stackoom
  简体   繁体   中英

Rails Action Cable: How to authorize incoming connection?

 原文  2018-10-07 18:43:17       ruby-on-rails/ ruby-on-rails-5/ actioncable

Question

I am trying to implement authorization on the websocket connection (rails 5.2.1)

Following the rubyonrails guideline , I have created the connection.rb as follows:

# app/channels/application_cable/connection.rb 

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user

    def connect
      self.current_user = find_verified_user
    end

    private
      def find_verified_user
        if verified_user = User.find_by(id: cookies.encrypted[:user_id])
          verified_user
        else
          reject_unauthorized_connection
        end
      end
  end
end

Unfortunately, all the websocket connection requests are rejected. (I have figured out that cookies.encrypted[:user_id] is returning nil.) 

Started GET "/cable" for ::1 at 2018-10-07 21:33:46 +0300
Started GET "/cable/" [WebSocket] for ::1 at 2018-10-07 21:33:46 +0300
Successfully upgraded to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
  User Load (0.5ms)  SELECT  "users".* FROM "users" WHERE "users"."is_active" = $1 AND "users"."id" IS NULL LIMIT $2  [["is_active", true], ["LIMIT", 1]]
  ↳ app/channels/application_cable/connection.rb:12
An unauthorized connection attempt was rejected
Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
Finished "/cable/" [WebSocket] for ::1 at 2018-10-07 21:33:46 +0300
Finished "/cable/" [WebSocket] for ::1 at 2018-10-07 21:33:46 +0300

Would you please guide me how I can access current user info within app/channels/application_cable/connection.rb?

3 answers

solution1
 7 ACCPTED  2018-10-07 19:25:56

In order to get current_user from Devise, you need to change your connection.rb as follows:

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user

    def connect
      self.current_user = find_verified_user
      logger.add_tags 'ActionCable', current_user.email
    end

    protected

    def find_verified_user # this checks whether a user is authenticated with devise
      if verified_user = env['warden'].user
        verified_user
      else
        reject_unauthorized_connection
      end
    end
  end
end

solution2
 0  2020-03-18 10:12:42

I faced the exact problem. The way I solved it was by adding a cookie when the user signed in, through SessionsController < Devise::SessionsController . The code looks like this:

class Users::SessionsController < Devise::SessionsController
  # POST /resource/sign_in
  def create
    super
    cookies[:user_id] = current_user.id
  end
end

You can get the SessionsController from devise by running the code:

rails generate devise:controllers [scope]

In my case the scope was users.

solution3
 0  2020-06-03 15:37:28

Rails 6:

cookies.encrypted[:user_id]

Rails 5:

cookies.signed[:user_id]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rails Action Cable: Authorize the incoming connection from mobile devices how to create action cable connection in rails How to close connection in Action cable? Rails: Action Cable: How to authorize user to connect specific channel based on role? How to change ping interval in action cable rails How can I write unit tescase for action cable connection class in rails 6 Rails Devise Action Cable Rails 6 - Action Cable Issue Ruby on Rails 7 Action Cable Passenger with Rails Action cable
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM