0

我希望能够简单地确定我正在创建的 iOS 应用程序中是否正确提供了用户凭据。

我现在设置它的方式是使用 session_controller.rb 来处理并返回用户令牌。问题是如果我仍然想通过网络登录(不仅仅是通过 curl 或类似的检查),它不会验证并吐出

{"success":false,"message":"您的登录名或密码错误"}

所以我的问题是......我怎样才能进行身份验证并仍然保持我的网络登录正常运行?这是我的相关文件。我希望我可以 curl 到 localhost:3000/auth_checks 之类的 url 并获得一种类型的身份验证响应,并继续让我的用户通过 localhost:3000/sign_in 登录。

来自 devise.rb

config.skip_session_storage = [:http_auth, :token_auth]
config.token_authentication_key = :auth_token

来自 routes.rb

  resources :clippings
  root to: 'clippings#index'
  #devise_for :users

  resources :auth_checks
  devise_for(:users, :controllers => { :sessions => "sessions" })


  resources :posts do
  end

来自 auth_checks_controller.rb

class AuthChecksController < ApplicationController

before_filter :authenticate_user!

  # GET /auth_checks
  # GET /auth_checks.json
  def index
    @auth_checks = AuthCheck.all

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @auth_checks }
    end
  end

  # GET /auth_checks/1
  # GET /auth_checks/1.json
  def show
    @auth_check = AuthCheck.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @auth_check }
    end
  end

  # GET /auth_checks/new
  # GET /auth_checks/new.json
  def new
    @auth_check = AuthCheck.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @auth_check }
    end
  end

  # GET /auth_checks/1/edit
  def edit
    @auth_check = AuthCheck.find(params[:id])
  end

  # POST /auth_checks
  # POST /auth_checks.json
  def create
    @auth_check = AuthCheck.new(params[:auth_check])

    respond_to do |format|
      if @auth_check.save
        format.html { redirect_to @auth_check, notice: 'Auth check was successfully created.' }
        format.json { render json: @auth_check, status: :created, location: @auth_check }
      else
        format.html { render action: "new" }
        format.json { render json: @auth_check.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /auth_checks/1
  # PUT /auth_checks/1.json
  def update
    @auth_check = AuthCheck.find(params[:id])

    respond_to do |format|
      if @auth_check.update_attributes(params[:auth_check])
        format.html { redirect_to @auth_check, notice: 'Auth check was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @auth_check.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /auth_checks/1
  # DELETE /auth_checks/1.json
  def destroy
    @auth_check = AuthCheck.find(params[:id])
    @auth_check.destroy

    respond_to do |format|
      format.html { redirect_to auth_checks_url }
      format.json { head :no_content }
    end
  end
end
4

1 回答 1

0

学到了很多......这就是我最终做的事情。如果你处于这个位置,我强烈建议你花时间(不是很多)来做这个方法。http://www.cocoahunter.com/blog/2013/02/13/restful-api-authentication/

如果您像我一样,您已经拥有使用标准设计登录结构的用户群。

我将此添加到我的 routes.rb

  namespace :api do
      namespace :v1  do
        resources :tokens,:only => [:create, :destroy]
      end
    end

然后在 controllers/api/v1/ (我创建的)中创建并添加了 tokens_controller.rb

# encoding: utf-8
class Api::V1::TokensController  < ApplicationController
    skip_before_filter :verify_authenticity_token
    respond_to :json
    def create
      email = params[:email]
      password = params[:password]
      if request.format != :json
        render :status=>406, :json=>{:message=>"The request must be json"}
        return
       end

    if email.nil? or password.nil?
       render :status=>400,
              :json=>{:message=>"The request must contain the user email and password."}
       return
    end

    @user=User.find_by_email(email.downcase)

    if @user.nil?
      logger.info("User #{email} failed signin, user cannot be found.")
      render :status=>401, :json=>{:message=>"Invalid email or passoword."}
      return
    end

    # http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable
    @user.ensure_authentication_token!

    if not @user.valid_password?(password)
      logger.info("User #{email} failed signin, password \"#{password}\" is invalid")
      render :status=>401, :json=>{:message=>"Invalid email or password."}
    else
      render :status=>200, :json=>{:token=>@user.authentication_token}
    end
  end

  def destroy
    @user=User.find_by_authentication_token(params[:id])
    if @user.nil?
      #logger.info(“Token wasnot found.”)
      #render :status=>404, :json=>{:message=>”Invalid token.”}
    else
      @user.reset_authentication_token!
      render :status=>200, :json=>{:token=>params[:id]}
    end
  end

end

这就是我所要做的。我现在可以测试此 api 以从我的 iOS 应用程序进行身份验证。希望这对那里的人有意义!

于 2013-09-29T05:09:54.510 回答