[英]Rails: Completed 401 Unauthorized
我收到此錯誤,但我不知道為什么。 我專門排除CSRF檢查。 #webhook
方法即使在生產中也有效。 其他類似的問題與Devise有關,但我不在此控制器中使用Devise。
stripes_controller.rb
class StripesController < ApplicationController
Stripe.api_key = ENV['STRIPE_PRIVATE']
protect_from_forgery :except => [:webhook, :create]
def show
end
def create
# Amount in cents
@amount = params[:amount]
customer = Stripe::Customer.create(
:email => params[:stripeEmail],
:source => params[:stripeToken]
)
charge = Stripe::Charge.create(
:customer => customer.id,
:amount => @amount,
:description => 'Membership Fee',
:currency => 'usd'
)
render :show
rescue Stripe::CardError => e
flash[:error] = e.message
redirect_to stripe_path
end
routes.rb
resource :stripe do
Log
Started POST "/stripe/" for 127.0.0.1 at 2018-01-03 11:58:17 -0500
Processing by StripesController#create as HTML
Parameters: {"amount"=>"100", "stripeToken"=>"tok_1BgFZ2IYOmXNPhc121HxNtw0", "stripeEmail"=>"test@example.com"}
Rendering stripes/show.haml within layouts/application
Rendered stripes/show.haml within layouts/application (2.0ms)
User Load (3.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1], ["LIMIT", 1]]
(2.0ms) BEGIN
(1.0ms) COMMIT
Completed 401 Unauthorized in 3533ms (ActiveRecord: 6.0ms)
Started GET "/" for 127.0.0.1 at 2018-01-03 11:58:21 -0500
默認情況下,Rails是在:debug
日志級別上。 http://guides.rubyonrails.org/v5.0/debugging_rails_applications.html#log-levels
我可以通過設置來重現它
devise.rb
config.timeout_in = 1.minute # 8.hours
如果我已登錄並處於活動狀態,則可以正常工作,但是如果會話超時,則將導致此401問題。
這是來自瀏覽器的請求/響應。 它顯示成功和302響應,而不是401。但是在服務器控制台日志中顯示401。
POST /stripe/ HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Content-Length: 82
Cache-Control: max-age=0
Origin: http://localhost:3000
Content-Type: application/x-www-form-urlencoded
...
HTTP/1.1 302 Found
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: http://localhost:3000/
Content-Type: text/html; charset=utf-8
瀏覽器網絡日志中沒有一個401響應,即使使用Preserver Log也不按狀態排序。
Rails 5.0.2
我user_signed_in?
問題跟蹤到user_signed_in?
如Marek所建議。 該功能將暫停執行並發出302重定向,同時在服務器日志中打印401!
devise.rb
config.timeout_in = 1.minute # 8.hours
stripes_controller.rb
class StripesController < ApplicationController
layout false
show.haml
%h2 Thank you!
%p
Your payment of
%strong= number_to_currency(@amount.to_i * 0.01)
has been received.
- if user_signed_in?
Signed in
- else
Signed out
如果用戶已登錄,則該頁面將正常加載。 如果用戶的會話到期,則Devise將重定向並設置Flash消息 !
log
Started GET "/stripe" for 127.0.0.1 at 2018-01-03 14:39:08 -0500
Processing by StripesController#show as HTML
Rendering stripes/show.haml
User Load (22.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1], ["LIMIT", 1]]
(1.0ms) BEGIN
(2.0ms) COMMIT
Rendered stripes/show.haml (179.2ms)
Completed 401 Unauthorized in 399ms (ActiveRecord: 52.0ms)
Started GET "/stripe" for 127.0.0.1 at 2018-01-03 14:39:09 -0500
Processing by StripesController#show as HTML
Rendering stripes/show.haml
Rendered stripes/show.haml (2.0ms)
Completed 200 OK in 219ms (Views: 99.8ms | ActiveRecord: 0.0ms)
我無法找到一種方法來檢查用戶是否在未重定向的情況下登錄。
https://duckduckgo.com/?q=rails+devise+%22user_signed_in%22+stop+redirecting&ia=qa
user_signed_in?
搜索方法時,Devise API文檔中甚至都沒有! 我希望有一個可選的參數。
http://www.rubydoc.info/github/plataformatec/devise/Devise
所以我設置layout false
所以停止使用application.haml
包含user_signed_in?
。 我希望有更好的方法。
HTTP代碼401未經授權用於身份驗證( https://httpstatuses.com/401 )。 它與CSRF不相關。 在這種情況下,它將引發ActionController :: InvalidAuthenticityToken。
我很確定您的ApplicationController中有一個before_action,它需要用戶身份驗證(或者在routes.rb中,或者在nginx / Apache的配置中)。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.