使用Devise令牌登录,是内置的吗? [英] Using Devise tokens to log in, is this built in?
问题描述
所以,我试图用Devise(1.0.3版,Rails 2.3.8)使用令牌让用户登录,但我并不完全确定从哪里开始。
So, I'm trying to use tokens with Devise (version 1.0.3 with Rails 2.3.8) to let a user log in, but I'm not entirely sure where to begin.
http://zyphdesignco.com/blog / simple-auth-token-example-with-devise
上面的教程帮助我打开了令牌功能,并展示了如何生成(或删除)令牌...但是令牌的整个要点是使用它们来授权用户,是否正确?
The above tutorial helped me turn on the token functionality, and showed how to generate (or delete) tokens...but the whole POINT of tokens is to use them to authorize a user, correct?
当我在控制台中查看用户时,我可以说user.authentication_token,并得到一些如下所示的东西:Qm1ne93n_XkgmQTvxDmm,这是非常好的...但我从哪里去?
When I look at a user in the console, I can say user.authentication_token, and get something back like: "Qm1ne93n_XkgmQTvxDmm", which is all well and good...but where do I go from there?
我尝试了sign_in root使用以下命令行命令:
I tried hitting the sign_in root using the following command line command:
curl -dauthentication_token = Qm1ne93n_XkgmQTvxDmmlocalhost:3000 / users / sign_in
curl -d "authentication_token=Qm1ne93n_XkgmQTvxDmm" localhost:3000/users/sign_in
绝对没有成功登录。
在会话控制器中,我看到他们调用:
In the sessions controller, I see that they call:
authenticate(resource_name)
authenticate(resource_name)
我在ASSUMING是模块的某个位置:
Which I'm ASSUMING is somewhere in the module:
include Devise :: Controllers :: InternalHelpers
include Devise::Controllers::InternalHelpers
包括,但我不知道在哪里寻找(这绝对不在源的控制器文件夹中)。如果我可以看看验证是如何工作的,我可以看看它是否甚至在令牌上看起来...
which gets included, but I don't know where to look for that (it's definitely not in the source's controller folder). If I could look at how authenticate works, I could see if it even LOOKS at tokens...
DOES Devise可以让你真正使用令牌登录,或者只是有一个生成它们的框架?如果它允许您与他们登录...如何做到这一点?你不能使用卷曲(即它是否必须在浏览器中?如果是这样,我会自己滚动自己的解决方案,我需要非浏览器支持)。
DOES Devise let you actually log in with tokens, or does it just have a framework for generating them? If it does let you log in with them...HOW do you do this? Can you not use curl (i.e. does it have to be in a browser? If so, I'd hafta roll my own solution, I NEED non-browser support.). If it doesn't, how do I roll my own?
推荐答案
我的理解是可以使用令牌登录或者即使使用cURL也可以触发需要身份验证的任意页面。如果您查看 config / initializers / devise.rb
,应该有一行说明如下:
My understanding is that you can use the tokens to log in or to hit arbitrary pages that need authentication, even with cURL. If you look in config/initializers/devise.rb
, there should be a line that says something like:
config.token_authentication_key = :auth_token
code> token_authentication_key 应该与您在请求中作为查询或表单参数放置的内容相匹配。你在你的例子中使用了 authentication_token
,不知道你是否改变了devise.rb以匹配那个。
Whatever the name of the token_authentication_key
is should match what you put as the query or form parameter in your request. You used authentication_token
in your example, not sure if you changed devise.rb to match that or not.
如果你想弄清楚事情在内部的工作,我会尝试 git clone git://github.com/plataformatec/devise.git
并搜索你需要澄清的方法of。
If you want to figure out how things are working internally, I would try git clone git://github.com/plataformatec/devise.git
and search for the methods you need clarification of.
以下是一些示例cURL请求(我创建了一个自定义的Users :: SessionsController,扩展了Devise :: SessionsController,并覆盖了create方法来处理JSON。 p>
Here are some sample cURL requests (I made a custom Users::SessionsController that extends Devise::SessionsController and overrides the create method to handle JSON.)
class Users::SessionsController < Devise::SessionsController
def create
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_to do |format|
format.html do
respond_with resource, :location => redirect_location(resource_name, resource)
end
format.json do
render :json => { :response => 'ok', :auth_token => current_user.authentication_token }.to_json, :status => :ok
end
end
end
end
然后我给了cURL请求:
And then the cURL requests I gave:
curl -X POST 'http://localhost:3000/users/sign_in.json' -d 'user[email]=example@example.com&user[password]=password'
-> {"response":"ok","auth_token":"ABCDE0123456789"}
curl -L 'http://localhost:3000/profile?auth_token=ABCDE0123456789'
-> got page that I wanted that needs authentication
这篇关于使用Devise令牌登录,是内置的吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!