Rails,Devise不能使用cURL注销。

时间:2015-01-23 00:53:26

标签: ruby-on-rails ruby-on-rails-4 devise

我正在关注this tutorial以使用Android设计来创建用户身份验证。但是,设计删除了:token_authenticable因此,我正在使用他们在this gist中引用的内容。但是,我遇到了一些我不知道如何解决的问题。

这是代码。

用户模型中的

before_save :ensure_authentication_token

devise :database_authenticatable, :registerable,
    :recoverable, :rememberable, :trackable, :validatable,
    :confirmable

def ensure_authentication_token
    if authentication_token.blank?
        self.authentication_token = generate_authentication_token
    end
end

def skip_confirmation!
    self.confirmed_at = Time.now
end

private
    def generate_authentication_token
        loop do
            token = Devise.friendly_token
            break token unless User.where(authentication_token: token).first
        end
    end

在应用程序控制器中:

protect_from_forgery with: :exception
before_filter :authenticate_user_from_token!

private
    # For this example, we are simply using token authentication
    # via parameters. However, anyone could use Rails's token
    # authentication features to get the token from a header.
    def authenticate_user_from_token!
        user_token = params[:user_token].presence
        user = user_token && User.find_by_authentication_token(user_token.to_s)

        if user
            # Notice we are passing store false, so the user is not
            # actually stored in the session and a token is needed
            # for every request. If you want the token to work as a
            # sign in token, you can simply remove store: false.
            sign_in user, store: false
        end 
    end 

在SessionController API中

class Api::SessionsController < Devise::SessionsController
 skip_before_filter :verify_authenticity_token,
                 :if => Proc.new { |c| c.request.format == 'application/json' }
 before_action :authenticate_user_from_token!, only: [:create]
 respond_to :json
 def create
     warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#failure")
     render :status => 200,
     :json => { :success => true,
     :info => t("devise.sessions.signed_in"),
     :data => { :auth_token => current_user.authentication_token } }
 end

 def destroy
    warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#failure")
    current_user.update_column(:authentication_token, nil)
    render :status => 200,
    :json => { :success => true,
    :info => t("devise.sessions.signed_out"),
    :data => {} }
 end

当我执行curl登录时:

curl -v -H 'Content-Type: appl-H 'Accept: application/json' -X POST http://localhost:3000/api/sessions -d "{\"user\":{\"email\":\"[FILTERED]\",\"password\":\"123123123\"}}"

以下是来自服务器的日志:

Started POST "/api/sessions" for 127.0.0.1 at 2015-01-23 13:47:05 +1300
Processing by Api::SessionsController#create as JSON
Parameters: {"user"=>{"email"=>"[FILTERED]", "password"=>"[FILTERED]"}, "session"=>{"user"=>{"email"=>"[FILTERED]", "password"=>"[FILTERED]"}}}
User Load (0.1ms)  SELECT  "users".* FROM "users"  WHERE "users"."email" = '[FILTERED]'  ORDER BY "users"."id" ASC LIMIT 1
(0.1ms)  begin transaction
SQL (0.2ms)  UPDATE "users" SET "current_sign_in_at" = ?, "last_sign_in_at" = ?, "sign_in_count" = ?, "updated_at" = ? WHERE "users"."id" = 1  [["current_sign_in_at", "2015-01-23 00:47:05.981119"], ["last_sign_in_at", "2015-01-23 00:28:49.300907"], ["sign_in_count", 3], ["updated_at", "2015-01-23 00:47:05.981736"]]
(103.8ms)  commit transaction
Completed 200 OK in 185ms (Views: 0.4ms | ActiveRecord: 104.9ms)

当我执行curl注销时:

curl -v -H 'Content-Type: application/json' -H 'Accept: application/json' -X DELETE http://localhost:3000/api/sessions/?auth_token=TbQXZJtngfJqZK6HkHKF

这是服务器日志:

Started DELETE "/api/sessions/?auth_token=TbQXZJtngfJqZK6HkHKF" for 127.0.0.1 at 2015-01-23 13:50:22 +1300
Processing by Api::SessionsController#destroy as JSON
Parameters: {"auth_token"=>"TbQXZJtngfJqZK6HkHKF", "session"=>{}}
Filter chain halted as :verify_signed_out_user rendered or redirected
Completed 204 No Content in 1ms (ActiveRecord: 0.0ms)

当我在SessionController API中添加skip_filter:verify_signed_out_user, only:[:destroy]时,服务器日志将是:

Started DELETE "/api/sessions/?auth_token=TbQXZJtngfJqZK6HkHKF" for  127.0.0.1 at 2015-01-23 13:58:55 +1300
Processing by Api::SessionsController#destroy as JSON
Parameters: {"auth_token"=>"TbQXZJtngfJqZK6HkHKF", "session"=>{}}
Completed 401 Unauthorized in 1ms

我不知道为什么它返回204没有内容.... 如果有人对发生的事情有所了解。非常感谢。 欢呼声。

1 个答案:

答案 0 :(得分:3)

成功销毁资源的HTTP状态为204.有关详细信息,请查看http://httpstatus.es/204

当您跳过过滤器时,它会为您提供401,即对资源进行取消授权的HTTP状态。这是正确的,因为在破坏结果之前要求进行身份验证。

一切似乎都是正确的,我看不出任何问题。