我目前正在从Rails教程中为示例应用添加一个RESTful API,并且我尝试使用门卫来保护它,而没有其他宝石,如设计或清除。我希望看门人根据现有会话对用户进行身份验证。当前会话实现在浏览器cookie中保留remember_token(在登录时分配)并将散列标记存储在用户模型中。
我在current_user模块中有一个SessionsHelper方法(app / helpers / sessions_helper.rb),它也包含在ApplicationController中:
def current_user
remember_token = User.digest(cookies[:remember_token])
@current_user ||= User.find_by(remember_token: remember_token)
end
这是resource_owner_authenticator(其他失败的实现已被注释掉):
resource_owner_authenticator do
# fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
# Put your resource owner authentication logic here.
# Example implementation:
# User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
# puts current_user || "no user"
# current_user # || redirect_to(signin_path)
# remember_token = User.digest(request.cookies[:remember_token])
# User.find_by(remember_token: remember_token)
# puts "in resource_owner_authenticator"
current_user
end
这是来自一个GET请求的错误:
Started GET "/users/1" for 127.0.0.1 at 2014-08-24 12:40:25 -0400
Processing by UsersController#show as HTML
Parameters: {"id"=>"1"}
Filter chain halted as #<Proc:0x007f294c886310@/home/mike/.rvm/gems/ruby-2.0.0-p481@railstutorial_rails_4_0/gems/doorkeeper-1.4.0/lib/doorkeeper/helpers/filter.rb:8> rendered or redirected
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
首先,我想知道是否可以在没有设计或许可的情况下进行身份验证,即使是这样,是否可取。其次,我不确定Doorkeeper.configure中可用的确切内容是current_user?是饼干吗?如果有人能看到我在这里做错了什么,谢谢。我使用的是Rails 4和Doorkeeper 1.4.0。