devise和iphone应用程序之间的HTTP身份验证 [英] HTTP authentication between devise and iphone app
问题描述
我正在使用devise进行身份验证。我启用了基本的HTTP身份验证,我可以卷入网站的xml或json数据。当我将帖子标题设置为JSON,并使用用户名和密码时,我也可以将数据上传到网站。
这是我被卡住的地方。
1)第一次登录后如何保持用户登录?每次将数据发送到网站时,是否使用http验证?我读过关于令牌身份验证,但我不知道如何使用它。
2)我可以发布JSON数据,像 http:// localhost:3000 / example 具有正确的用户名和密码。但是,如果用户名和密码不正确,则返回HTML内容。我必须写一些返回关于登录成功/ fialure的json数据的东西?
3)在我的iPhone应用程序和我的网络应用程序之间进行通信。我在Web应用程序方面编写了一个RESTful API是否正确?我需要使用活跃的资源吗?
我真的坚持了所有这些工作的整体大局。谢谢!
有很多方法可以做到这一点。我做的是让Devise将错误返回到我可以解释的iphone应用程序(例如401),创建一个自定义的失败应用程序:
#config / initializers / devise.rb
config.warden do | manager |
manager.failure_app = CustomFailure
end
#config / initializers / custom_failure.rb
class CustomFailure< Devise :: FailureApp
def response
,除非request.format.to_sym ==:html
http_auth
else
super
end
end
end
否则,Devise只需返回带有重定向响应代码的HTML,而不管登录信息是否为正确或不正确
由于我的应用程序要求用户对我的rails后端进行身份验证,所以我实现了一个简单的登录系统:
#app / controllers / pages_controller.rb
before_filter:authenticate_user !,:only => [:login]
ssl_required:login#你必须设置ssl和ssl_requirement
def login
@user = current_user
respond_to do | format |
format.html {render:text => #{@user.id}}
format.xml {render:text => #{@user.id}}
end
end
#config / routes.rb
match'/ login',:to => 'page#login'
然后在iphone应用程序中,您可以通过向/登录发送GET请求来验证像这样(我使用 ASIHTTPRequest ,因为它非常棒):
$ b $ (NSString *)名称:(NSString *)pwd
{
NSURL * login_url = [NSURL URLWithString:@https ://mysite.com/login];
ASIHTTPRequest * request = [ASIHTTPRequest requestWithURL:login_url];
[request setDelegate:self];
[request setUsername:name];
[request setPassword:pwd];
[request addRequestHeader:@Acceptvalue:@application / xml];
[request startAsynchronous];
- (void)requestFinished(ASIHTTPRequest *)请求
{
if([request responseStatusCode]!= 200){
[self requestFailed:请求];
}
else {
//身份验证成功,存储凭据
NSUSerDefaults * defaults = [NSUserDefaults standardUserDefaults];
[defaults setValue:[request username] forKey:@username];
[defaults setValue:[请求密码] forKey:@password];
}
}
- (void)requestFailed:(ASIHTTPRequest *)请求
{
NSLog(@failed with error: %d%@,[request responseStatusCode],[error localizedDescription]);
//告诉用户不正确的用户名/密码
}
然后,只要你需要要将数据发布到应用程序,您可以从用户默认值中检索用户名和密码,并将其附加到请求。如果您需要更安全,可以将它们存储在钥匙串中。
我确定有更好的方法来做到这一点,但希望这可以让你有所思考关于API认证策略。
I'm new to ruby on rails but I want to send the data from my SQlite database from my iphone app to the rails web app. Like a "sync" service.
I'm using devise for authentication for the web app. I enabled basic HTTP authentication and I can curl into the website for xml or json data. I can also upload data to the website when I set the post headers to JSON and with username and password.
Here's where I'm stuck.
1) How do I keep the user signed in after the 1st login? Do I use http authentication every time I send data to the website? I've read about token authentication but I'm not sure how to use it.
2) I can post JSON data to something like http://localhost:3000/example with the correct username and password. However, it returns the HTML content if the username and passowrd is incorrect. Do I have to write something that returns json data about login success/fialure?
3) To communicate between my iphone app and my web app. Am I correct in writing a RESTful API on the web app side? Do I need to use active resources?
I'm really stuck on the overall big picture of how all this works. Thanks!
There's many ways you can do this. What I did to get Devise to return errors to my iphone app that I could interpret (e.g. 401) was create a custom failure app:
# config/initializers/devise.rb
config.warden do |manager|
manager.failure_app = CustomFailure
end
# config/initializers/custom_failure.rb
class CustomFailure < Devise::FailureApp
def respond
unless request.format.to_sym == :html
http_auth
else
super
end
end
end
Otherwise Devise just returns HTML with a redirect response code regardless of whether the login information was correct or incorrect.
Since my app required users to authenticate against my rails backend, I implemented a simple login system like this:
#app/controllers/pages_controller.rb
before_filter :authenticate_user!, :only => [:login]
ssl_required :login # you have to set up ssl and ssl_requirement
def login
@user = current_user
respond_to do |format|
format.html {render :text => "#{@user.id}"}
format.xml {render :text => "#{@user.id}" }
end
end
#config/routes.rb
match '/login', :to => 'pages#login'
Then in the iphone app you can validate by sending a GET request to /login like this (I use ASIHTTPRequest because it's awesome):
- (void) validate_login:(NSString*)name :(NSString*)pwd
{
NSURL *login_url = [NSURL URLWithString:@"https://mysite.com/login"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:login_url];
[request setDelegate:self];
[request setUsername:name];
[request setPassword:pwd];
[request addRequestHeader:@"Accept" value:@"application/xml"];
[request startAsynchronous];
}
- (void)requestFinished:(ASIHTTPRequest *)request
{
if ([request responseStatusCode] != 200) {
[self requestFailed:request];
}
else {
// authentication successful, store credentials
NSUSerDefaults* defaults = [NSUserDefaults standardUserDefaults];
[defaults setValue:[request username] forKey:@"username"];
[defaults setValue:[request password] forKey:@"password"];
}
}
- (void)requestFailed:(ASIHTTPRequest *)request
{
NSLog(@"failed with error: %d %@", [request responseStatusCode], [error localizedDescription]);
// tell user incorrect username/password
}
Then whenever you need to post data to the app you can retrieve the username and password from user defaults and attach them to the request. If you need to be more secure, you can store them in the Keychain.
I'm sure there are better ways to do this, but hopefully this can get you thinking about API authentication strategies.
这篇关于devise和iphone应用程序之间的HTTP身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
