验证API与Authlogic [英] Validate API with Authlogic

问题描述

我使用Authlogic验证我的应用程序，使用标准的用户和UserSession车型。我建立了一个API到我的应用程序，我想验证一个单一的访问令牌API访问。在我的应用程序，每一位用户 belongs_to的 A公司，该公司的has_many 用户。该API访问属于公司的资源，所以我想用一个单一的访问令牌为一体的公司。

I'm using Authlogic for authentication in my app, using the standard User and UserSession models. I'm building an API into my app, and I want to authenticate API access with a single access token. In my app, every User belongs_to a Company, which has_many users. The API is for access to resources belonging to the company, so I'd like to use one single access token for the whole company.

我最初的想法是添加一个虚拟用户来公司仅具有访问权限的API，其单一的访问令牌随后，该公司将使用授权访问的API。它不会出现，我可以设置用户的电子邮件和密码留空与AuthLogic，所以这不是平移出来。我的下一个想法是，也许我可以添加 acts_as_authentic 公司本身，但我不知道如何做到这一点的工作。

My initial thought was to add a dummy user to Company that only has permission to access the API, whose single access token the company would then use to grant access to the API. It doesn't appear that I can set a user's e-mail and password blank with AuthLogic, so this isn't panning out. My next thought was perhaps I could add acts_as_authentic to the company itself, but I'm not sure how this would work.

我真的想用Authlogic的解决方案，因为它与我的ACL很好地集成，并似乎有我在寻找大都建于后的功能。

I really want to use Authlogic for the solution because it integrates nicely with my ACL, and appears to have the functionallity I'm looking for mostly built in.

是否有可能有两个模型 act_as_authentic ？是否有我没有想到的一个更简单的方法，建成Authlogic？有没有一种方法，我可以使用他们的API密钥的虚拟用户？我应该做哪条路呢？

Is it possible to have two models that act_as_authentic? Is there an easier way that I'm not thinking of, built into Authlogic? Is there a way I can use a dummy user for their API key? Which way should I do this?

推荐答案

我做到这一点的方法是：

The way I do this is:

class Something
  acts_as_authentic do |m|
    # API keys are auto generated (See +regenerate_api_key+.)
    # The password is not used for authentication (its just an api_key lookup), so a dummy field is used
    m.login_field = :api_key
    m.validate_login_field = false
    m.validate_email_field = false
    m.crypted_password_field = :api_key_hash
    m.require_password_confirmation = false
    m.validate_password_field = false
    m.crypto_provider = ApiKeyCrypto
  end
end

class ApiKeyCrypto
  def self.encrypt(*tokens)
    'X'
  end

  def self.matches?(crypted, *tokens)
    crypted == 'X'
  end
end

#application_controller.rb
def current_session
  return @current_session if defined?(@current_session)
  ...
    format.any(*api_formats) do
      @current_session = SomethingSession.find
    end
  end
  @current_session
end
def api_formats
  [:xml, :json]
end

这对于FYI的ActiveResource的伟大工程。

This works great for ActiveResource FYI.

这篇关于验证API与Authlogic的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！