I have an application that has user authentication using Devise and Authy, and I want to add API access with a separate set of users in a model (ApiUser), for now just using Basic Authentication. I have the following code in my controller:
class Api::SomethingsController < ApplicationController
load_and_authorize_resource param_method: :something_params
skip_authorize_resource
skip_authorization_check
skip_before_filter :verify_authenticity_token
skip_before_action :authenticate_user!
skip_before_action :enable_authy
before_filter :api_authenticate
private
def api_authenticate
authenticate_with_http_basic do |userid, password|
user = ApiUser.find_by(userid: userid, passwd: password)
user
end
end
However, no authentication is done - I get results with no authentication at all.
What am I doing wrong??
答案 0 :(得分:0)
Use authenticate_or_request_with_http_basic instead.
def api_authenticate
authenticate_or_request_with_http_basic("Somethings Authentication") do |userid, password|
user = ApiUser.find_by(userid: userid, passwd: password)
user
end
end