使用 Rails 和设计基于 Ember.js 会话 cookie 的身份验证 [英] Ember.js session cookie based authentication with Rails and devise

问题描述

我希望使用 Rails、devise 和基于 cookie 的会话通过我的 Ember.js 应用程序身份验证来满足 3 个目标.

I'm looking to satisfy 3 goals with my Ember.js app authentication using rails, devise and a cookie based session.

1. 如果他们未登录，则重定向到 #/sessions/new.
2. 始终在应用模板中显示当前用户的信息.
3. 如果用户已登录并且他们直接转到#/some/route.当前用户应该在加载时加载.

1. Redirected to #/sessions/new if they're not logged in.
2. Always show the current user's information in the application template.
3. If the user is logged in and they go to #/some/route directly. The current user should be loaded on load.

我看过这些 embercast 视频:客户端身份验证第 1 部分 &客户端身份验证第 2 部分.它们有点过时但很有帮助.

I've watched these embercast videos: Client-side Authentication Part 1 & Client-side Authentication Part 2. They're a little out of date but helpful.

但仍然无法完全解决.有人有完整的 Rails 4、Devise、Emberjs 1.0.0 示例吗?

But still can't full solution. Anyone have full Rails 4, Devise, Emberjs 1.0.0 example?

最大的问题是有一个策略在页面加载时加载当前用户并在提交登录表单时设置当前用户.

Biggest problem is having a strategy to load the current user on page load and setting the current user when the sign in form is submitted.

现在这是我的策略:

App.User = Em.Object.extend();

App.User.reopenClass({
  current: function() {
    return Ember.$.getJSON("/users/current").then(function(data) {
      return data
    })
  }
});

App.ApplicationRoute = Ember.Route.extend({
  model: function() {
    return App.User.current();
  }
});

App.SessionsNewController = Ember.ObjectController.extend({

  actions: {
    save: function(data) {
      var self = this, data = this.getProperties('email', 'password');

      $.post("/sessions", { session: data }).always(function(response, status, data) {
        if (status == "success") {
          self.transitionToRoute('index');
        } else {
          self.set('errorMessage', data);
        }
      })

    },
  }

});

推荐答案

我不会说这是不可行的.但是您会做很多额外的和不必要的工作来使身份验证正常工作，这些工作都可以通过简单的页面重定向来完成.

I would not say this is not doable. But you will do lots of extra and unnecessary works to get the authentication working, which can all be done with a simple page redirect.

我从 Backbone.Marionette 的作者 Derick 那里收集了一些意见.虽然这些是针对 Backbone 而不是 Ember.js，但是客户端认证的情况是一样的.

I've collected some opinions from Derick, the author of Backbone.Marionette. Though these are for Backbone but not Ember.js, the situation of client side authentication is same.

我发现尝试让 Backbone/Marionette 处理授权站点内容的身份验证和重新加载是痛苦和不必要的.他们登录后，将他们重定向到服务器处理的不同 URL，并让服务器以经过身份验证的用户身份发送他们需要的所有内容.https://stackoverflow.com/a/18151935

I find it painful and unnecessary to try and make Backbone/Marionette handle the authentication and re-loading of the authorized site stuff. Once they log in, redirect them to a different URL that the server handles, and have the server send down all the stuff that they need, as an authenticated user. https://stackoverflow.com/a/18151935

Derick 的另一句话:

Another quote from Derick as well:

没错.在很多情况下，我也只是直截了当地说不要做单页应用程序".登录屏幕就是最大的例子.在过去几年中我遇到的所有客户中，他们都问我，嘿，我遇到了这个问题.我正在尝试让我的登录屏幕从服务器返回当前用户信息，并在不刷新所有内容的情况下重做屏幕上的所有这些内容."我每次的回答都是，不要那样做." http://javascriptjabber.com/056-jsj-marionette-js-with-derick-bailey/

Right. And there’s a lot of cases where I just flat out say, "Do not do single-page applications," as well. And a login screen is the biggest example of that. In all of the clients that I’ve had in the last couple of years, they’ve all asked me, "Hey, I’m having this problem. I’m trying to get my login screen to give me the current user information back from the server and redo all of this stuff on the screen without refreshing everything." My answer every single time is, "Don’t do that." http://javascriptjabber.com/056-jsj-marionette-js-with-derick-bailey/

还要考虑其他情况，比如 Gmail.单击 Gmail 登录页面上的登录"按钮后，您将无法顺利过渡.也会有相当大的数据加载重定向:)

Also think about other cases, say Gmail. You won't get a smooth transition after click "Sign in" button on Gmail's sign in page. There will be redirect with rather big data loading as well :)

从用户的角度来看，他们不会因为登录后有重定向就说 Gmail 不好.毕竟，登录/注册的频率远低于日常邮件操作.

From users' perspective, they won't say Gmail is not great just because there is a redirect after signing in. After all signing/sign up is much much less frequent than daily mail operations.

所以我的建议是，在用户会话更改后重新加载所有资源.让 Rails 和 Devise 以传统方式做这些肮脏的工作.

So my suggestion is, reload all resources after user session changed. Let Rails and Devise do these dirty jobs in traditional fashion.

这篇关于使用 Rails 和设计基于 Ember.js 会话 cookie 的身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！