stackoom
  简体   繁体   中英

Rails devise-jwt session storage

 原文  2020-08-21 20:33:13       ruby-on-rails/ devise/ jwt/ jwt-auth/ devise-jwt

Question

The devise-jwt gem documentation says that if session storage is enabled, you have to skip it for jwt auth. It says that you should set on devise.rb:

config.skip_session_storage = [:http_auth, :params_auth]

And you should disable:database_authenticatable. This part I quite don't understood. If in my User model, I remove:database_authenticatable, my route configured for login becomes unavailable:

ActionController::RoutingError (No route matches [POST] "/login"):

User.rb

class User < ApplicationRecord
  rolify role_join_table_name: 'public.user_roles'
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable

  # devise :database_authenticatable,
  devise :registerable,
         :recoverable,
         :rememberable,
         :validatable,
         :jwt_authenticatable,
         jwt_revocation_strategy: Devise::JWT::RevocationStrategies::Null
end

devise.rb 

config.skip_session_storage = %i[http_auth params_auth]

routes.rb

Rails.application.routes.draw do
  # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html

  devise_for :users, defaults: { format: :json },
                     path: '',
                     path_names: {
                       sign_in: 'login',
                       sign_out: 'logout',
                       registration: 'signup'
                     },
                     controllers: {
                       sessions: 'users/sessions',
                       registrations: 'users/registrations'
                     }
end

What should I do to keep session, but not for jwt auth?

1 answers

solution1
 1  2020-08-25 20:03:54

Well, after adapting the solution I found in this article https://blog.siliconjungles.io/devise-jwt-with-sessions-hybrid , here's the answer:

monkeypatch: config/initializers/warden/proxy.rb

module Warden
  class Proxy
    def user(_argument = {})
      if request.format.json?
        return nil
      end
    end
  end
end

And you must have separated routes for api auth and default behavior:

routes.rb

namespace :api do
    namespace :v1 do
      devise_scope :user do
        post 'auth/signup', to: 'registrations#create'
        post 'auth/signin', to: 'sessions#create'
        delete 'auth/signout', to: 'sessions#destroy'
      end
    end
  end

  devise_for :users

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question User authentication with Devise-jwt in Ruby On Rails as backend and Vuejs as frontend Rails devise-jwt gem is not updating jti in the user after login? Rails 6 - devise-jwt Blacklist revocation strategy not happening on sign out Issues when adding devise-jwt to a existente User model in Rails How to refresh a JWT token with devise-jwt Rails Devise-JWT, how to configure devise.rb to add a dispatch_requests How to use devise-jwt with devise for signin, signup and signout in rails api TypeError (no implicit conversion of nil into String) Rails devise-jwt gem on Production environment ROR: devise-jwt : how to call jwt_revoked? function? Can't get authentication to work with devise-jwt
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM