设计:有多个控制器手柄用户会话 [英] Devise: Have multiple controllers handle user sessions
问题描述
我正在设计1.3.4与3.0.7轨道。我有两种方法的用户可能登录:使用Web应用程序,以及使用移动网络应用程序(通过JSON API调用)。第一种方式是通过默认色器件会议控制器完美地处理。认证的API调用方法需要在扩展我的 API控制器:: BaseController
。所以,我写这第二个控制器是这样的:
I am running devise 1.3.4 with rails 3.0.7. I have two ways users may sign in: using the web app, and using a mobile web app (via a JSON API call). The first way is handled perfectly by the default devise sessions controller. The API-call method of authentication needs to be in a controller that extends my Api::BaseController
. So, I wrote this second controller like this:
class Api::UserSessionsController < Api::BaseController
…
def create
user = warden.authenticate(:scope => :user)
if user
sign_in(:user, user)
else
# Do some error handling
end
end
end
试图通过这种方法登录失败归因于的
。因为我已经离开了默认控制器( valid_controller?
法制定::策略::可验证设计/会话
)的映射器对于用户来说,它不允许从我的定制控制器认证。
Attempts to login via this method fail due to the valid_controller?
method in Devise::Strategies::Authenticatable
. Because I have left the default controller (devise/sessions
) as the mapped controller for users, it does not allow authentications from my custom controller.
我想我的滚动自定义功能到我自己的的子类,设计:: SessionsController
,但我的需要的API会话控制器扩展在 API :: BaseController
,所以我不能延长设计:: SessionsController
为好。我不想把工作,违约行为web-app的身份验证方法在API控制器,特别是因为这需要从色器件控制器复制它们。
I would like to roll my custom functionality into my own subclass of Devise::SessionsController
, but I need the API sessions controller to extend the API::BaseController
, so I can't extend Devise::SessionsController
as well. I don't want to place the working, default-behavior web-app authentication methods in the API controller, especially because this would require copying them from the devise controller.
有什么建议?有一些配置我失踪,允许多个控制器来处理会话?在 valid_controller?
方法做一个 ==
的比较,而不是 .INCLUDE?
,所以我看不出怎么会工作。
Any suggestions? Is there some config I'm missing that allows multiple controllers to handle sessions? the valid_controller?
method does an ==
comparison, not .include?
, so I don't see how that would work.
更新
这是一个可怕的临时解决方法。我不喜欢它,所以我不张贴作为一个答案,但我认为它可能提供粮食换思想就你回答者类型:
This is an awful temporary workaround. I don't like it, so I'm not posting it as an answer, but I thought it might offer food-for-thought to all you answerer-types:
在我的创作方法的顶部,我可能会忘制定预计将是会话控制器。
In the top of my create method, I could override what Devise expects to be the sessions controller.
Devise.mappings[:user].controllers[:sessions] = params[:controller]
这是工作围绕制定的预期功能(需要一个单一的,特定的控制器做会话创建),所以我不想继续使用它。我不知道这约束是一个安全措施,或只是一个约定 - 如果它是安全的,这是presumably相当糟糕
This is working around Devise's intended functionality (requiring a single, specific controller to do session creation) so I don't want to keep it. I wonder if this constraint is a security measure or just a convention -- if it is for security, this is presumably quite bad.
推荐答案
我只能建议另一个解决办法(也许更少可怕吗?)
在初始化可以覆盖#valid_controller?是这样的:
I can only suggest another workaround (maybe less awful?) In an initializer you can overwrite #valid_controller?, like this:
require 'devise/strategies/authenticatable'
require 'devise/strategies/database_authenticatable'
class Devise::Strategies::DatabaseAuthenticatable
def valid_controller?
# your logic here
true
end
end
我有兴趣知道这个约束的原因太
I'd be interested in knowing the reason of this constraint too
这篇关于设计:有多个控制器手柄用户会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!