设计：有多个控制器手柄用户会话 [英] Devise: Have multiple controllers handle user sessions

问题描述

我正在设计1.3.4与3.0.7轨道。我有两种方法的用户可能登录：使用Web应用程序，以及使用移动网络应用程序（通过JSON API调用）。第一种方式是通过默认色器件会议控制器完美地处理。认证的API调用方法需要在扩展我的 API控制器:: BaseController 。所以，我写这第二个控制器是这样的：

I am running devise 1.3.4 with rails 3.0.7. I have two ways users may sign in: using the web app, and using a mobile web app (via a JSON API call). The first way is handled perfectly by the default devise sessions controller. The API-call method of authentication needs to be in a controller that extends my Api::BaseController. So, I wrote this second controller like this:

class Api::UserSessionsController < Api::BaseController
  …
  def create
    user = warden.authenticate(:scope => :user)
    if user
      sign_in(:user, user)
    else
      # Do some error handling
    end
  end
end

试图通过这种方法登录失败归因于的 valid_controller？法制定::策略::可验证 。因为我已经离开了默认控制器（设计/会话）的映射器对于用户来说，它不允许从我的定制控制器认证。

Attempts to login via this method fail due to the valid_controller? method in Devise::Strategies::Authenticatable. Because I have left the default controller (devise/sessions) as the mapped controller for users, it does not allow authentications from my custom controller.

我想我的滚动自定义功能到我自己的的子类，设计:: SessionsController ，但我的需要的API会话控制器扩展在 API :: BaseController ，所以我不能延长设计:: SessionsController 为好。我不想把工作，违约行为web-app的身份验证方法在API控制器，​​特别是因为这需要从色器件控制器复制它们。

I would like to roll my custom functionality into my own subclass of Devise::SessionsController, but I need the API sessions controller to extend the API::BaseController, so I can't extend Devise::SessionsController as well. I don't want to place the working, default-behavior web-app authentication methods in the API controller, especially because this would require copying them from the devise controller.

有什么建议？有一些配置我失踪，允许多个控制器来处理会话？在 valid_controller？方法做一个 == 的比较，而不是 .INCLUDE？，所以我看不出怎么会工作。

Any suggestions? Is there some config I'm missing that allows multiple controllers to handle sessions? the valid_controller? method does an == comparison, not .include?, so I don't see how that would work.

更新

这是一个可怕的临时解决方法。我不喜欢它，所以我不张贴作为一个答案，但我认为它可能提供粮食换思想就你回答者类型：

This is an awful temporary workaround. I don't like it, so I'm not posting it as an answer, but I thought it might offer food-for-thought to all you answerer-types:

在我的创作方法的顶部，我可能会忘制定预计将是会话控制器。

In the top of my create method, I could override what Devise expects to be the sessions controller.

Devise.mappings[:user].controllers[:sessions] = params[:controller]

这是工作围绕制定的预期功能（需要一个单一的，特定的控制器做会话创建），所以我不想继续使用它。我不知道这约束是一个安全措施，或只是一个约定 - 如果它是安全的，这是presumably相当糟糕

This is working around Devise's intended functionality (requiring a single, specific controller to do session creation) so I don't want to keep it. I wonder if this constraint is a security measure or just a convention -- if it is for security, this is presumably quite bad.

推荐答案

我只能建议另一个解决办法（也许更少可怕吗？）
在初始化可以覆盖#valid_controller？是这样的：

I can only suggest another workaround (maybe less awful?) In an initializer you can overwrite #valid_controller?, like this:

require 'devise/strategies/authenticatable'
require 'devise/strategies/database_authenticatable'

class Devise::Strategies::DatabaseAuthenticatable
  def valid_controller?
    # your logic here
    true
  end
end

我有兴趣知道这个约束的原因太

I'd be interested in knowing the reason of this constraint too

这篇关于设计：有多个控制器手柄用户会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！