认证设计

时间:2013-09-28 22:37:12

标签: ruby-on-rails http authentication devise restful-authentication

我希望能够简单地确定在我正在创建的iOS应用中是否正确提供了用户凭据。

我现在设置的方式是使用sessions_controller.rb来处理和返回用户令牌。问题是如果我还想通过网络登录(不只是通过卷曲或类似的检查),它不会进行身份验证并吐出

{“success”:false,“message”:“您的登录名或密码出错”}

所以我的问题是......如何进行身份验证并保持我的网络登录操作?这是我的相关文件。我的希望是我可以卷曲到诸如localhost:3000 / auth_checks之类的URL并获得一种身份验证响应,并继续让我的用户通过localhost:3000 / sign_in登录。

来自devise.rb

config.skip_session_storage = [:http_auth, :token_auth]
config.token_authentication_key = :auth_token

来自routes.rb

  resources :clippings
  root to: 'clippings#index'
  #devise_for :users

  resources :auth_checks
  devise_for(:users, :controllers => { :sessions => "sessions" })


  resources :posts do
  end

来自auth_checks_controller.rb

class AuthChecksController < ApplicationController

before_filter :authenticate_user!

  # GET /auth_checks
  # GET /auth_checks.json
  def index
    @auth_checks = AuthCheck.all

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @auth_checks }
    end
  end

  # GET /auth_checks/1
  # GET /auth_checks/1.json
  def show
    @auth_check = AuthCheck.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @auth_check }
    end
  end

  # GET /auth_checks/new
  # GET /auth_checks/new.json
  def new
    @auth_check = AuthCheck.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @auth_check }
    end
  end

  # GET /auth_checks/1/edit
  def edit
    @auth_check = AuthCheck.find(params[:id])
  end

  # POST /auth_checks
  # POST /auth_checks.json
  def create
    @auth_check = AuthCheck.new(params[:auth_check])

    respond_to do |format|
      if @auth_check.save
        format.html { redirect_to @auth_check, notice: 'Auth check was successfully created.' }
        format.json { render json: @auth_check, status: :created, location: @auth_check }
      else
        format.html { render action: "new" }
        format.json { render json: @auth_check.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /auth_checks/1
  # PUT /auth_checks/1.json
  def update
    @auth_check = AuthCheck.find(params[:id])

    respond_to do |format|
      if @auth_check.update_attributes(params[:auth_check])
        format.html { redirect_to @auth_check, notice: 'Auth check was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @auth_check.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /auth_checks/1
  # DELETE /auth_checks/1.json
  def destroy
    @auth_check = AuthCheck.find(params[:id])
    @auth_check.destroy

    respond_to do |format|
      format.html { redirect_to auth_checks_url }
      format.json { head :no_content }
    end
  end
end

1 个答案:

答案 0 :(得分:0)

了解了很多......这就是我最终做的事情。如果你处于这个位置,我强烈建议你花时间(不是很多)来做这个方法。 http://www.cocoahunter.com/blog/2013/02/13/restful-api-authentication/

如果您像我一样,您已经拥有使用标准设计登录结构的用户库。

我将此添加到我的routes.rb

  namespace :api do
      namespace :v1  do
        resources :tokens,:only => [:create, :destroy]
      end
    end

然后在controllers / api / v1 /(我创建的)内创建并添加了tokens_controller.rb

# encoding: utf-8
class Api::V1::TokensController  < ApplicationController
    skip_before_filter :verify_authenticity_token
    respond_to :json
    def create
      email = params[:email]
      password = params[:password]
      if request.format != :json
        render :status=>406, :json=>{:message=>"The request must be json"}
        return
       end

    if email.nil? or password.nil?
       render :status=>400,
              :json=>{:message=>"The request must contain the user email and password."}
       return
    end

    @user=User.find_by_email(email.downcase)

    if @user.nil?
      logger.info("User #{email} failed signin, user cannot be found.")
      render :status=>401, :json=>{:message=>"Invalid email or passoword."}
      return
    end

    # http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable
    @user.ensure_authentication_token!

    if not @user.valid_password?(password)
      logger.info("User #{email} failed signin, password \"#{password}\" is invalid")
      render :status=>401, :json=>{:message=>"Invalid email or password."}
    else
      render :status=>200, :json=>{:token=>@user.authentication_token}
    end
  end

  def destroy
    @user=User.find_by_authentication_token(params[:id])
    if @user.nil?
      #logger.info(“Token wasnot found.”)
      #render :status=>404, :json=>{:message=>”Invalid token.”}
    else
      @user.reset_authentication_token!
      render :status=>200, :json=>{:token=>params[:id]}
    end
  end

end

这就是我所要做的一切。我现在可以通过我的iOS应用程序测试此API以进行身份​​验证。希望对那里的人有意义!