使用Rails和Devise进行令牌认证
[英]Token authentication with Rails and Devise
问题描述
I'm following this excellent article to setup the authentification part of my rails (3.2) API: 
我正在按照这篇优秀文章来设置我的rails(3.2)API的身份验证部分:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/ http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/
I have done the following step: 我做了以下步骤:
-Added devise to Gemfile - 增加了对Gemfile的设计
-Enabled devise for the user model and ran the migrations required -Enabled设计用户模型并运行所需的迁移
-My user model is - 我的用户模型是
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
devise :token_authenticatable
attr_accessible :email, :authentication_token, :password, :password_confirmation, :remember_me
end
as well as the token_authenticable in Database (via a migration). 以及数据库中的token_authenticable(通过迁移)。
-Subclassed the RegistrationController with: -Subclassed RegistrationController:
class RegistrationsController < Devise::RegistrationsController
def new
super
end
def create
resource = warden.authenticate!(:scope => resource_name, :recall => " {controller_path}#new")
sign_in(resource_name, resource)
current_user.reset_authentication_token!
respond_with resource, :location => after_sign_in_path_for(resource)
end
def update
super
end
end
-In routes.rb, I have: - 在routes.rb中,我有:
devise_for :users, :controllers => {:registrations => "registrations"}
USER CREATION 用户创建
I'd like the following request to create a user and to send back the authentification_token: 我想要以下请求来创建用户并发送回authentification_token:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"email@gmail.com", "password":"pass"}}' 'http://localhost:3000/users.json
My understanding is that the logic should go in the "create" method of the registration controller (that should create the user and log him in at the same time). 我的理解是逻辑应该进入注册控制器的“创建”方法(应该创建用户并同时登录)。 I think I should be wrong as the message I got in return is: 我想我应该是错的,因为我得到的回信是:
{"error":"You need to sign in or sign up before continuing."}
What is the missing piece to have the new user created and logged ? 创建和记录新用户的缺失是什么? Isn't POST to users.json mapped to RegistrationController#create ? 是不是POST到users.json映射到RegistrationController #create?
USER LOGIN 用户登录
Also, I'd like the following request to log a user in (sending him back his authentification_token once the login / password have been checked) 此外,我希望以下请求记录用户(一旦检查登录/密码,将他的authentification_token发回给他)
curl -H "Accept: application/json" -H "Content-type: application/json" -X GET -d '{"user":{"email":"email@gmail.com","password":"pass"}}' 'http://localhost:3000/users.json
I guess the logic should go in the "update" method of RegistrationController but not 100% sure about that. 我想逻辑应该在RegistrationController的“更新”方法中,但不是100%肯定。 Once the login is done I will then add the token authentification to protect the creation / view of some other models. 登录完成后,我将添加令牌验证以保护其他一些模型的创建/查看。
UPDATE UPDATE
When I issue: 当我发出:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"email@gmail.com", "password": "mypass", "phone":"1234567890"}}' 'http://localhost:3000/users.json'
I got the following message: 我收到以下消息:
Started POST "/users.json" for 127.0.0.1 at 2012-03-11 20:50:05 +0100
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"email@gmail.com", , "password"=>"[FILTERED]", "phone"=>"1234567890"}, "registration"=>{"user"=>{"email"=>"email@gmail.com", "password"=>"[FILTERED]", "phone"=>"1234567890"}, "action"=>"create", "controller"=>"registrations", "format"=>"json"}}
WARNING: Can't verify CSRF token authenticity
Completed 401 Unauthorized in 1ms
Any ideas why the user is not created and signed in and why no authentication_token is returned ? 没有创建和登录用户的原因以及为什么没有返回authentication_token?
2 个解决方案
解决方案1
10 已采纳 2012-03-12 11:38:22
It's my fault, I'll update the blog post. 这是我的错,我会更新博客文章。 You need to add the following code to create the user in you registration controller 您需要添加以下代码以在注册控制器中创建用户
if params[:api_key].blank? or params[:api_key] != API_KEY
render :json => {'errors'=>{'api_key' => 'Invalid'}}.to_json, :status => 401
return
end
build_resource
if resource.save
sign_in(resource)
resource.reset_authentication_token!
#rabl template with authentication token
render :template => '/devise/registrations/signed_up'
else
render :template => '/devise/registrations/new' #rabl template with errors
end
Let me know if you face any problem? 如果您遇到任何问题,请告诉我?
解决方案2
0 2012-06-13 03:28:50
Regarding Luc's question, that's my understanding as well. 关于吕克的问题,这也是我的理解。
For example, using default non-API login, SessionsController.create handles the login. 例如,使用默认的非API登录, SessionsController.create处理登录。 How do I retrieve the authentication_token and reuse it as part of the API calls later? 如何检索authentication_token并在以后将其作为API调用的一部分重用? Also, how do I override the SessionsController.create to call resource.reset_authentication_token! 另外,如何覆盖SessionsController.create以调用resource.reset_authentication_token! ? ?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.