使用简单令牌认证进行设计

Question

i am using the following gem and devise now, since devise remove the support for token authentication. https://github.com/gonzalo-bulnes/simple_token_authentication

What i am missing here is that, I have all the configuration setup but when i hit http://localhost:3000/user/sign_in.json using the RestConsole Tester on Google.

I am getting the following error:

ActionController::InvalidAuthenticityToken at /users/sign_in.json

ActionController::InvalidAuthenticityToken actionpack (4.0.2)

lib/action_controller/metal/request_forgery_protection.rb, line 163

  def initialize(controller) @controller = controller end def handle_unverified_request raise ActionController::InvalidAuthenticityToken end end end protected 

Any ideas?

Answer 1

Your POST is failing a CSRF token check. You can validate this is the case by temporarily removing protect_from_forgery from your application_controller.rb which should make this work.

This article provides a solution for overriding that check on a specific controller, which should be safe for login requests.

Answer 2

You could try this

Authenticate:

curl -H 'Content-Type: application/json' \\ -H 'Accept: application/json' \\ -X POST http://localhost:3000/users/sign_in \\ -d '{"user" : { "email" : "test@example.com", "password" : "password"}}' \\ -c cookie

Show:

curl -H 'Content-Type: application/json' \\ -H 'Accept: application/json' \\ -X GET http://localhost:3000/pages/1.xml \\ -b cookie

That works for me.