我希望能够简单地确定在我正在创建的iOS应用中是否正确提供了用户凭据。
我现在设置的方式是使用sessions_controller.rb来处理和返回用户令牌。问题是如果我还想通过网络登录(不只是通过卷曲或类似的检查),它不会进行身份验证并吐出
{“success”:false,“message”:“您的登录名或密码出错”}
所以我的问题是......如何进行身份验证并保持我的网络登录操作?这是我的相关文件。我的希望是我可以卷曲到诸如localhost:3000 / auth_checks之类的URL并获得一种身份验证响应,并继续让我的用户通过localhost:3000 / sign_in登录。
来自devise.rb
config.skip_session_storage = [:http_auth, :token_auth]
config.token_authentication_key = :auth_token
来自routes.rb
resources :clippings
root to: 'clippings#index'
#devise_for :users
resources :auth_checks
devise_for(:users, :controllers => { :sessions => "sessions" })
resources :posts do
end
来自auth_checks_controller.rb
class AuthChecksController < ApplicationController
before_filter :authenticate_user!
# GET /auth_checks
# GET /auth_checks.json
def index
@auth_checks = AuthCheck.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: @auth_checks }
end
end
# GET /auth_checks/1
# GET /auth_checks/1.json
def show
@auth_check = AuthCheck.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: @auth_check }
end
end
# GET /auth_checks/new
# GET /auth_checks/new.json
def new
@auth_check = AuthCheck.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: @auth_check }
end
end
# GET /auth_checks/1/edit
def edit
@auth_check = AuthCheck.find(params[:id])
end
# POST /auth_checks
# POST /auth_checks.json
def create
@auth_check = AuthCheck.new(params[:auth_check])
respond_to do |format|
if @auth_check.save
format.html { redirect_to @auth_check, notice: 'Auth check was successfully created.' }
format.json { render json: @auth_check, status: :created, location: @auth_check }
else
format.html { render action: "new" }
format.json { render json: @auth_check.errors, status: :unprocessable_entity }
end
end
end
# PUT /auth_checks/1
# PUT /auth_checks/1.json
def update
@auth_check = AuthCheck.find(params[:id])
respond_to do |format|
if @auth_check.update_attributes(params[:auth_check])
format.html { redirect_to @auth_check, notice: 'Auth check was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @auth_check.errors, status: :unprocessable_entity }
end
end
end
# DELETE /auth_checks/1
# DELETE /auth_checks/1.json
def destroy
@auth_check = AuthCheck.find(params[:id])
@auth_check.destroy
respond_to do |format|
format.html { redirect_to auth_checks_url }
format.json { head :no_content }
end
end
end
答案 0 :(得分:0)
了解了很多......这就是我最终做的事情。如果你处于这个位置,我强烈建议你花时间(不是很多)来做这个方法。 http://www.cocoahunter.com/blog/2013/02/13/restful-api-authentication/
如果您像我一样,您已经拥有使用标准设计登录结构的用户库。
我将此添加到我的routes.rb
namespace :api do
namespace :v1 do
resources :tokens,:only => [:create, :destroy]
end
end
然后在controllers / api / v1 /(我创建的)内创建并添加了tokens_controller.rb
# encoding: utf-8
class Api::V1::TokensController < ApplicationController
skip_before_filter :verify_authenticity_token
respond_to :json
def create
email = params[:email]
password = params[:password]
if request.format != :json
render :status=>406, :json=>{:message=>"The request must be json"}
return
end
if email.nil? or password.nil?
render :status=>400,
:json=>{:message=>"The request must contain the user email and password."}
return
end
@user=User.find_by_email(email.downcase)
if @user.nil?
logger.info("User #{email} failed signin, user cannot be found.")
render :status=>401, :json=>{:message=>"Invalid email or passoword."}
return
end
# http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable
@user.ensure_authentication_token!
if not @user.valid_password?(password)
logger.info("User #{email} failed signin, password \"#{password}\" is invalid")
render :status=>401, :json=>{:message=>"Invalid email or password."}
else
render :status=>200, :json=>{:token=>@user.authentication_token}
end
end
def destroy
@user=User.find_by_authentication_token(params[:id])
if @user.nil?
#logger.info(“Token wasnot found.”)
#render :status=>404, :json=>{:message=>”Invalid token.”}
else
@user.reset_authentication_token!
render :status=>200, :json=>{:token=>params[:id]}
end
end
end
这就是我所要做的一切。我现在可以通过我的iOS应用程序测试此API以进行身份验证。希望对那里的人有意义!