使用自定义身份验证器使会话无效

时间:2014-11-03 17:32:44

标签: authentication ember.js ember-simple-auth

使用ember-cli 0.1.2和ember-cli-simple-auth 0.7.0,我需要在客户端和服务器上使会话无效。正如here所解释的那样,我需要做一些类似于authenticate方法的事情,向服务器发出ajax请求,并在清空会话之前确保其成功:

import Ember from 'ember';
import Base from "simple-auth/authenticators/base";

var CustomAuthenticator = Base.extend({
  tokenEndpoint: 'http://127.0.0.1:3000/api/v1/auth/login',

  restore: function(data) {

  },

  authenticate: function(credentials) {
    var _this = this;
    return new Ember.RSVP.Promise(function(resolve, reject) {
      Ember.$.ajax({
        url:         _this.tokenEndpoint,
        type:        'POST',
        data:        JSON.stringify({ email: credentials.identification, password: credentials.password }),
        contentType: 'application/json'
      }).then(function(response) {
        Ember.run(function() {
          resolve({ token: response.token });
        });
      }, function(xhr, status, error) {
        var response = JSON.parse(xhr.responseText);
        Ember.run(function() {
          reject(response.error);
        });
      });
    });
  },

  invalidate: function() {
    var _this = this;
    return new Ember.RSVP.Promise(function(resolve, reject) {
      Ember.$.ajax({ 
        url: _this.tokenEndpoint, 
        type: 'DELETE' 
      }).then(function(response) {
        resolve();
      }, function(xhr, status, error) {
        var response = JSON.parse(xhr.responseText);
        Ember.run(function() {
          reject(response.error);
        });
      });
    });
  }

  // invalidate: function() {
  //   var _this = this;
  //   return new Ember.RSVP.Promise(function(resolve) {
  //     Ember.$.ajax({ url: _this.tokenEndpoint, type: 'DELETE' }).always(function() {
  //       resolve();
  //     });
  //   });
  // }
});

export default {
  name : 'authentication',
  before : 'simple-auth',
  initialize : function(container) {
    container.register('authenticator:custom', CustomAuthenticator);
  }
};

我的注销API端点需要令牌(在标头中)。我怎么通过呢?我读了this,但我的授权人似乎忽略了它,我得到了一个401:

import Ember from 'ember';
import Base from 'simple-auth/authorizers/base';

var CustomAuthorizer = Base.extend({
  authorize: function(jqXHR, requestOptions){
    Ember.debug("AUTHORIZING!");
  }
});

export default {
  name : 'authorization',
  before : 'simple-auth',
  initialize : function(container) {
    container.register('authorizer:custom', CustomAuthorizer);
  }
};

我的environment.js

/* jshint node: true */

module.exports = function(environment) {
  var ENV = {
    modulePrefix: 'wishhhh',
    environment: environment,
    baseURL: '/',
    locationType: 'auto',
    EmberENV: {
      FEATURES: {
        // Here you can enable experimental features on an ember canary build
        // e.g. 'with-controller': true
      }
    },

    APP: {
      // Here you can pass flags/options to your application instance
      // when it is created
    }
  };

  // TODO: disabled because of https://github.com/stefanpenner/ember-cli/issues/2174
  ENV.contentSecurityPolicyHeader = 'Disabled-Content-Security-Policy'

  ENV['simple-auth'] = {
    authorizer: 'authorizer:custom',
    // crossOriginWhitelist: ['http://localhost:3000']
    crossOriginWhitelist: ['*']
  }

  if (environment === 'development') {
    // ENV.APP.LOG_RESOLVER = true;
    ENV.APP.LOG_ACTIVE_GENERATION = true;
    // ENV.APP.LOG_TRANSITIONS = true;
    // ENV.APP.LOG_TRANSITIONS_INTERNAL = true;
    ENV.APP.LOG_VIEW_LOOKUPS = true;
  }

  if (environment === 'test') {
    // Testem prefers this...
    ENV.baseURL = '/';
    ENV.locationType = 'auto';

    // keep test console output quieter
    ENV.APP.LOG_ACTIVE_GENERATION = false;
    ENV.APP.LOG_VIEW_LOOKUPS = false;

    ENV.APP.rootElement = '#ember-testing';
  }

  if (environment === 'production') {

  }

  return ENV;
};

以下是最终我尝试注销时的Ember检查器输出: enter image description here

2 个答案:

答案 0 :(得分:0)

您是否确实将Ember Simple Auth配置为使用自定义授权程序?在这种情况下,它应该自动授权会话失效请求。

或者,您可以在身份验证器的invalidate方法中添加令牌,该方法将传递会话的内容。

答案 1 :(得分:0)

感谢marcoow,我发现每个请求不仅仅是注销问题,实际上是一个问题。我的授权人从未接到电话。问题是crossOriginWhitelist的环境设置,为了使用我的dev API,我必须设置为['http://127.0.0.1:3000']['http://localhost:3000'][*]都不起作用。