Devise Token Auth - How to access a protected route from the Rails console
Question
I'm using Angularjs, Rails, devise_token_auth, and ng-token-auth and I'm trying to log in a user from the console.
I don't know how to get the 302 that Tim Santeford mentions in this post.
Is this still applicable in Rails 4 or does a 200 response still mean I did not successfully sign in?
I do the post request mentioned by Brian Deterling and I get:
Started POST "/api/private/auth/sign_in" for 127.0.0.1 at 2016-03-30 13:36:44 -0500
Processing by DeviseTokenAuth::SessionsController#create as JSON
Parameters: {"email"=>"freud@iron.com", "password"=>"[FILTERED]"}
...
(9.9ms) COMMIT
Completed 200 OK in 361ms (Views: 0.4ms | ActiveRecord: 23.3ms)
=> 200
So it looks like I signed in successfully except for the 200 instead of the 302 response that Tim Santeford mentions.
Then, I do app.session and it looks like it works.
irb(main):026:0> app.session
=> #<ActionDispatch::Request::Session:0x007fe7a1898358 @by=#<ActionDispatch::Session::CookieStore:0x007fe79ed821f0
...
@delegate={"session_id"=>"4346eb0ee9fc8a8e95735d1e3f2adc28"}, @loaded=true, @exists=true>
Then, I do an app.controller.current_user and this looks like it works too.
irb(main):027:0> app.controller.current_user
=> #<User id: 233, provider: "email", uid: "freud@iron.com", encrypted_password: "$2a$10$v2fapiZCH5b5XN.ji57KgOJ0SJfVHzJByYPFpVCeU1j...", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, sign_in_count: 32, current_sign_in_at: "2016-03-30 18:36:44", last_sign_in_at: "2016-03-30 18:01:00", current_sign_in_ip: "127.0.0.1",
But when I enter a protected routed I get
irb(main):029:0> app.get('/api/private/rfqs')
Started GET "/api/private/rfqs" for 127.0.0.1 at 2016-03-30 14:11:21 -0500
Processing by Api::RfqsController#index as JSON
Filter chain halted as :authenticate_user! rendered or redirected
Completed 401 Unauthorized in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms)
=> 401
... and if after this request, I again do an app.session and app.controller.current_user I get
irb(main):030:0> app.session
=> #<ActionDispatch::Request::Session:0x7fe7a1213910 not yet loaded>
irb(main):031:0> app.controller.current_user
=> nil
Can someone please tell me why this is happening?
1 answers
solution1
2 ACCPTED 2016-03-30 19:31:50
First, you should know that Devise is no longer managing user's session. This why it is advised to use devise_token_auth . Also, since you are using devise_token_auth gem, the answer you refer is not a good candidate to provide you with help.
The error Filter chain halted as :authenticate_user! rendered or redirected Filter chain halted as :authenticate_user! rendered or redirected means you have to be logged in to run the Api::RfqsController#index controller action. When you signed in, you received in the headers the following information:
"access-token": "my-access-token",
"token-type": "Bearer",
"client": "my-client-id",
"expiry": "yyyyy",
"uid": "freud@iron.com"
In order to make app.get('/api/private/rfqs') works, you need to add in the query headers :
-
access-token -
uid -
token-type(value isBearer) -
client
I advise you to use Postman Software to test out your Rails API. It is more efficient than using the console.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.