stackoom
  简体   繁体   中英

Token authentication with Rails and Devise

 原文  2012-03-09 21:12:49       ruby-on-rails/ ruby-on-rails-3/ authentication/ devise

Question

I'm following this excellent article to setup the authentification part of my rails (3.2) API:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/

I have done the following step:

-Added devise to Gemfile

-Enabled devise for the user model and ran the migrations required

-My user model is 

class User < ActiveRecord::Base
  devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
  devise :token_authenticatable

  attr_accessible :email, :authentication_token, :password, :password_confirmation, :remember_me
end

as well as the token_authenticable in Database (via a migration).

-Subclassed the RegistrationController with: 

class RegistrationsController < Devise::RegistrationsController
  def new
    super
  end

  def create
    resource = warden.authenticate!(:scope => resource_name, :recall => " {controller_path}#new")
    sign_in(resource_name, resource)
    current_user.reset_authentication_token!
    respond_with resource, :location => after_sign_in_path_for(resource)
  end

  def update
    super
  end
end

-In routes.rb, I have: 

devise_for :users, :controllers => {:registrations => "registrations"}

USER CREATION

I'd like the following request to create a user and to send back the authentification_token: 

curl -H "Accept: application/json" -H "Content-type: application/json"  -X POST -d '{"user":{"email":"email@gmail.com", "password":"pass"}}' 'http://localhost:3000/users.json

My understanding is that the logic should go in the "create" method of the registration controller (that should create the user and log him in at the same time). I think I should be wrong as the message I got in return is: 

{"error":"You need to sign in or sign up before continuing."}

What is the missing piece to have the new user created and logged ? Isn't POST to users.json mapped to RegistrationController#create ?

USER LOGIN

Also, I'd like the following request to log a user in (sending him back his authentification_token once the login / password have been checked) 

curl -H "Accept: application/json" -H "Content-type: application/json"  -X GET -d '{"user":{"email":"email@gmail.com","password":"pass"}}' 'http://localhost:3000/users.json

I guess the logic should go in the "update" method of RegistrationController but not 100% sure about that. Once the login is done I will then add the token authentification to protect the creation / view of some other models.

UPDATE

When I issue: 

curl -H "Accept: application/json" -H "Content-type: application/json"  -X POST -d '{"user":{"email":"email@gmail.com", "password": "mypass", "phone":"1234567890"}}' 'http://localhost:3000/users.json'

I got the following message: 

Started POST "/users.json" for 127.0.0.1 at 2012-03-11 20:50:05 +0100
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"email@gmail.com", , "password"=>"[FILTERED]", "phone"=>"1234567890"}, "registration"=>{"user"=>{"email"=>"email@gmail.com", "password"=>"[FILTERED]", "phone"=>"1234567890"}, "action"=>"create", "controller"=>"registrations", "format"=>"json"}}
WARNING: Can't verify CSRF token authenticity
Completed 401 Unauthorized in 1ms

Any ideas why the user is not created and signed in and why no authentication_token is returned ?

2 answers

solution1
 10 ACCPTED  2012-03-12 11:38:22

It's my fault, I'll update the blog post. You need to add the following code to create the user in you registration controller 

if params[:api_key].blank? or params[:api_key] != API_KEY
  render :json => {'errors'=>{'api_key' => 'Invalid'}}.to_json, :status => 401
  return
end
build_resource
if resource.save
   sign_in(resource)
   resource.reset_authentication_token!
   #rabl template with authentication token
   render :template => '/devise/registrations/signed_up' 
else
   render :template => '/devise/registrations/new' #rabl template with errors 
end

Let me know if you face any problem?

solution2
 0  2012-06-13 03:28:50

Regarding Luc's question, that's my understanding as well.

For example, using default non-API login, SessionsController.create handles the login. How do I retrieve the authentication_token and reuse it as part of the API calls later? Also, how do I override the SessionsController.create to call resource.reset_authentication_token! ?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access Token Authentication w/ Devise, Omniauth & Rails Rails Devise find user by authentication token Rails api gem and devise token authentication Rails Devise/Token authentication: redirect if token wrong or missing Rails 5 Api Only - Devise - react - simple_token_authentication Rails file download not working in JSON API with devise token authentication Rails Devise Token Auth authentication without using email Rails Dynamic Controller Authentication (Devise + Cookie or Token + Headers) Rails, devise: how to replace previous login via token authentication rails devise simple authentication token getting 403 forbbiden
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM