skip_before_filter:authenticate_user!不适用于AJAX调用

时间:2013-07-25 21:04:40

标签: javascript ruby-on-rails ajax devise ruby-on-rails-4

我有一个控制器:

class SessionTimeoutController < ApplicationController
  # snip

  skip_before_filter :authenticate_user!, only: [:has_user_timed_out]

  #snip

  # Determines whether the user has been logged out due to
  # inactivity or not.
  def has_user_timed_out
    @has_timed_out = (!user_signed_in?) or (current_user.timedout? (user_session["last_request_at"]))

    respond_to do |format|
      format.json { render json: @has_timed_out, status: :created}
    end
  end

  #snip
end

我使用AJAX向session_timeout/has_user_timed_out发送请求:

$.ajax({
  url: '/session_timeout/has_user_timed_out',
  type: 'GET',
  dataType: 'json',
  success: function( logged_out ) {
    if(logged_out === true)
    {
      window.location = '/users/sign_in?timedout=1'
    }
    else
    {
      checkTimeLeft();
    }
  }
});

当进行这个AJAX调用时,即使用户退出,我也希望它始终得到响应。我希望这是因为我在控制器中设置了skip_before_filter :authenticate_user!。但是,当我发送AJAX时,服务器会发回401 Unauthorized响应。这是为什么?

此外,当我从浏览器控制台运行此JS时,它按预期工作。我唯一遇到AJAX问题的时候是从视图中调用它。

$.ajax({url: '/session_timeout/has_user_timed_out', type: 'GET', dataType:'JSON', success: function(logged_out) {console.log(logged_out + ' ' + typeof logged_out);}});

可能导致问题的一件事是我在一小段时间内发送AJAX请求,因为不活动而自动注销。这会让Devise感到困惑吗?

编辑:当我发送导致401响应的请求时,这是我的Rails日志:

Started GET "/session_timeout/has_user_timed_out" for 10.0.2.2 at 2013-07-25 21:25:51 +0000
Processing by SessionTimeoutController#has_user_timed_out as JSON
  ConfigVar Load (0.2ms)  SELECT `config_vars`.* FROM `config_vars` WHERE `config_vars`.`name` = 'maintenance_mode' ORDER BY `config_vars`.`id` ASC LIMIT 1
  User Load (0.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 14 ORDER BY `users`.`id` ASC LIMIT 1
Completed 401 Unauthorized in 4ms

当我发送有效的请求时,这是我的Rails日志,即使用户已注销:

Started GET "/session_timeout/has_user_timed_out" for 10.0.2.2 at 2013-07-25 21:29:39 +0000
Processing by SessionTimeoutController#has_user_timed_out as JSON
  ConfigVar Load (0.1ms)  SELECT `config_vars`.* FROM `config_vars` WHERE `config_vars`.`name` = 'maintenance_mode' ORDER BY `config_vars`.`id` ASC LIMIT 1
Completed 201 Created in 3ms (Views: 0.1ms | ActiveRecord: 0.1ms)

更多地使用它,它看起来就像我第一次在用户注销后向session_timeout/has_user_timed_out发送请求,无论我等待多久都失败了。然后,所有后续请求都会成功。

1 个答案:

答案 0 :(得分:1)

我找到了解决方法。 $.ajax可以使用status选项,让您根据响应代码拦截服务器响应。就我而言,我关心的是用户是否已登录。401错误告诉我用户已注销,因此我可以拦截响应并采取相应措施:

$.ajax({
  url: '/session_timeout/has_user_timed_out',
  type: 'GET',
  dataType: 'json',
  success: function( logged_out ) {
    if(logged_out === true)
    {
      window.location = '/users/timedout'
    }
    else
    {
      checkTimeLeft();
    }
  },
  // THIS IS THE CODE I ADDED FOR MY WORKAROUND:
  statusCode: {
    // If we get back an authentication error, it's a
    // pretty safe bet we're not logged in anymore
    401: function() {
      window.location = '/users/timedout'
    }
  }
});
相关问题
最新问题