色器件和iPhone应用程序之间的HTTP认证 [英] HTTP authentication between devise and iphone app

问题描述

我是新来的Ruby on Rails的，但我想从我SQLite数据库从我的iPhone应用程序，铁轨的Web应用程序发送的数据。就像一个同步的服务。

I'm new to ruby on rails but I want to send the data from my SQlite database from my iphone app to the rails web app. Like a "sync" service.

我使用的是设计用于Web应用程序的认证。我启用了基本的HTTP认证，我可以卷曲成网站XML或JSON数据。我也可以上传数据到网站时，我设置了后标头JSON和用户名和密码。

I'm using devise for authentication for the web app. I enabled basic HTTP authentication and I can curl into the website for xml or json data. I can also upload data to the website when I set the post headers to JSON and with username and password.

这里就是我卡住了。

1）我如何保持1登录后签署了用户？难道我用我每次将数据发送到该网站时，HTTP认证？我读过有关令牌身份验证，但我不知道如何使用它。

1) How do I keep the user signed in after the 1st login? Do I use http authentication every time I send data to the website? I've read about token authentication but I'm not sure how to use it.

2）我可以张贴JSON数据，像的http：//本地主机：3000 /例如用正确的用户名和密码。然而，如果用户名和passowrd是不正确则返回的HTML内容。我必须写一些东西，返回有关登录成功/ fialure JSON数据？

2) I can post JSON data to something like http://localhost:3000/example with the correct username and password. However, it returns the HTML content if the username and passowrd is incorrect. Do I have to write something that returns json data about login success/fialure?

3）我的iPhone应用程序，我的web应用程序之间的通信。我是在Web应用程序边写边一个RESTful API是否正确？我是否需要使用激活的资源？

3) To communicate between my iphone app and my web app. Am I correct in writing a RESTful API on the web app side? Do I need to use active resources?

我真的很憋屈的这一切是如何工作的总体大局。谢谢！

I'm really stuck on the overall big picture of how all this works. Thanks!

推荐答案

有很多方法可以做到这一点。我做了什么让设计错误回到我的iPhone应用程序，我可以跨preT（例如401）是创建一个自定义应用程序失败：

There's many ways you can do this. What I did to get Devise to return errors to my iphone app that I could interpret (e.g. 401) was create a custom failure app:

# config/initializers/devise.rb
config.warden do |manager|
  manager.failure_app   = CustomFailure
end

# config/initializers/custom_failure.rb
class CustomFailure < Devise::FailureApp     
  def respond
    unless request.format.to_sym == :html
  http_auth
    else
  super
end
  end
end

否则设计只是一个重定向响应code返回HTML不管登录信息是否正确或不正确的。

Otherwise Devise just returns HTML with a redirect response code regardless of whether the login information was correct or incorrect.

由于我的应用程序需要用户对我的Rails后端验证，我实现了一个简单的登录系统是这样的：

Since my app required users to authenticate against my rails backend, I implemented a simple login system like this:

#app/controllers/pages_controller.rb
before_filter :authenticate_user!, :only => [:login]
ssl_required :login # you have to set up ssl and ssl_requirement


def login
  @user = current_user
  respond_to do |format|
    format.html {render :text => "#{@user.id}"} 
    format.xml {render :text => "#{@user.id}" }   
  end
end

#config/routes.rb
match '/login',       :to => 'pages#login'

然后在iPhone应用程序，你可以通过发送GET请求/登录这样的（我用的 ASIHTT prequest ，因为它的真棒）：

- (void) validate_login:(NSString*)name :(NSString*)pwd
{   
    NSURL *login_url = [NSURL URLWithString:@"https://mysite.com/login"];
    ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:login_url];
    [request setDelegate:self];
    [request setUsername:name];
    [request setPassword:pwd];  
    [request addRequestHeader:@"Accept" value:@"application/xml"]; 
    [request startAsynchronous];    
}

- (void)requestFinished:(ASIHTTPRequest *)request
{
if ([request responseStatusCode] != 200) {
  [self requestFailed:request];
}
    else {
  // authentication successful, store credentials
        NSUSerDefaults* defaults = [NSUserDefaults standardUserDefaults];
    [defaults setValue:[request username] forKey:@"username"];
        [defaults setValue:[request password] forKey:@"password"];
    }
}


- (void)requestFailed:(ASIHTTPRequest *)request
{
    NSLog(@"failed with error: %d %@", [request responseStatusCode], [error localizedDescription]);
    // tell user incorrect username/password    
}

然后，当您需要将数据发布到应用程序可以检索用户默认的用户名和密码，并将它们连接请求。如果您需要更安全，你可以将它们存储在Keychain。

Then whenever you need to post data to the app you can retrieve the username and password from user defaults and attach them to the request. If you need to be more secure, you can store them in the Keychain.

我敢肯定有更好的方法来做到这一点，但希望这可以让你思考API认证策略。

I'm sure there are better ways to do this, but hopefully this can get you thinking about API authentication strategies.

这篇关于色器件和iPhone应用程序之间的HTTP认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！