember feature
    remember_cookie_key "_admin_remember"

    rails_controller { Admin::RodauthController }
    # ...
  end
end

My next question is shouldn't it be possible to be logged in to two accounts at the same time if they have separate session ids?
With single Account and account_type table approach if I log as Admin and then as User in same browser Admin account logout but I can at least log in again.
With multiple Account models (Account and AdminAccount) I can't even log in after User log in.
Do I need to change?

auth_class_eval do
      def account_ds(*)
         * ...
      end
end

Another interesting behavior.
If I go to user/login form but I don't log in and go to admin/login in another tab and log in as admin.
Now if I go back to user/login and try to log in I got Can't verify CSRF token authenticity. error

Sorry for the bunch of questions. I think I'm missing something but I don't know what =(

[janko]

Regarding the model mixin inclusion, your last suggestion should work, though rodauth-rails provides a shorthand, so

include Rodauth::Model(RodauthApp.rodauth(:admin))

can be written as

include Rodauth::Rails.model(:admin)

The latter is documented in the README 😉

---

Regarding the rails_account_model setting, by default it's inferred from the account table name, so in your case it's not needed. As explained in the README, you only need to set it when using a namespace for the account model.

Specifying it shouldn't hurt either, I'm not sure what breaks when you do it. Maybe a circular dependency issue, so using a block might fix it:

rails_account_model { AdminAccount }

---

With multiple Account models (Account and AdminAccount) I can't even log in after User log in.

You might be encountering Rodauth resetting the session on login and logout, which logs out any other Rodauth configurations logged in (since it clears the whole session). This is pure Rodauth, so I recommend asking about this use case on that repo.

If I go to user/login form but I don't log in and go to admin/login in another tab and log in as admin.
Now if I go back to user/login and try to log in I got Can't verify CSRF token authenticity.

This also sounds like it's caused by the session being reset, invalidating the CSRF token in the original tab. AFAIK, Rodauth does this to prevent Session Fixation attacks.

[jaahoo]

rails_account_model { AdminAccount }

thank you this works!

Funny I have problem with

rodauth.load_memory

Its prevents me from login as admin if I am log as user. Like it see I have remember user token and log it first idk

I also enabled active_sessions and strange thing happen when load_memory. If I log in as admin, key add to admin active_sessions table but also add in user active_sessions table! =)

[janko]

Funny I have problem with

rodauth.load_memory

Same thing as with login & logout, load_memory logs the user in via a remember token, which clears the whole session.

I also enabled active_sessions and strange thing happen when load_memory. If I log in as admin, key add to admin active_sessions table but also add in user active_sessions table! =)

Note sure what's the problem here 🤷🏻‍♂️