Devise身份验证首次尝试失败,之后成功 [英] Devise authentication fails on first attempt, succeeds afterwards
问题描述
调试时,似乎获胜的策略在第一次尝试时为零,但是在第二次尝试中填充了三个策略。
此行为的原因是什么?
尝试:
验证:
curl -H'Content-Type:application / json'\
-H'Accept:application / json'\
-X POST http:// localhost:3000 / users / sign_in \
-d{'user':{'email':'test@example.com','password':'password'}}\
-c cookie
显示:
curl -H'Content-Type:application / json'\
-H'Accept:application / json'\
-X GET http:// localhost:3000 / pag es / 1.xml \
-b cookie
对于发布请求 -
您需要一个 CSRF令牌用于Rails 3中的非GET请求。
这是因为默认情况下,Rails会向表单添加真实性令牌,以防止提交参数的恶意伪造。因为你不提供这个令牌与你的请求,rails不接受它。你可以通过
skip_before_filter:verify_authenticity_token
I'm using Devise (2.1.2) and Rails (3.2.9) and I've enabled basic authentication (for testing). I'm posting a JSON POST request using CURL and I'm seeing weird behavior. The authentication fails the first time I send the request (after server restart) but succeeds after sending the exact same request the second time.
When debugging, it seems that the winning_strategies are nil on the first attempt but populated with three strategies on the second attempt.
What is the cause of this behavior?
Try:
Authenticate:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X POST http://localhost:3000/users/sign_in \
-d "{'user' : { 'email' : 'test@example.com', 'password' : 'password'}}" \
-c cookie
Show:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X GET http://localhost:3000/pages/1.xml \
-b cookie
For post requests -
You need a CSRF token for non-GET requests in Rails 3 .
This is because Rails by default adds an authenticity token to forms to protect from malicious forgery of submitted parameters. As you do not supply this token with your request, rails does not accept it. You can bypass this with
skip_before_filter :verify_authenticity_token
这篇关于Devise身份验证首次尝试失败,之后成功的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
