使用 Rails 和 Devise 进行令牌认证 [英] Token authentication with Rails and Devise
问题描述
我正在关注这篇优秀的文章来设置我的 rails (3.2) API 的身份验证部分:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/
I'm following this excellent article to setup the authentification part of my rails (3.2) API:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/
我已经完成了以下步骤:
I have done the following step:
-将设计添加到 Gemfile
-Added devise to Gemfile
-为用户模型启用设计并运行所需的迁移
-Enabled devise for the user model and ran the migrations required
-我的用户模型是
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
devise :token_authenticatable
attr_accessible :email, :authentication_token, :password, :password_confirmation, :remember_me
end
以及数据库中的 token_authenticable(通过迁移).
as well as the token_authenticable in Database (via a migration).
-将 RegistrationController 子类化为:
-Subclassed the RegistrationController with:
class RegistrationsController < Devise::RegistrationsController
def new
super
end
def create
resource = warden.authenticate!(:scope => resource_name, :recall => " {controller_path}#new")
sign_in(resource_name, resource)
current_user.reset_authentication_token!
respond_with resource, :location => after_sign_in_path_for(resource)
end
def update
super
end
end
-在 routes.rb 中,我有:
-In routes.rb, I have:
devise_for :users, :controllers => {:registrations => "registrations"}
用户创建
我需要以下请求来创建用户并发回 authentification_token:
I'd like the following request to create a user and to send back the authentification_token:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"email@gmail.com", "password":"pass"}}' 'http://localhost:3000/users.json
我的理解是逻辑应该在注册控制器的创建"方法中(应该创建用户并同时登录他).我想我应该是错的,因为我得到的信息是:
My understanding is that the logic should go in the "create" method of the registration controller (that should create the user and log him in at the same time). I think I should be wrong as the message I got in return is:
{"error":"You need to sign in or sign up before continuing."}
创建和登录新用户的缺失部分是什么?POST 到 users.json 不是映射到 RegistrationController#create 吗?
What is the missing piece to have the new user created and logged ? Isn't POST to users.json mapped to RegistrationController#create ?
用户登录
另外,我想要以下请求来登录用户(一旦检查了登录名/密码,就将他的 authentification_token 发回给他)
Also, I'd like the following request to log a user in (sending him back his authentification_token once the login / password have been checked)
curl -H "Accept: application/json" -H "Content-type: application/json" -X GET -d '{"user":{"email":"email@gmail.com","password":"pass"}}' 'http://localhost:3000/users.json
我想逻辑应该在 RegistrationController 的更新"方法中,但不是 100% 确定.登录完成后,我将添加令牌身份验证以保护其他一些模型的创建/查看.
I guess the logic should go in the "update" method of RegistrationController but not 100% sure about that. Once the login is done I will then add the token authentification to protect the creation / view of some other models.
更新
当我发出:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"email@gmail.com", "password": "mypass", "phone":"1234567890"}}' 'http://localhost:3000/users.json'
我收到以下消息:
Started POST "/users.json" for 127.0.0.1 at 2012-03-11 20:50:05 +0100
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"email@gmail.com", , "password"=>"[FILTERED]", "phone"=>"1234567890"}, "registration"=>{"user"=>{"email"=>"email@gmail.com", "password"=>"[FILTERED]", "phone"=>"1234567890"}, "action"=>"create", "controller"=>"registrations", "format"=>"json"}}
WARNING: Can't verify CSRF token authenticity
Completed 401 Unauthorized in 1ms
为什么没有创建和登录用户以及为什么没有返回 authentication_token 的任何想法?
Any ideas why the user is not created and signed in and why no authentication_token is returned ?
推荐答案
是我的错,我会更新博文.您需要添加以下代码以在您的注册控制器中创建用户
It's my fault, I'll update the blog post. You need to add the following code to create the user in you registration controller
if params[:api_key].blank? or params[:api_key] != API_KEY
render :json => {'errors'=>{'api_key' => 'Invalid'}}.to_json, :status => 401
return
end
build_resource
if resource.save
sign_in(resource)
resource.reset_authentication_token!
#rabl template with authentication token
render :template => '/devise/registrations/signed_up'
else
render :template => '/devise/registrations/new' #rabl template with errors
end
如果您遇到任何问题,请告诉我?
Let me know if you face any problem?
这篇关于使用 Rails 和 Devise 进行令牌认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!