如何避免Devise从引擎内部进行身份验证? [英] How can I avoid Devise from requires authentication from within an engine?
问题描述
我已经使用http_basic_authenticate_with构建了一个API(对于PABX),当我添加
before_action:authenticate_user时,它的工作正常。 ,除了[:method_name] 给我的控制器。我这样做,因为除了:[:method_name] 不需要在Devise上记录用户会话,我只想使用这些API控制器的基本验证。 config / routes.rb (主应用程序)
范围模块:'api'do
范围模块:'pabx'do
scope'/ api / pabx'do
get '/ accounts / phone_number /:phone_number',到:'accounts#phone_number'
end
end
end
controllers / api / pabx / accounts_controller.rb (主应用程序)
< pre class =lang-ruby prettyprint-override>
class Api :: Pabx :: AccountsController< ApplicationController
http_basic_authenticate_with名称:'some_name',密码:'some_password'
before_action:authenticate_user !,除了:[:phone_number]
skip_before_filter:verify_authenticity_token
#POST api / pabx / accounts / phone_number.json
def phone_number
...
end
end
当我想在Engine内部做类似的API时,会出现问题。
当我尝试访问该路由时,即使我使用 before_action:authenticate_user!,除了:[:method_name] 。
config / routes.rb (Myengine)
范围模块:'api'do
scope'/ api'do
get'/ accounts / phone_number / :phone_number',to:'accounts#phone_number'
end
end
controllers / api / pabx / accounts_controller.rb (Myengine)
require_dependencymyengine / application_controller
module Myengine
class Api :: AccountsController< ApplicationController
http_basic_authenticate_with名称:'some_name',密码:'some_password'
before_action:authenticate_user !,除了:[:phone_number]
skip_before_filter:verify_authenticity_token
#POST api / pabx / accounts / phone_number.json
def phone_number
...
end
end
这是我在主应用程序中的代码
controllers / application_controller.rb (main application)
class ApplicationController< ActionController :: Base#通过引发异常来防止CSRF攻击。
#对于API,您可能需要使用:null_session。
protect_from_forgery with::exception
#使用Devise进行身份验证(不要删除此行)
before_action:authenticate_user!
end
config / routes.rb (主要应用程序)
authenticate:user do
mount Myengine :: Engine ,at:'/ myengine'
end
当我尝试访问我的方法引擎,终端向我显示:
启动POST/myengine/api/accounts/phone_number.jsonfor :: 1在2015-09-17 21:15:31 -0300
开始GET/ users / sign_in为:: 1在2015-09-17 21:15:31 -0300
处理Devise :: SessionsController#new as * / *
渲染用户/ shared / _links.html.erb(6.3ms)
在布局中呈现用户/ sessions / new.html.erb / authentication(29.6ms)
渲染的布局/元素/ _flash_messages.html.erb(2.3ms)
在720ms内完成200 OK(视图:714.6ms | ActiveRecord:0.0ms)
(如果我做错了或者有更好的想法,请分享
(我正在使用Devise 3.5.2 with Rails 4.2.0)
非常感谢您阅读我的问题。
我解决了这个问题,这很简单。现在我正在我的Engine应用程序控制器中进行身份验证,而不是通过主应用程序控制器上的路由。
模块Myengine
class ApplicationController< ActionController :: Base
before_action:authenticate_user!
end
end
我还删除了 authenticate:用户在我的config / routes.rb(主应用程序)
mount Myengine :: Engine,at :'/ myengine'
这样我就可以在任何控制器中使用以下代码p>
before_action:authenticate_user !,除了:[:mypublic_method]
I'm using Devise for athentication in my main application and
I have built an API (for a PABX) using "http_basic_authenticate_with" and it's working well when I add before_action :authenticate_user!, except: [:method_name] to my controller. I'm doing that because except: [:method_name] will not require a logged user session on Devise and I just want to use basic authenticate for those API controllers.
config/routes.rb (main application)
scope module: 'api' do
scope module: 'pabx' do
scope '/api/pabx' do
get '/accounts/phone_number/:phone_number', to: 'accounts#phone_number'
end
end
end
controllers/api/pabx/accounts_controller.rb (main application)
class Api::Pabx::AccountsController < ApplicationController
http_basic_authenticate_with name: 'some_name', password: 'some_password'
before_action :authenticate_user!, except: [:phone_number]
skip_before_filter :verify_authenticity_token
# POST api/pabx/accounts/phone_number.json
def phone_number
...
end
end
The problem is happening when I want to do something similar to that API inside an Engine.
When I try to access the route, Devise seems to not allow to access it without an authentication, even when I'm using before_action :authenticate_user!, except: [:method_name].
config/routes.rb (Myengine)
scope module: 'api' do
scope '/api' do
get '/accounts/phone_number/:phone_number', to: 'accounts#phone_number'
end
end
controllers/api/pabx/accounts_controller.rb (Myengine)
require_dependency "myengine/application_controller"
module Myengine
class Api::AccountsController < ApplicationController
http_basic_authenticate_with name: 'some_name', password: 'some_password'
before_action :authenticate_user!, except: [:phone_number]
skip_before_filter :verify_authenticity_token
# POST api/pabx/accounts/phone_number.json
def phone_number
...
end
end
This is my the code in the main application
controllers/application_controller.rb (main application)
class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
# Authentication using Devise (DO NOT REMOVE THIS LINE)
before_action :authenticate_user!
end
config/routes.rb (main application)
authenticate :user do
mount Myengine::Engine, at: '/myengine'
end
When I try to access that method in my Engine, the terminal show me this:
Started POST "/myengine/api/accounts/phone_number.json" for ::1 at 2015-09-17 21:15:31 -0300
Started GET "/users/sign_in" for ::1 at 2015-09-17 21:15:31 -0300
Processing by Devise::SessionsController#new as */*
Rendered users/shared/_links.html.erb (6.3ms)
Rendered users/sessions/new.html.erb within layouts/authentication (29.3ms)
Rendered layouts/elements/_flash_messages.html.erb (2.3ms)
Completed 200 OK in 720ms (Views: 714.4ms | ActiveRecord: 0.0ms)
(If I'm doing something wrong or someone has a better idea, please share here.) (I'm using Devise 3.5.2 with Rails 4.2.0)
Thank you very much for reading my question.
I solved the problem, this was simple. Now I'm doing the authentication in my Engine Application Controller, not by routes on my Main Application Controller.
module Myengine
class ApplicationController < ActionController::Base
before_action :authenticate_user!
end
end
I also removed authenticate :user on my config/routes.rb (main application)
mount Myengine::Engine, at: '/myengine'
That way I'm able to use the following code in any controller
before_action :authenticate_user!, except: [:mypublic_method]
这篇关于如何避免Devise从引擎内部进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
