通过 http 标头传递真实性令牌 [英] Pass Authenticity token through http header
问题描述
我有一个使用令牌来验证用户身份的 rails 应用程序.目前我将令牌作为参数传递.我想改变这一点.我相信可以通过 html 标头传递它.我不明白如何使用 authenticate_or_request_with_http_token do |token, options|
.我的 rails 应用程序实际上是我的 iphone 客户端的服务器.我不明白的是:
I have a rails application that uses a token to authenticate the user. Currently I am passing the token as params. I would like to change this. I believe it is possible to pass it through html header. I dont understand how to use authenticate_or_request_with_http_token do |token, options|
.
My rails app is actually a server for my iphone client. I things I dont understand are:
我知道
options
是随机数,但是如何在我的客户端和服务器之间运行?
I know
options
is nonce but how will that work out between my client and server?
我如何在我的服务器代码中实际使用它.
How do I actually use this in my server code.
我可以使用 authenticate_or_request_with_http_token do |token, options|
来检查标头中的令牌,但如何在成功创建会话后将其插入标头.
I can use authenticate_or_request_with_http_token do |token, options|
to check for token in the the header but how do I insert it into the header once a session is created successfully.
这是我的服务器会话控制器:
Here is my server Sessions Controller:
def create
if @user && @user.authenticate(params[:password])
# @token = @user.auth_token
@user.auth_token = SecureRandom.hex
@user.save
respond_to do |format|
format.json {render :json => {:status => "200", :message => "Logged in successfully", :auth_token => @user.auth_token}}
end
else
respond_to do |format|
format.json {render :json => {:status => "401", :message => "wrong credentials"}}
end
end
end
def destroy
if(@user)
@user.auth_token = ""
@user.save
respond_to do |format|
format.json {render :json => {:status => "200", :message => "logged out successfully"}}
end
else
respond_to do |format|
format.json {render :json => {:status => "401", :message => "No User"}}
end
end
end
def user
@user = User.find_by_auth_token(params[:auth_token])
end
推荐答案
使用 response.headers
设置自定义标头.
to set custom headers you use response.headers
.
类似的东西
response.headers["X-AUTH-TOKEN"] = auth_token
应该工作..阅读您使用的标题
should work.. to read the header you use
request.headers["X-AUTH-TOKEN"]
命名中的 X-
是一个很好的实践约定,所有自定义标头都应该在前面有一个 X-
.
the X-
in the naming is a good practice convention, all custom headers should have an X-
in front.
这篇关于通过 http 标头传递真实性令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!