使用API​​设计验证（Ruby on Rails的） [英] API Authentication using Devise (Ruby on Rails)

问题描述

我试图使用设计的配置在我的项目通过JSON添加认证：token_authenticatable

我有工作sessions_controller＃创建code这是从本文所 - <一个href=\"http://blog.$c$cbykat.com/2012/07/23/remote-api-authentication-with-rails-3-using-activeresource-and-devise/\">http://blog.$c$cbykat.com/2012/07/23/remote-api-authentication-with-rails-3-using-activeresource-and-devise/

  DEF创建
    build_resource
    资源= User.find_for_database_authentication（：电子邮件=＆GT; PARAMS [：邮箱]）
    返回invalid_login_attempt除非资源    如果resource.valid_password（PARAMS [：密码]）？
        resource.ensure_authentication_token！了#make确保用户生成的令牌
        渲染：JSON =＆GT; {：authentication_token =＆GT; resource.authentication_token，：USER_ID =＆GT; resource.id}：状态=＆GT; ：创建
        返回
    结束
结束高清invalid_login_attempt
    warden.custom_failure！
    渲染：JSON =＆GT; {：错误=＆GT; [无效的电子邮件或密码]}：成功=＆GT;假：状态=＆GT; ：未经授权
结束
 

问题是，本土色器件sessions_controller＃创建看起来像这样

  DEF创建
    self.resource = warden.authenticate！（auth_options）
    set_flash_message（：通知：signed_in）如果is_navigational_format？
    sign_in（RESOURCE_NAME，资源）
    respond_with资源：位置=＆GT; after_sign_in_path_for（资源）
  结束
 

和我不知道如何这两个创建用的方法有认证的网站，并通过JSON工作结合起来呢？

更新

工作code

  DEF创建
    做的respond_to |格式|      format.json做
        build_resource
        资源= User.find_for_database_authentication（：电子邮件=＆GT; PARAMS [：邮箱]）
        返回invalid_login_attempt除非资源        如果resource.valid_password（PARAMS [：密码]）？
          resource.ensure_authentication_token！了#make确保用户生成的令牌
          渲染JSON：{authentication_token：resource.authentication_token，USER_ID：resource.id}，状态：创建
          返回
        结束
      结束      format.html做
        self.resource = warden.authenticate！（auth_options）
        set_flash_message（：通知：signed_in）如果is_navigational_format？
        sign_in（RESOURCE_NAME，资源）
        respond_with资源：位置=＆GT; after_sign_in_path_for（资源）
      结束    结束
  结束
 

解决方案

您希望您的 SessionsController＃创建方法看起来像这样：

 类用户:: SessionsController＆LT;设计:: SessionsController
  打造高清
    资源= warden.authenticate！（范围：RESOURCE_NAME，回忆：＃{} controller路径#NEW）
    set_flash_message（：通知：signed_in）如果is_navigational_format？
    sign_in（RESOURCE_NAME，资源）    做的respond_to |格式|
      format.html做
        respond_with资源，地点：REDIRECT_LOCATION（RESOURCE_NAME，资源）
      结束
      format.json做
        渲染JSON：{回应：'OK'，AUTH_TOKEN：current_user.authentication_token} .to_json，状态：正常
      结束
    结束
  结束
结束
 

...，并确保你已经配置设计一种使用令牌认证密钥您的客户将通过沿。

I'm trying to add Authentication via json in my project using devise configuration :token_authenticatable.

I have the working sessions_controller#create code which was taken from this article - http://blog.codebykat.com/2012/07/23/remote-api-authentication-with-rails-3-using-activeresource-and-devise/

def create
    build_resource
    resource = User.find_for_database_authentication(:email => params[:email])
    return invalid_login_attempt unless resource

    if resource.valid_password?(params[:password])
        resource.ensure_authentication_token!  #make sure the user has a token generated
        render :json => { :authentication_token => resource.authentication_token, :user_id => resource.id }, :status => :created
        return
    end
end

def invalid_login_attempt
    warden.custom_failure!
    render :json => { :errors => ["Invalid email or password."] },  :success => false, :status => :unauthorized
end

The problem is that native devise sessions_controller#create looks like this

  def create
    self.resource = warden.authenticate!(auth_options)
    set_flash_message(:notice, :signed_in) if is_navigational_format?
    sign_in(resource_name, resource)
    respond_with resource, :location => after_sign_in_path_for(resource)
  end

And i don't know how to combine this two create methods to have authentication working on website and via json too?

UPDATE

The working code

def create
    respond_to do |format|

      format.json do
        build_resource
        resource = User.find_for_database_authentication(:email => params[:email])
        return invalid_login_attempt unless resource

        if resource.valid_password?(params[:password])
          resource.ensure_authentication_token!  #make sure the user has a token generated
          render json: { authentication_token: resource.authentication_token, user_id: resource.id }, status: :created
          return
        end
      end

      format.html do
        self.resource = warden.authenticate!(auth_options)
        set_flash_message(:notice, :signed_in) if is_navigational_format?
        sign_in(resource_name, resource)
        respond_with resource, :location => after_sign_in_path_for(resource)
      end

    end
  end

解决方案

You want your SessionsController#create method to look something like this:

class Users::SessionsController < Devise::SessionsController
  def create
    resource = warden.authenticate!(scope: resource_name, recall: "#{controller_path}#new")
    set_flash_message(:notice, :signed_in) if is_navigational_format?
    sign_in(resource_name, resource)

    respond_to do |format|
      format.html do
        respond_with resource, location: redirect_location(resource_name, resource)
      end
      format.json do
        render json: { response: 'ok', auth_token: current_user.authentication_token }.to_json, status: :ok
      end
    end
  end
end 

...and make sure you've configured devise to use the token authentication key your clients will pass along.

这篇关于使用API​​设计验证（Ruby on Rails的）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！