使用API​​在Rails

时间:2015-11-28 21:40:23

标签: ruby-on-rails ruby devise rest-client

我目前有一个连接到现有SQL数据库的Rails应用程序。我使用Devise进行用户管理,但数据库中预先存在的User表使用了非常自定义的密码加密方法。

我可以连接到一个Web服务,它传递一个带有登录信息的JSON对象来验证它是否有效,然后我必须管理我自己的会话以及之后的所有内容。

我试图关注" Railscast #250",并将它与Devise和一些Stack Overflow搜索结合起来,但情况并不顺利。

这就是我现在所拥有的,但它没有做任何事情,我只是觉得我没有做到这一点。

class SessionsController < Devise::SessionsController
    def new
        super
    end

    def create
        post_params = {
            "RuntimeEnvironment" => 1,
            "Email" => params[:session][:email],
            "Password" => params[:session][:password]
        }.to_json
        user_params = RestClient.post 'http://some.ip/WebServices', post_params, :content_type => "json"
        user = User.authenticate(user_params)
        if user
            session[:user_id] = user.user_id
            redirect_to root_path
        else
            flash.now.alert = "Invalid Username or Password"
            render "new"
        end
    end
end

如果登录成功,则返回JSON对象:

{"Success":true,"ErrorMessage":"","ResponseString":"","LoginResultData":{"FailMessage":"","ResultCode":0,"User":{"AccountCompleteFlag":1,"CreationDtime":"\/Date(1430848539000-0400)\/","DeleteFlag":0,"Email":"john@doe.com","FailedPasswordCount":1,"HistoricalFlag":0,"IsDirty":false,"IsAdminFlag":0,"IsSiteAdminFlag":0,"LastLoginDtime":"\/Date(1447789258000-0500)\/","NameFirst":"Ttest","NameLast":"test","Password":"TRQt3d2Z7caDsSKL0ARVRd8nInks+pIyTSqp3BLxUgg=","PasswordLockDtime":"\/Date(-62135578800000-0500)\/","PasswordLockFlag":0,"PasswordResetCode":"","PasswordResetStatus":0,"Phone":"1-X-5555555555-","RegistrationSource":"Registration","UserId":100029,"UserType":1,"PhoneInfo":{"AreaCode":"555","CountryCode":"X","Extension":"","FirstThree":"555","InternationalPhoneNumber":"","IsDirty":false,"IsInternational":false,"LastFour":"5555"}}}}

为失败者返回的是什么:

{"Success":true,"ErrorMessage":"","ResponseString":"","LoginResultData":{"FailMessage":"Invalid email address","ResultCode":1,"User":null}}

有没有办法在连接到API时使用Devise的会话管理?

1 个答案:

答案 0 :(得分:0)

您仍然可以使用用户提供的电子邮件和密码通过Devise进行身份验证。 RestClient就像一个双重检查:只要确保除了通过RestClient之外没有用户可以通过身份验证的路由。您可以通过执行rake routes来查看此内容。

为了检查结果代码是否有效,您可以按如下方式进行一些JSON解析:

authentication_response = RestClient.post 'http://some.ip/WebServices', post_params, :content_type => "json"
json_authentication_response = JSON.parse(authentication_response)
result_code = json_authentication_response["LoginResultData"]["ResultCode"]
if result_code == 0
    # Authenticate
else
    # Don't authenticate
end
相关问题
最新问题