使用 Devise 令牌登录，这是内置的吗? [英] Using Devise tokens to log in, is this built in?

问题描述

因此，我尝试在 Devise(1.0.3 版和 Rails 2.3.8 版)中使用令牌来让用户登录，但我不完全确定从哪里开始.

So, I'm trying to use tokens with Devise (version 1.0.3 with Rails 2.3.8) to let a user log in, but I'm not entirely sure where to begin.

http://zyphdesignco.com/blog/simple-auth-令牌示例与设计

上面的教程帮助我打开了令牌功能，并展示了如何生成(或删除)令牌......但令牌的全部意义是使用它们来授权用户，对吗?

The above tutorial helped me turn on the token functionality, and showed how to generate (or delete) tokens...but the whole POINT of tokens is to use them to authorize a user, correct?

当我在控制台中查看用户时，我可以说 user.authentication_token，然后得到类似Qm1ne93n_XkgmQTvxDmm"的信息，这一切都很好……但是我该从哪里开始呢?

When I look at a user in the console, I can say user.authentication_token, and get something back like: "Qm1ne93n_XkgmQTvxDmm", which is all well and good...but where do I go from there?

我尝试使用以下命令行命令点击 sign_in 根:

I tried hitting the sign_in root using the following command line command:

curl -d "authentication_token=Qm1ne93n_XkgmQTvxDmm" localhost:3000/users/sign_in

curl -d "authentication_token=Qm1ne93n_XkgmQTvxDmm" localhost:3000/users/sign_in

而且肯定没有成功登录.

And definitely didn't get a successful log in.

在会话控制器中，我看到他们调用:

In the sessions controller, I see that they call:

验证(资源名称)

我假设在模块中的某个地方:

Which I'm ASSUMING is somewhere in the module:

包括设计::Controllers::InternalHelpers

include Devise::Controllers::InternalHelpers

它被包含在内，但我不知道在哪里寻找它(它绝对不在源的控制器文件夹中).如果我可以看看身份验证的工作原理，我就可以看看它是否甚至查看令牌...

which gets included, but I don't know where to look for that (it's definitely not in the source's controller folder). If I could look at how authenticate works, I could see if it even LOOKS at tokens...

Devise 是否允许您使用令牌实际登录，或者它是否仅具有生成它们的框架?如果它确实让您与他们一起登录...您如何做到这一点?你不能使用 curl(即它必须在浏览器中吗?如果是这样，我会推出我自己的解决方案，我需要非浏览器支持.).如果没有，我该如何推出自己的产品?

DOES Devise let you actually log in with tokens, or does it just have a framework for generating them? If it does let you log in with them...HOW do you do this? Can you not use curl (i.e. does it have to be in a browser? If so, I'd hafta roll my own solution, I NEED non-browser support.). If it doesn't, how do I roll my own?

推荐答案

我的理解是，即使使用 cURL，您也可以使用令牌登录或访问需要身份验证的任意页面.如果您查看 config/initializers/devise.rb，应该有一行内容如下:

My understanding is that you can use the tokens to log in or to hit arbitrary pages that need authentication, even with cURL. If you look in config/initializers/devise.rb, there should be a line that says something like:

config.token_authentication_key = :auth_token

无论 token_authentication_key 的名称是什么，都应该与您在请求中作为查询或表单参数放置的内容相匹配.您在示例中使用了 authentication_token，不确定您是否更改了 devise.rb 以匹配它.

Whatever the name of the token_authentication_key is should match what you put as the query or form parameter in your request. You used authentication_token in your example, not sure if you changed devise.rb to match that or not.

如果你想弄清楚内部是如何工作的，我会尝试 git clone git://github.com/plataformatec/devise.git 并搜索你需要澄清的方法.

If you want to figure out how things are working internally, I would try git clone git://github.com/plataformatec/devise.git and search for the methods you need clarification of.

以下是一些示例 cURL 请求(我创建了一个自定义 Users::SessionsController，它扩展了 Devise::SessionsController 并覆盖了 create 方法来处理 JSON.)

Here are some sample cURL requests (I made a custom Users::SessionsController that extends Devise::SessionsController and overrides the create method to handle JSON.)

class Users::SessionsController < Devise::SessionsController
  def create
    resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
    set_flash_message(:notice, :signed_in) if is_navigational_format?
    sign_in(resource_name, resource)

    respond_to do |format|
      format.html do
        respond_with resource, :location => redirect_location(resource_name, resource)
      end
      format.json do
        render :json => { :response => 'ok', :auth_token => current_user.authentication_token }.to_json, :status => :ok
      end
    end
  end
end 

然后是我给出的 cURL 请求:

And then the cURL requests I gave:

curl -X POST 'http://localhost:3000/users/sign_in.json' -d 'user[email]=example@example.com&user[password]=password'
-> {"response":"ok","auth_token":"ABCDE0123456789"}

curl -L 'http://localhost:3000/profile?auth_token=ABCDE0123456789'
-> got page that I wanted that needs authentication

这篇关于使用 Devise 令牌登录，这是内置的吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！