您好我在我的应用程序中使用omniauth。我没有使用设计就创建了应用程序。所以我手动编写了所有加密方法。我正在尝试将imniauth与我的应用程序集成,但我遇到了大量问题。我做了一个身份验证控制器:
class AuthenticationsController < ApplicationController
def index
@authentications = current_user.authentications if current_user
end
def create
omniauth = request.env["omniauth.auth"]
authentication= Authentication.find_by_provider_and_uid(omniauth['provider'],omniauth['uid'])
if authentication
flash[:notice]= "Signed in with " + omniauth['provider'] + " Successfully"
sign_in(authentication.user)
redirect_back_or authentication.user
elsif current_user
current_user.authentications.create!(:provider => omniauth['provider'],:uid => omniauth['uid'])
flash[:notice]="authentication successfull"
redirect_to authentications_url
else
authenticate= Authentication.create!(:provider => omniauth['provider'], :uid => omniauth['uid'])
flash[:notice] = "You still need to fill up the following"
# This is where I have doubt as to how should I proceed. Should I first create authentication for omniauth and then redirect or just send everything together and then create in sign up?
# session[:omniauth] = omniauth.except('extra')
# redirect_to signup_path(omniauth)
end
end
def destroy
@authentication = current_user.authentications.find(params[:id])
@authentication.destroy
flash[:notice] = "Successfully destroyed authentication."
redirect_to authentications_url
end
end
我的用户控制器如下:
class UsersController < ApplicationController
before_filter :authenticate, :except => [:show, :new, :create]
before_filter :correct_user, :only => [:edit, :update]
before_filter :admin_user, :only => :destroy
# Id ont know what to do with omniauth here! :(
def new(omniauth)
@user = User.new
@title = "Sign up"
end
def create
@user = User.new(params[:user])
if @user.save
sign_in @user
redirect_to @user, :flash => { :success => "Welcome to the World Student Alliance!" }
else
@title = "Sign up"
render 'new'
end
end
def edit
@title = "Edit user"
end
def update
if @user.update_attributes(params[:user])
redirect_to @user, :flash => { :success => "Profile updated." }
else
@title = "Edit user"
render 'edit'
end
end
def destroy
@user.destroy
redirect_to users_path, :flash => { :success => "User destroyed." }
end
private
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end
def admin_user
@user = User.find(params[:id])
redirect_to(root_path) if !current_user.admin? || current_user?(@user)
end
end
和会话控制器如下:
class SessionsController < ApplicationController
skip_before_filter :check_sign_in, :only => [:new, :create]
def new
@title = "Sign in"
end
def create
user = User.authenticate(params[:session][:email],
params[:session][:password])
if user.nil?
flash.now[:error] = "Invalid email/password combination."
@title = "Sign in"
render 'new'
else
sign_in user
redirect_back_or user
end
end
def destroy
sign_out
redirect_to root_path
end
end
每个用户都有许多身份验证,每个身份验证都属于一个用户
class Authentication < ActiveRecord::Base
belongs_to :user
end
class User < ActiveRecord::Base
has_many :authentications
.......
以下是我考虑过的情景:
用户已经是注册用户,并希望每次都使用Twitter进行签名(已完成且无错误)
用户未注册,并希望使用twitter进行身份验证。如果它的基本身份验证完成,但我需要让用户输入一些细节,如国家,性别,部门等。这是一切都是错误的地方。我能够创建一个身份验证并将其转义为登录表单但是当用户从fb或twitter登录时,他不应该输入密码字段。这是我的问题。谁能告诉我我应该做些什么来克服这个错误。谢谢。
答案 0 :(得分:1)
我在最近的一个应用程序中做了类似的事情 - 使用Omniauth进行身份验证并允许每个用户进行多次身份验证。对于你的情况3.)我首先创建用户和身份验证;然后将它们发送到特定表格(不是注册表格),以填写其余的个人资料。
如果必填字段不完整,则此“额外”表单才会生效,否则会被重定向到用户展示页面。似乎对我有用。
编辑:使用Omniauth Identiy策略替换您当前的用户名/密码gubbins:https://github.com/intridea/omniauth-identity。这样您就可以通过Omniauth处理所有身份验证。相信我,如果您拿出手工制作的密码验证码并将其替换为Omniauth身份,您的生活将变得更加简单。
为避免疑问,通过同时使用Twitter和身份策略,这意味着您可以让用户选择如何进行身份验证。他们可以使用Twitter或用户名/密码进行身份验证。两者都完成相同的工作,但是,如果他们使用Twitter,那么你永远不会看到密码信息(这很好)。