无法使用ng-token-auth / devise-token-auth发送带有请求的令牌

时间:2015-04-29 00:50:54

标签: ruby-on-rails json angularjs authentication devise

我正在完成一个很棒的教程,可以在这里找到:https://www.airpair.com/ruby-on-rails/posts/authentication-with-angularjs-and-ruby-on-rails https://stackoverflow.com/users/199712/jason-swett

我试图找出为什么我无法在sign_in的标头中发送带令牌的请求。我的用户注册调用很有效,并且在db中创建了一个新用户,但是当我尝试登录时,没有发送任何令牌。

这是我的index.coffee

angular.module 'angDomino', ['ngAnimate', 'ngCookies', 'ngTouch', 'ngSanitize', 'ngResource', 'ui.router', 'rails', 'ng-token-auth']
  .config ($stateProvider, $urlRouterProvider, $locationProvider, $authProvider) ->
    $authProvider.configure({
      apiUrl: '/api'
      })
    $locationProvider.html5Mode({
      enabled: true,
      requireBase: false
      })
    $stateProvider
      .state "home",
        url: "/",
        templateUrl: "app/views/main.html",
        controller: "MainCtrl"
      .state "groups",
        url: "/groups",
        templateUrl: "app/views/groups.html",
        controller: "GroupsCtrl"
      .state "sign_in",
        url: "/sign_in",
        templateUrl: "app/views/user_sessions/new.html",
        controller: "UserSessionsCtrl"
      .state "sign_up",
        url: "/sign_up",
        templateUrl: "app/views/user_registrations/new.html",
        controller: "UserRegistrationsCtrl"

    $urlRouterProvider.otherwise '/'

  .factory "Group", (RailsResource) ->
    class Group extends RailsResource
      @configure url: "/api/groups", name: "group"

这是注册请求标题:

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:158
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_up

注册回复:

access-token:ZAC77KtVm_BBXExMiF5Okg
cache-control:max-age=0, private, must-revalidate
client:AqyOPNCBIiufWAZqTkIPZg
connection:close
content-length:240
content-type:application/json; charset=utf-8
date:Tue, 28 Apr 2015 23:38:58 GMT
etag:"e190da3eab4b3b2da0d6dc8257fd6d91"
expiry:1431473938
server:WEBrick/1.3.1 (Ruby/2.1.2/2014-05-08)
token-type:Bearer
uid:cc0e37ab-f891-4334-a887-c0a71903edf9
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-request-id:8bf9fe8a-73b9-4e3d-ad40-c8574e88e7c3
x-runtime:0.272364
x-xss-protection:1; mode=block

注销完美无缺(req标题):

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
access-token:0PSupG02KwsbU6k1nQuTXQ
Cache-Control:max-age=0
client:AqyOPNCBIiufWAZqTkIPZg
Connection:keep-alive
Cookie:auth_headers=%7B%22access-token%22%3A%220PSupG02KwsbU6k1nQuTXQ%22%2C%22token-type%22%3A%22Bearer%22%2C%22client%22%3A%22AqyOPNCBIiufWAZqTkIPZg%22%2C%22expiry%22%3A%221431474351%22%2C%22uid%22%3A%22d1871d3d-a8a9-437a-88b9-e0a43f5896da%22%7D
DNT:1
expiry:1431474351
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_up
token-type:Bearer
uid:d1871d3d-a8a9-437a-88b9-e0a43f5896da

但是当我尝试使用相同的电子邮件/密码登录时,我得到:

一般

Remote Address:127.0.0.1:9000
Request URL:http://localhost:9000/api/auth/sign_in
Request Method:POST
Status Code:401 Unauthorized

请求标题

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:43
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_in

有人知道为什么登录不会发送令牌吗? 这是我的user_sessions控制器(在coffeescript中):

angular.module('angDomino').controller 'UserSessionsCtrl', [
  '$scope'
  ($scope) ->
    $scope.$on 'auth:login-error', (ev, reason) ->
      $scope.error = reason.errors[0]
      return
    return
]

以下是完整的sign_in标题:

General
Remote Address:127.0.0.1:9000
Request URL:http://localhost:9000/api/auth/sign_in
Request Method:POST
Status Code:401 Unauthorized

Response Headers
view source
cache-control:no-cache
connection:close
content-length:59
content-type:application/json; charset=utf-8
date:Thu, 07 May 2015 12:53:46 GMT
server:WEBrick/1.3.1 (Ruby/2.1.2/2014-05-08)
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-request-id:480b63c1-1415-4c49-8774-ccfc11eee644
x-runtime:0.005285
x-xss-protection:1; mode=block

Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:43
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_in
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36

Request Payload
    view source
    {email: "b@b.com", password: "1234567890"}
    email: "b@b.com"
    password: "1234567890"

这里是sign_up的dev.log:

Started POST "/api/auth" for 127.0.0.1 at 2015-05-07 07:40:18 -0500
  [1m[36mActiveRecord::SchemaMigration Load (0.9ms)[0m  [1mSELECT "schema_migrations".* FROM "schema_migrations"[0m
Processing by DeviseTokenAuth::RegistrationsController#create as HTML
  Parameters: {"email"=>"b@b.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "confirm_success_url"=>"http://localhost:9000/sign_up", "config_name"=>"default"}
Unpermitted parameters: confirm_success_url, config_name
Unpermitted parameters: confirm_success_url, config_name
  [1m[35m (0.4ms)[0m  BEGIN
  [1m[36m (1.4ms)[0m  [1mSELECT COUNT(*) FROM "users"  WHERE "users"."provider" = 'email' AND "users"."email" = 'b@b.com'[0m
  [1m[35mSQL (2.9ms)[0m  INSERT INTO "users" ("confirmed_at", "created_at", "email", "encrypted_password", "provider", "tokens", "uid", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING "id"  [["confirmed_at", "2015-05-07 12:40:18.475118"], ["created_at", "2015-05-07 12:40:18.475466"], ["email", "b@b.com"], ["encrypted_password", "$2a$10$7dSKnalwMHcuTrWSDEbLSen85tzA9DEyH.Q.EnxHllwZeNOdvBUMy"], ["provider", "email"], ["tokens", "{}"], ["uid", "b@b.com"], ["updated_at", "2015-05-07 12:40:18.475466"]]
  [1m[36m (79.9ms)[0m  [1mCOMMIT[0m
  [1m[35m (0.1ms)[0m  BEGIN
  [1m[36mSQL (0.5ms)[0m  [1mUPDATE "users" SET "confirmed_at" = $1, "tokens" = $2, "uid" = $3, "updated_at" = $4 WHERE "users"."id" = 2[0m  [["confirmed_at", "2015-05-07 12:40:18.638115"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"$2a$10$aJFJmimoQNQFz3T9rItGwOzHMRwtuENcBhZdVCC2b0GBsinKgIhuC\",\"expiry\":1432212018}}"], ["uid", "9ae44b7b-3f7a-4f2d-9091-4cc779751355"], ["updated_at", "2015-05-07 12:40:18.638237"]]
  [1m[35m (0.3ms)[0m  COMMIT
  [1m[36m (0.1ms)[0m  [1mBEGIN[0m
  [1m[35mUser Load (0.5ms)[0m  SELECT  "users".* FROM "users"  WHERE "users"."id" = $1 LIMIT 1 FOR UPDATE  [["id", 2]]
  [1m[36mSQL (0.6ms)[0m  [1mUPDATE "users" SET "confirmed_at" = $1, "tokens" = $2, "uid" = $3, "updated_at" = $4 WHERE "users"."id" = 2[0m  [["confirmed_at", "2015-05-07 12:40:18.712254"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"$2a$10$nb1iyRMzNgjvi34tMK5Ysers4IOulvviMJSA5Q8uop5ARuXMOtxDa\",\"expiry\":1432212018,\"last_token\":\"$2a$10$aJFJmimoQNQFz3T9rItGwOzHMRwtuENcBhZdVCC2b0GBsinKgIhuC\",\"updated_at\":\"2015-05-07T07:40:18.711-05:00\"}}"], ["uid", "95b1c932-b763-4f32-b441-0968175575d5"], ["updated_at", "2015-05-07 12:40:18.712496"]]
  [1m[35m (0.3ms)[0m  COMMIT
Completed 200 OK in 363ms (Views: 0.3ms | ActiveRecord: 90.3ms)


Started GET "/api/auth/validate_token" for 127.0.0.1 at 2015-05-07 07:44:29 -0500
Processing by DeviseTokenAuth::TokenValidationsController#validate_token as HTML
  [1m[36mUser Load (0.5ms)[0m  [1mSELECT  "users".* FROM "users"  WHERE "users"."uid" = '95b1c932-b763-4f32-b441-0968175575d5' LIMIT 1[0m
  [1m[35m (0.3ms)[0m  BEGIN
  [1m[36mUser Load (0.5ms)[0m  [1mSELECT  "users".* FROM "users"  WHERE "users"."id" = $1 LIMIT 1 FOR UPDATE[0m  [["id", 2]]
  [1m[35mSQL (1.0ms)[0m  UPDATE "users" SET "confirmed_at" = $1, "tokens" = $2, "uid" = $3, "updated_at" = $4 WHERE "users"."id" = 2  [["confirmed_at", "2015-05-07 12:44:29.561416"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"$2a$10$7zZRRlJ3rvIS0H/jQUITB.4kEQfdENDB92uCDf84EXsF93V5EzIFS\",\"expiry\":1432212269,\"last_token\":\"$2a$10$nb1iyRMzNgjvi34tMK5Ysers4IOulvviMJSA5Q8uop5ARuXMOtxDa\",\"updated_at\":\"2015-05-07T07:44:29.560-05:00\"}}"], ["uid", "c9719276-a107-41f7-868f-9ed8c87cfa3a"], ["updated_at", "2015-05-07 12:44:29.561612"]]
  [1m[36m (1.2ms)[0m  [1mCOMMIT[0m
Completed 200 OK in 144ms (Views: 0.2ms | ActiveRecord: 3.4ms)

这是sign_in的dev.log:

Started POST "/api/auth/sign_in" for 127.0.0.1 at 2015-05-07 07:53:46 -0500
Processing by DeviseTokenAuth::SessionsController#create as HTML
  Parameters: {"email"=>"b@b.com", "password"=>"[FILTERED]"}
  [1m[35mUser Load (1.5ms)[0m  SELECT  "users".* FROM "users"  WHERE (uid='b@b.com' AND provider='email')  ORDER BY "users"."id" ASC LIMIT 1
Completed 401 Unauthorized in 3ms (Views: 0.2ms | ActiveRecord: 1.5ms)

1 个答案:

答案 0 :(得分:0)

显然,至少在此时,您必须让用户的uid与您的用户email相匹配。