我正在关注这篇出色的文章,以设置我的rails(3.2)API的身份验证部分:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/
我已完成以下步骤:
-将设计添加到Gemfile
-启用针对用户模型的设计并运行所需的迁移
-我的用户模型是
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
devise :token_authenticatable
attr_accessible :email, :authentication_token, :password, :password_confirmation, :remember_me
end
以及数据库中的token_authenticable(通过迁移)。
-使用以下方法将RegistrationController子类化:
class RegistrationsController < Devise::RegistrationsController
def new
super
end
def create
resource = warden.authenticate!(:scope => resource_name, :recall => " {controller_path}#new")
sign_in(resource_name, resource)
current_user.reset_authentication_token!
respond_with resource, :location => after_sign_in_path_for(resource)
end
def update
super
end
end
-在routes.rb中,我有:
devise_for :users, :controllers => {:registrations => "registrations"}
用户创建
我想要以下请求来创建用户并发送回authentification_token:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"[email protected]", "password":"pass"}}' 'http://localhost:3000/users.json
我的理解是,逻辑应该进入注册 Controller 的“创建”方法(应该创建用户并同时登录用户)。我认为我应该错了,因为我得到的信息是:
{"error":"You need to sign in or sign up before continuing."}
新用户创建并记录的缺少的内容是什么? POST到users.json的映射不是映射到RegistrationController#create吗?
用户登录
另外,我希望以下请求登录用户(一旦检查了登录名/密码,将其发送回他的authentification_token)
curl -H "Accept: application/json" -H "Content-type: application/json" -X GET -d '{"user":{"email":"[email protected]","password":"pass"}}' 'http://localhost:3000/users.json
我猜想逻辑应该在RegistrationController的“update”方法中进行,但不能100%确定。登录完成后,我将添加 token 身份验证以保护其他模型的创建/ View 。
更新
当我发出:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"[email protected]", "password": "mypass", "phone":"1234567890"}}' 'http://localhost:3000/users.json'
我收到以下消息:
Started POST "/users.json" for 127.0.0.1 at 2012-03-11 20:50:05 +0100
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"[email protected]", , "password"=>"[FILTERED]", "phone"=>"1234567890"}, "registration"=>{"user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "phone"=>"1234567890"}, "action"=>"create", "controller"=>"registrations", "format"=>"json"}}
WARNING: Can't verify CSRF token authenticity
Completed 401 Unauthorized in 1ms
为什么不创建和登录用户以及为什么不返回authentication_token的任何想法?
最佳答案
是我的错,我将更新博客文章。
您需要添加以下代码以在注册 Controller 中创建用户
if params[:api_key].blank? or params[:api_key] != API_KEY
render :json => {'errors'=>{'api_key' => 'Invalid'}}.to_json, :status => 401
return
end
build_resource
if resource.save
sign_in(resource)
resource.reset_authentication_token!
#rabl template with authentication token
render :template => '/devise/registrations/signed_up'
else
render :template => '/devise/registrations/new' #rabl template with errors
end
让我知道您是否遇到任何问题?