stackoom
  简体   繁体   中英

EmberJS simpleauth with devise authorizer not sending token header

 原文  2015-03-18 18:29:14       ruby-on-rails/ ember.js/ devise/ ember-cli/ ember-simple-auth

Question

I can't figure out how to get ember-simple-auth with ember-simple-auth-devise authorizer (version 0.7.2 ) to append the token header to my backend requests.

Here is how my config/environment.js looks: 

  var ENV = {
    modulePrefix: 'frontend-app',
    environment: environment,
    baseURL: '/',
    locationType: 'auto',
    EmberENV: {
      FEATURES: {}
    },

    APP: {},

    'simple-auth': {
      authenticationRoute: 'sign-in',
      authorizer: 'simple-auth-authorizer:devise'
    }
  };

  if (environment === 'development') {
    // ENV.APP.LOG_RESOLVER = true;
    // ENV.APP.LOG_ACTIVE_GENERATION = true;
    ENV.APP.LOG_TRANSITIONS = true;
    // ENV.APP.LOG_TRANSITIONS_INTERNAL = true;
    // ENV.APP.LOG_VIEW_LOOKUPS = true;

    ENV.contentSecurityPolicy = {
      'font-src': "'self' http://fonts.gstatic.com",
      'style-src': "'self' 'unsafe-inline' http://fonts.googleapis.com",
      'connect-src': "'self' http://localhost:3000",
    };

    ENV['simple-auth-devise'] = {
      serverTokenEndpoint: "//localhost:3000/users/sign_in"
    };

    ENV.apiHost = "http://localhost:3000";
  }

I was able to get authentication working, I get a session object in my application. Here are the headers from a successful exchange with the session endpoint: 

POST /users/sign_in HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Content-Length: 63
Accept: application/json, text/javascript
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:4200/sign-in
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8

And the server responds with this session object: 

{"user_token":"eo2xxzYsQ6UifMKvoLMF","user_id":3,"user_email":"snip@snip.com","user_first_name":"Xavier","user_last_name":"Lange"}

But all subsequent requests don't set the header: 

GET /api/reports?user_id=3 HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Cache-Control: max-age=0
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Referer: http://localhost:4200/reports
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
If-None-Match: W/"8e1b98de900ac194a0bc3ef6e9dc7459"

Where I should expect 

Authorization: Token token="<token>", email="<email>"

to be in the headers sent to the backend. But it's not happening.

1 answers

solution1
 5 ACCPTED  2015-03-18 21:53:16

The issue was solved by checking the crossOriginWhitelist in development: 

  if (environment === 'development') {
    // ENV.APP.LOG_RESOLVER = true;
    // ENV.APP.LOG_ACTIVE_GENERATION = true;
    ENV.APP.LOG_TRANSITIONS = true;
    // ENV.APP.LOG_TRANSITIONS_INTERNAL = true;
    // ENV.APP.LOG_VIEW_LOOKUPS = true;

    ENV.contentSecurityPolicy = {
      'font-src': "'self' http://fonts.gstatic.com",
      'style-src': "'self' 'unsafe-inline' http://fonts.googleapis.com",
      'connect-src': "'self' http://localhost:3000",
    };

    ENV['simple-auth']['crossOriginWhitelist'] = ['http://localhost:3000'];
    ENV['simple-auth-devise']['serverTokenEndpoint'] = "//localhost:3000/users/sign_in"

    ENV.apiHost = "http://localhost:3000";
  }

Then I had to change simple-auth-devise to use email as the identification property (rails was having a hardtime parsing the Authorization header with authenticate_with_http_token : 

  var ENV = {
    modulePrefix: 'my-app',
    environment: environment,
    baseURL: '/',
    locationType: 'auto',
    EmberENV: {
      FEATURES: {
        // Here you can enable experimental features on an ember canary build
        // e.g. 'with-controller': true
      }
    },

    APP: {
      // Here you can pass flags/options to your application instance
      // when it is created
    },

    'simple-auth': {
      authenticationRoute: 'sign-in',
      authorizer: 'simple-auth-authorizer:devise'
    },

    'simple-auth-devise': {
      identificationAttributeName: 'email'
    }
  };

And my session serializer had to sync up with that attribute name: 

class SessionsController < Devise::SessionsController
  skip_before_action :authenticate_user_from_token!, only: [:create]

  def create
    respond_to do |format|
      format.json do
        self.resource = warden.authenticate!(auth_options)
        sign_in(resource_name, resource)
        data = {
          token: self.resource.authentication_token,
          user_id: self.resource.id,
          email: self.resource.email,
          user_first_name: self.resource.first_name,
          user_last_name: self.resource.last_name
        }
        render json: data, status: 201
      end
    end
  end
end

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rails + Devise HTTP header token devise_token_auth email sending issue Rails - devise with devise_token_auth not sending confirmation email authentication with emberjs and devise “Can't verify CSRF token authenticity” when testing emberjs/rails/devise app using qunit Sending unhashed Devise reset_password_token in custom email devise token auth - how to access response header info using javascript? Devise token auth not returning the Set-Cookie header on different domain Devise token auth skip update auth header on deleting user Devise and Devise Token Auth
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM