我有一个仅API的rails应用程序,其中Devise用于用户管理,而Doorkeeper用于来自移动应用程序的令牌授权。效果很好。
我还安装了Rails Admin,以管理数据库中的所有后端数据,并且可以正常工作,我可以通过浏览器使用Rails Admin,并通过API访问移动应用程序。
到目前为止,Rails Admin仪表板尚未受到保护,我需要对其进行保护,以便只有管理员才能修改数据库中的数据。
我通过此链接https://github.com/plataformatec/devise/wiki/How-to-Setup-Multiple-Devise-User-Models
为教程创建了另一个设计范围。但是当我键入Rails Admin URL时,页面从devise重定向到/ admins / sign_in,我认为这是正确的行为,但是随后出现以下错误:
Started GET "/" for 186.2.132.186 at 2019-06-11 15:14:40 +0000
(0.9ms) SET NAMES utf8, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
↳ /usr/local/rvm/gems/ruby-2.5.5/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
(0.9ms) SELECT `schema_migrations`.`version` FROM `schema_migrations` ORDER BY `schema_migrations`.`version` ASC
↳ /usr/local/rvm/gems/ruby-2.5.5/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Processing by RailsAdmin::MainController#dashboard as HTML
Completed 401 Unauthorized in 10ms (ActiveRecord: 0.0ms)
Started GET "/admins/sign_in" for 186.2.132.186 at 2019-06-11 15:14:40 +0000
Processing by Admins::SessionsController#new as HTML
Completed 406 Not Acceptable in 16ms (ActiveRecord: 3.2ms)
ActionController::UnknownFormat (ActionController::UnknownFormat):
responders (2.4.1) lib/action_controller/respond_with.rb:213:in `respond_with'
devise (4.6.2) app/controllers/devise/sessions_controller.rb:14:in `new'
...more stack
在Rails ADmin初始化程序中,我添加了以下代码:
## == Devise ==
config.authenticate_with do
warden.authenticate! scope: :admin
end
config.current_user_method(&:current_admin)
这是我的路线:
#require 'api_constraints.rb'
Rails.application.routes.draw do
use_doorkeeper do
# No need to register client application
skip_controllers :applications, :authorized_applications, :admins
end
#devise_for :admins, path: 'admins'
devise_for :admins, controllers: {
sessions: "admins/sessions",
#registrations: 'admins/registrations',
}, skip: [:registrations]
mount RailsAdmin::Engine => '/', as: 'rails_admin'
#devise_for :users
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
scope module: :api, defaults: { format: :json }, path: 'api' do
scope module: :v1 do
devise_for :users, controllers: {
registrations: 'api/v1/users/registrations',
}, skip: [:sessions, :password]
end
end
#Rutas para acceder al API
#scope '/api' do
namespace :api do
namespace :v1 do
resources :users
resources :ejercicios
resources :medidas
resources :profiles
resources :categoria_ejercicio
end
end
root to: 'home#index'
end
我还通过此命令添加了用于管理员的Devise视图
设计指南:查看管理员
请问您如何使它起作用的提示或建议。谢谢。
答案 0 :(得分:0)
正如您在日志中看到的那样,/admin/sign_in路径被拒绝,并出现406 Not Acceptable http错误,这恰恰意味着不接受所请求的格式(HTML)。
Started GET "/admins/sign_in" for 186.2.132.186 at 2019-06-11 15:14:40 +0000
Processing by Admins::SessionsController#new as HTML
Completed 406 Not Acceptable in 16ms (ActiveRecord: 3.2ms)
发生这种情况是因为您在API模式下使用Rails,并且在这种模式下,Rails不再接受HTML请求。为了提高API的性能,某些中间件和模块被禁用。
问题在于Devise需要HTML,因为用户被重定向到表单。
另一种方法包括使用基本身份验证(Rails为此提供了帮助程序)。 我们使用基本身份验证(浏览器提示)获得凭据,然后仅使用Devise来对用户进行身份验证。最后,我们将Rails Admin配置为使用该策略。
# rails admin configuration, replacing your existing config
config.authenticate_with do
# this is a rails controller helper
authenticate_or_request_with_http_basic('Login required') do |username, password|
# Here we're checking for username & password provided with basic auth
resource = Admin.find_by(email: username)
# we're using devise helpers to verify password and sign in the user
if resource.valid_password?(password)
sign_in :admin, resource
end
end
end
注意:您可能需要根据模型调整resource =行。我假设您已经有一个Admin模型。
该代码尚未经过测试,但这只是一个开始。
资源: