为什么我无法使用devise_token_auth和curl退出? [英] Why am I unable to sign out using devise_token_auth and curl?
问题描述
我正在使用带有devise_token_auth的rails-api进行身份验证.我可以通过以下方式登录而没有问题:
I'm using rails-api with devise_token_auth for authentication. I am able to sign in without issue via:
curl -i http://localhost:3000/api/v1/auth/sign_in -F email="user@nowhere.org" -F password="password"
但是,注销失败并显示404,并显示错误找不到用户或未登录用户".通过:
However, sign out fails with a 404 and the error "User was not found or was not logged in." via:
curl -X DELETE -i http://localhost:3000/api/v1/auth/sign_out
我已经尝试过使用多种参数和标头值组合来修改此命令,例如:
I have tried variations of this command with multiple combinations of parameters and header values, such as:
curl -X DELETE -i http://localhost:3000/api/v1/auth/sign_out -F email="user@nowhere.org" -H Access-Token="Ae1yaTYLkSAgdhz3LtPAZg" -H Client="9AmYF6NS8tP6EOD5nPSuxw" -H Expiry="1443073493" -H Uid="user@nowhere.org" -H Token-Type="Bearer"
无济于事.类似构造的RSpec测试也将失败,并具有相同的响应和错误,并且日志表明该请求已通过DeviseTokenAuth :: SessionsController#destroy作为JSON处理.
To no avail. A similarly constructed RSpec test also fails with the same response and error, and the logs indicate the request was processed via DeviseTokenAuth::SessionsController#destroy as JSON.
当然,我实际上并没有使用curl进行身份验证;只需在编写相关代码之前验证请求结构即可.
Of course, I'm not actually using curl for authentication; just verification of the request structure before writing the relevant code.
推荐答案
回答我自己的问题,我没有随sign_out请求正确返回某些sign_in响应标头值.
Answering my own question, I wasn't returning certain sign_in response header values correctly with the sign_out request.
我找到了相关的帖子,其中指出了一些关键标头.技巧是从sign_in响应中捕获访问令牌,客户端和uid标头值,然后将它们作为参数包含在sign_out请求中:
I found a related post which pointed out some of the critical headers. The trick is to capture the access-token, client, and uid header values from the sign_in response, then include them as parameters in the sign_out request:
curl -i -X DELETE http://localhost:3000/api/v1/auth/sign_out -F access-token="Ae1yaTYLkSAgdhz3LtPAZg" -F client="9AmYF6NS8tP6EOD5nPSuxw" -F uid="user@nowhere.org"
这是一个RSpec测试,用于说明和验证:
Here's an RSpec test to illustrate and verify:
require 'rails_helper'
RSpec.describe "Authentication", type: :request do
it "logs a user out" do
user = User.create!(
name: "Some Dude",
email: "user@nowhere.org",
password: "password",
confirmed_at: Date.today
)
# initial sign in to generate a token and response
post api_v1_user_session_path, {
email: user.email,
password: user.password
}
expect(user.reload.tokens.count).to eq 1
# sign out request using header values from sign in response
delete destroy_api_v1_user_session_path, {
"access-token": response.header["access-token"],
client: response.header["client"],
uid: response.header["uid"]
}
response_body = JSON.load(response.body)
expect(response_body["errors"]).to be_blank
expect(response.status).to eq 200
# user token should be deleted following sign out
expect(user.reload.tokens.count).to eq 0
end
end
这篇关于为什么我无法使用devise_token_auth和curl退出?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!