我正在尝试为我的客户端构建一个 Rails 服务器,同时实现设计控制器,并且面临很多问题。
用于
Warden.authenticate(resource_name)!记录目的时,我得到“401未经授权”,但我可以通过设备的sign_in方法正确注册。在通过登录后尝试使用辅助方法时,
auth_token我得到所有辅助方法的 nil 和默认值。
版本:
- 导轨 v5.0.2
- 红宝石 v2.2.3
- 设计 v4.2.0
应用控制器:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
skip_before_filter :verify_authenticity_token,
:if => Proc.new { |c| c.request.format == 'application/json' }
before_filter :authenticate_user_from_token!
before_action :authenticate_user!
before_filter :set_current_user
def set_current_user
Thread.current[:current_user] = current_user
end
private
#for authenticating the token
def authenticate_user_from_token!
user_id = params[:id].presence
user = user_id && User.find_by_id(user_id)
puts user
if user && Devise.secure_compare(user.authentication_token, params[:auth_token])
puts "about to sign in"
sign_in user, store: false
puts ""
end
end
用户控制器:
class UsersController < ApplicationController
skip_before_filter :verify_authenticity_token,
:if => Proc.new { |c| c.request.format == 'application/json' }
skip_before_filter :authenticate_user!
def index
end
def create
respond_to do |format|
format.json {
if params[:user] && params[:user][:email] && params[:user][:name]# input name and email
@user = User.where(:email => params[:user][:email].downcase).first unless User.where(:email => params[:user][:email].downcase).count == 0
if @user.nil?
@user = User.new
lookup_hash = UUIDTools::UUID.random_create.hexdigest
# @user.phone_number = params[:user][:phone_number]
# @user.safe_update(%w[name email ], params[:user])
@user.name = params[:user][:name]
@user.email = params[:user][:email]
if params[:user][:specialization]
@user.specialization = params[:user][:specialization]
end
if params[:user][:password]
@user.password = params[:user][:password]
@user.password_confirmation = params[:user][:password]
else
@user.password = lookup_hash[0,6]
@user.password_confirmation = lookup_hash[0,6]
end
#we have to see wether we have to send password through mail or not.
#assigning auth_token at the time of registration
@user.assign_authentication_token
success = @user && @user.save
if success && @user.errors.empty?
# Jobs::Mailer.async.signup_welcome_email(@user.id).commit!
#Jobs::Mailer.async.new_invitation_alpha(@user.id,@user.email,@user.password).commit!
sign_in(:user, @user)
#if @user.country_code == "IN" && @user.user_persona == "doctor"
#show_promo_code = true
#end
render :status => :ok,
:json => { :success => true,
:info => "Successfully Registered! Please check you email for password",
:data => { :auth_token => @user.authentication_token,
:id => @user.id.to_s
} }
else
render :status => :unprocessable_entity,
:json => { :success => false,
:info => @user.errors,
:data => {} }
end
else
render :status => 409,
:json => { :success => false,
:info => "You are already Registered!",
:data => {} }
end
else
render :status => 412,
:json => { :success => false,
:info => "User details are missing",
:data => {} }
end
}
end
end
end
路线.rb:
Rails.application.routes.draw do
namespace :api do
namespace :v1 do
devise_for :users, controllers: { sessions:
'api/v1/users/sessions' }
end
end
post '/register' => 'users#create', :as => :register
resources :users
devise_for :users
resources :preferences
end
end
会话控制器:
class Api::V1::Users::SessionsController < Devise::SessionsController
skip_before_action :verify_signed_out_user, :only => [:destroy]
skip_before_filter :require_no_authentication, :only => [ :new, :create, :cancel , :destroy]
skip_before_filter :verify_authenticity_token,
:if => Proc.new { |c| c.request.format == 'application/json' }
before_filter :ensure_params_exist, :except => [:destroy]
respond_to :json
def create
resource = User.find_for_database_authentication(:email => params[:user][:email])
return invalid_login_attempt unless resource if resource.valid_password?(params[:user][:password])
sign_in(:user, resource)
resource.assign_authentication_token
resource.save!
render :status => 200,
:json => {
:success => true,
:info => "Logged in",
:data => { :auth_token => resource.authentication_token,
:id => resource.id.to_s,
:name => resource.name} }
end
# DELETE /resource/sign_out
def destroy
super
remove_auth_token params[:auth_token]
end
def failure
render :status => :unauthorized,
:json => { :success => false,
:info => "Login Failed",
:data => {} }
end
def remove_auth_token token
if !token.blank?
user = User.where(authentication_token: token).first
if !user.nil?
user.authentication_token = nil
user.save!
end
end
end
protected
def ensure_params_exist
return unless params[:user].blank?
render :json=>{:message=>"missing user_login parameter"},
:status=>422
end
def invalid_login_attempt
render :json=> {:message=>"Error with your login or password"},
:status=>401
end
end
设计配置:
Devise.setup do |config|
ou use your own mailer class
# with default "from" parameter.
config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
.
require 'devise/orm/mongoid'
config.case_insensitive_keys = [:email]
config.strip_whitespace_keys = [:email]
#
config.http_authenticatable_on_xhr = false
config.skip_session_storage = [:http_auth]
#
config.stretches = Rails.env.test? ? 1 : 11
config.reconfirmable = true
config.expire_all_remember_me_on_sign_out = true
config.password_length = 6..128
config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
config.reset_password_within = 6.hours
config.navigational_formats = ['*/*','*/*', :html , :json]
config.sign_out_via = :delete
end