[英]Devise with Simple Token Authentication
i am using the following gem and devise now, since devise remove the support for token authentication. 我现在正在使用以下gem和devise,因为devise删除了对令牌认证的支持。 https://github.com/gonzalo-bulnes/simple_token_authentication
https://github.com/gonzalo-bulnes/simple_token_authentication
What i am missing here is that, I have all the configuration setup but when i hit http://localhost:3000/user/sign_in.json
using the RestConsole Tester on Google. 我在这里缺少的是,我有所有的配置设置,但是当我使用Google上的RestConsole Tester点击
http://localhost:3000/user/sign_in.json
。
I am getting the following error: 我收到以下错误:
ActionController::InvalidAuthenticityToken actionpack (4.0.2)
ActionController :: InvalidAuthenticityToken actionpack(4.0.2)
lib/action_controller/metal/request_forgery_protection.rb, line 163
lib / action_controller / metal / request_forgery_protection.rb,第163行
def initialize(controller) @controller = controller end def handle_unverified_request raise ActionController::InvalidAuthenticityToken end end end protected
Any ideas? 有任何想法吗?
Your POST is failing a CSRF token check. 您的POST未通过CSRF令牌检查。 You can validate this is the case by temporarily removing
protect_from_forgery
from your application_controller.rb
which should make this work. 您可以通过临时从
application_controller.rb
删除protect_from_forgery
来验证这种情况,这应该可以使其工作。
This article provides a solution for overriding that check on a specific controller, which should be safe for login requests. 本文提供了一种解决方法,用于覆盖对特定控制器的检查,这对于登录请求应该是安全的。
You could try this 你可以试试这个
Authenticate: 认证:
curl -H 'Content-Type: application/json' \\ -H 'Accept: application/json' \\ -X POST http://localhost:3000/users/sign_in \\ -d '{"user" : { "email" : "test@example.com", "password" : "password"}}' \\ -c cookie
Show: 节目:
curl -H 'Content-Type: application/json' \\ -H 'Accept: application/json' \\ -X GET http://localhost:3000/pages/1.xml \\ -b cookie
That works for me. 这对我行得通。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.