自定义设计 401 未经授权的响应 [英] Custom Devise 401 unauthorized response
问题描述
我正在为我的 Rails 3.1 应用程序开发基于 JSON 的 API.我想提供自定义失败响应而不是默认响应,即:
I'm working on a JSON-based API for my Rails 3.1 app. I'd like to provide a custom failure response instead of the default, which is:
{"error":"You need to sign in or sign up before continuing."}
我的 API 控制器包含对 authenticate_user! 的 before_filter 调用,这就是呈现此 JSON 响应的原因.
My API controller includes a before_filter call to authenticate_user!, which is what is rendering this JSON response.
在搜索时,我遇到了这个 StackOverflow 问题,它引用了 这个设计维基条目.不幸的是,维基条目不够详细,我无法理解它在告诉我什么.具体来说,我不知道我应该把代码放在哪里,以便设计/监狱长知道渲染我想要返回的内容.
While searching, I came across this StackOverflow question, which references this Devise wiki entry. Unfortunately, the wiki entry isn't verbose enough for me to understand what it's telling me. Specifically, I have no clue where I'm supposed to put that code such that Devise/Warden knows to render what I want returned.
从对另一个 SA 问题的评论来看,听起来我不需要调用 custom_failure!,因为我使用的是高于 1.2 的 Devise 版本(具体来说是 1.4.2).然而,维基条目并没有解释 render 调用应该去哪里,以便 authenticate_user! 知道使用它而不是它自己的渲染调用.
From the comments on the other SA question, it sounds like I don't need to call custom_failure! since I'm using a version of Devise above 1.2 (1.4.2 to be specific). However, the wiki entry doesn't explain where the render call should go such that authenticate_user! knows to use that instead of its own render call.
这个 render 调用去哪里了?
Where does this render call go?
我不只是想改变消息本身(就像设计 en.yml 配置一样);我正在尝试更改响应的实际格式.具体来说,我想返回这个:
I'm not just trying to change the message itself (a la the devise en.yml config); I'm trying to change the actual format of the response. Specifically, I want to return this:
render :text => "You must be logged in to do that.", :status => :unauthorized
推荐答案
作为参考,以防其他人在使用 Devise 进行登录尝试失败时寻找如何自定义 json 错误响应时偶然发现此问题,关键是使用您自己的自定义 FailureApp 实现.(您也可以使用这种方法来覆盖某些重定向行为.)
For reference in case anyone else stumbles upon this question when looking for how to customize the json error response when a failed login attempt is made using Devise, the key is to use your own custom FailureApp implementation. (You can also use this approach to override some redirect behavior.)
class CustomFailureApp < Devise::FailureApp
def respond
if request.format == :json
json_error_response
else
super
end
end
def json_error_response
self.status = 401
self.content_type = "application/json"
self.response_body = [ { message: i18n_message } ].to_json
end
end
在您的 devise.rb 中,查找 config.warden 部分:
and in your devise.rb, look for the config.warden section:
config.warden do |manager|
manager.failure_app = CustomFailureApp
end
一些相关信息:
起初我以为我必须覆盖 Devise::SessionsController,可能使用传递给 warden.authenticate! 的 recall 选项,但如前所述 here, "recall 不会为 API 请求调用,仅适用于导航请求.如果您想自定义 http 状态代码,那么在失败时这样做会更好应用级别."
At first I thought I would have to override Devise::SessionsController, possibly using the recall option passed to warden.authenticate!, but as mentioned here, "recall is not invoked for API requests, only for navigational ones. If you want to customise the http status code, you will have better luck doing so at the failure app level."
还有 https://github.com/plataformatec/devise/wiki/How-To%3a-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated 显示了与重定向非常相似的内容.
Also https://github.com/plataformatec/devise/wiki/How-To%3a-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated shows something very similar for redirection.
这篇关于自定义设计 401 未经授权的响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
