我已经遵循Auth0 for Rails API here中的快速入门指南,但是向我的Rails API发送可验证的请求始终返回500.标题中有一个JWT,我相信它是有效的,因为复制它到JWT.io,将我的私钥粘贴到"秘密"输入,然后单击" secret base64 encoded"显示"已验证"。
以下相关代码:
请求信息:
Request URL:https://railie-p0lska1.c9users.io/api/feedbacks.json
Request Method:POST
Status Code:401 Unauthorized
Remote Address:104.155.203.100:443
请求标题:
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,fa;q=0.6
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3JhaWxpZS5hdXRoMC5jb20vIiwic3ViIjoiZmFjZWJvb2t8NTA0MjI0NjEzIiwiYXVkIjoidHhKQXJNODhsTnNtcGpSRjBlZGZXZHlnY2gyMGJFb0QiLCJleHAiOjE0ODM2MjAyNzcsImlhdCI6MTQ4MzU4NDI3N30.KePQsrTFjQjIzB6YmxzJcbhMW6by7WIBOpm51viaDZE
Cache-Control:no-cache
Connection:keep-alive
Content-Length:10
Content-Type:application/json;charset=UTF-8
Cookie:c9.live.user.jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjcxNjI5OSIsIm5hbWUiOiJwMGxza2ExIiwiY29kZSI6IjljWWhzZXc2TXhtZkN2WFNGeWl1IiwiaWF0IjoxNDgzNTExMjU1LCJleHAiOjE0ODM1OTc2NTV9.nkeM2LHqibXDqFQ1ZpQ5RseyO3maO5mz8t5ebtnkDUc; c9.live.user.sso=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjcxNjI5OSIsIm5hbWUiOiJwMGxza2ExIiwiaWF0IjoxNDgzNTExMjU1LCJleHAiOjE0ODM1OTc2NTV9.BOxqLKqy6saBOyRjbpccFn8rXTjncW3H_DT2Ysj4vaU; XSRF-TOKEN=cSD1XB8QFAGZFmKWN16R1P%2B1Kwxnyys6cIzOaee02rpkePtyHwuPhmHftQ%2B4YvFvkd3i3BVkvj5z3NLVBk5UEw%3D%3D; _workspace_session=ZEZ6Q2M1aTdFbXA4SzdTc3o2azlnalhmYTR2akVRSGRobFkrUDNwTmlyZ2RPZDdkR0ozamtET2Roa29LMXM4R1h0MUJmZ2lwUHJzWmJKVThOYUxhcjZid1pqZHQzWTRGdmtNZEhjcDZwNWdIN3o5MXcxdnJUUEdCUHhURmlOUE41Uk9ucXY5bkdDUTUzNHo5S3VQSmlnPT0tLXNaakl6S3YzS0VmQmNzZnRBc2NLS3c9PQ%3D%3D--c88551abbcd6419fc848f66f86e9897a5e93ffa8
Host:railie-p0lska1.c9users.io
Origin:https://railie-p0lska1.c9users.io
Pragma:no-cache
Referer:https://railie-p0lska1.c9users.io/en_AU
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
X-XSRF-TOKEN:cSD1XB8QFAGZFmKWN16R1P+1Kwxnyys6cIzOaee02rpkePtyHwuPhmHftQ+4YvFvkd3i3BVkvj5z3NLVBk5UEw==
服务器错误:
Started POST "/api/feedbacks.json" for 220.244.244.218 at 2017-01-05 03:08:27 +0000
Cannot render console from 220.244.244.218! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by FeedbacksController#create as JSON
Parameters: {"data"=>1, "feedback"=>{"data"=>1}}
Completed 500 Internal Server Error in 20ms (ActiveRecord: 0.0ms)
NoMethodError (undefined method `authenticate_user' for #<FeedbacksController:0x007f818327e000>
Did you mean? authenticate):
feedbacks_controller.rb
class FeedbacksController < ApplicationController
before_action :authenticate_user
respond_to :json
def create
VisitorRating.create(request_params)
reply('Thanks for your feedback', :ok)
rescue
reply('Unable to save your feedback', :unprocessable_entity)
end
private
def request_params
params.require(:feedback).permit(:data)
end
end
user.rb
class User < ActiveRecord::Base
has_secure_password
def self.from_token_payload payload
# Returns a valid user, `nil` or raise
# e.g.
# self.find payload["sub"]
end
end
schema.rb
create_table "users", force: :cascade do |t|
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "auth_id"
end
create_table "visitor_ratings", force: :cascade do |t|
t.integer "data", null: false
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
end
我根据Auth0论坛中的this帖子更改了Knock的knock.rb配置文件中的一些变量。
Knock.setup do |config|
config.current_user_from_token = -> (claims) { User.find_or_create_by(auth_id: claims['sub']) }
config.token_audience = -> { Rails.application.secrets.auth0_client_id }
config.token_secret_signature_key = -> {
secret = Rails.application.secrets.auth0_client_secret
secret += '=' * (4 - secret.length.modulo(4))
Base64.decode64(secret.tr('-_', '+/'))
}
end
application_controller.rb的一部分
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
before_action :authenticate, only: :testie
protect_from_forgery with: :exception
respond_to :json
# Knock is used for user JWT requests
include Knock::Authenticable
def angular
render 'layouts/application'
end
private
def reply(message, status)
respond_to do |format|
format.json { render :json => {:message => message}, status: status}
end
end
end
写完之后,我认为问题可能与目前不属于用户模型的VisitorRating模型有关,但我是Rails的新手并且不确定细节。
答案 0 :(得分:4)
我认为您的应用是在12月6日之后创建的。如果是这样,您的config / initializers / knock.rb应该看起来像
Knock.setup do |config|
config.token_audience = -> { Rails.application.secrets.auth0_client_id }
config.token_secret_signature_key = -> { Rails.application.secrets.auth0_client_secret }
end
请注意,令牌密码不是base64编码的:https://github.com/nsarno/knock/issues/149和https://github.com/nsarno/knock/issues/146
您的app / models / user.rb看起来应该像
class User < ApplicationRecord
def self.from_token_payload(payload)
self.find_or_create_by(auth_id: payload['sub'])
end
end
您的用户不应该有密码,但from_token_payload需要实际从该有效负载中获取用户。
除此之外,请确保删除控制器中的重复内容(可能不是app / controllers / application_controller.rb中的before_action :authenticate)。