使用Devise令牌登录，是内置的吗？ [英] Using Devise tokens to log in, is this built in?

问题描述

所以，我试图用Devise（1.0.3版，Rails 2.3.8）使用令牌让用户登录，但我并不完全确定从哪里开始。

So, I'm trying to use tokens with Devise (version 1.0.3 with Rails 2.3.8) to let a user log in, but I'm not entirely sure where to begin.

http://zyphdesignco.com/blog / simple-auth-token-example-with-devise

上面的教程帮助我打开了令牌功能，并展示了如何生成（或删除）令牌...但是令牌的整个要点是使用它们来授权用户，是否正确？

The above tutorial helped me turn on the token functionality, and showed how to generate (or delete) tokens...but the whole POINT of tokens is to use them to authorize a user, correct?

当我在控制台中查看用户时，我可以说user.authentication_token，并得到一些如下所示的东西：Qm1ne93n_XkgmQTvxDmm，这是非常好的...但我从哪里去？

When I look at a user in the console, I can say user.authentication_token, and get something back like: "Qm1ne93n_XkgmQTvxDmm", which is all well and good...but where do I go from there?

我尝试了sign_in root使用以下命令行命令：

I tried hitting the sign_in root using the following command line command:

curl -dauthentication_token = Qm1ne93n_XkgmQTvxDmmlocalhost：3000 / users / sign_in

curl -d "authentication_token=Qm1ne93n_XkgmQTvxDmm" localhost:3000/users/sign_in

绝对没有成功登录。

在会话控制器中，我看到他们调用：

In the sessions controller, I see that they call:

authenticate（resource_name）

authenticate(resource_name)

我在ASSUMING是模块的某个位置：

Which I'm ASSUMING is somewhere in the module:

include Devise :: Controllers :: InternalHelpers

include Devise::Controllers::InternalHelpers

包括，但我不知道在哪里寻找（这绝对不在源的控制器文件夹中）。如果我可以看看验证是如何工作的，我可以看看它是否甚至在令牌上看起来...

which gets included, but I don't know where to look for that (it's definitely not in the source's controller folder). If I could look at how authenticate works, I could see if it even LOOKS at tokens...

DOES Devise可以让你真正使用令牌登录，或者只是有一个生成它们的框架？如果它允许您与他们登录...如何做到这一点？你不能使用卷曲（即它是否必须在浏览器中？如果是这样，我会自己滚动自己的解决方案，我需要非浏览器支持）。

DOES Devise let you actually log in with tokens, or does it just have a framework for generating them? If it does let you log in with them...HOW do you do this? Can you not use curl (i.e. does it have to be in a browser? If so, I'd hafta roll my own solution, I NEED non-browser support.). If it doesn't, how do I roll my own?

推荐答案

我的理解是可以使用令牌登录或者即使使用cURL也可以触发需要身份验证的任意页面。如果您查看 config / initializers / devise.rb ，应该有一行说明如下：

My understanding is that you can use the tokens to log in or to hit arbitrary pages that need authentication, even with cURL. If you look in config/initializers/devise.rb, there should be a line that says something like:

config.token_authentication_key = :auth_token

code> token_authentication_key 应该与您在请求中作为查询或表单参数放置的内容相匹配。你在你的例子中使用了 authentication_token ，不知道你是否改变了devise.rb以匹配那个。

Whatever the name of the token_authentication_key is should match what you put as the query or form parameter in your request. You used authentication_token in your example, not sure if you changed devise.rb to match that or not.

如果你想弄清楚事情在内部的工作，我会尝试 git clone git：//github.com/plataformatec/devise.git 并搜索你需要澄清的方法of。

If you want to figure out how things are working internally, I would try git clone git://github.com/plataformatec/devise.git and search for the methods you need clarification of.

以下是一些示例cURL请求（我创建了一个自定义的Users :: SessionsController，扩展了Devise :: SessionsController，并覆盖了create方法来处理JSON。 p>

Here are some sample cURL requests (I made a custom Users::SessionsController that extends Devise::SessionsController and overrides the create method to handle JSON.)

class Users::SessionsController < Devise::SessionsController
  def create
    resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
    set_flash_message(:notice, :signed_in) if is_navigational_format?
    sign_in(resource_name, resource)

    respond_to do |format|
      format.html do
        respond_with resource, :location => redirect_location(resource_name, resource)
      end
      format.json do
        render :json => { :response => 'ok', :auth_token => current_user.authentication_token }.to_json, :status => :ok
      end
    end
  end
end 

然后我给了cURL请求：

And then the cURL requests I gave:

curl -X POST 'http://localhost:3000/users/sign_in.json' -d 'user[email]=example@example.com&user[password]=password'
-> {"response":"ok","auth_token":"ABCDE0123456789"}

curl -L 'http://localhost:3000/profile?auth_token=ABCDE0123456789'
-> got page that I wanted that needs authentication

这篇关于使用Devise令牌登录，是内置的吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！