ruby-on-rails - 设计令牌身份验证响应不包括手动生成的标头令牌

Question

我必须实现自己的确认控制器，因为我使用手机而不是电子邮件。

# controllers/verifications_controller.rb
class VerificationsController < ApplicationController

  def verification
    # ... ops related to verification ...
    if @resource.errors.empty?
      @resource.create_token
      @resource.save!
      puts @resource.valid? # true
      puts @resource.active_for_authentication? # true
      puts @resource.tokens # {"IJrCUArkVVqMc7N9hPl0OQ"=>{"token"=>"$2a$04$6TQf.Kq96n1WC2M4CjyDM.qV358sMOyuHOeSZFtkH4YGJ5EXtxYvK", "expiry"=>1597117964}}
      render_verification_success
    end

    private
    def render_verification_success
      render json: @resource, status: 200
    end
  end
end

puts response.headers在 rspec 中：

{"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff", "X-Download-Options"=>"noopen", "X-Permitted-Cross-Domain-Policies"=>"none", "Referrer-Policy"=>"strict-origin-when-cross-origin", "Content-Type"=>"application/json; charset=utf-8", "ETag"=>"W/\"972afd62475c3a5f81ac1bf7802f83d7\"", "Cache-Control"=>"max-age=0, private, must-revalidate", "X-Request-Id"=>"01186624-232e-4dea-aece-693b02f27082", "X-Runtime"=>"0.105639", "Content-Length"=>"512"}

我从这个https://github.com/lynndylanhurley/devise_token_auth/blob/bef1b0b7172459dff0d0a23f8d911a7b23b9a6c7/app/controllers/devise_token_auth/confirmations_controller.rb#L15指导我的实施

Answer 1

设计令牌身份验证从@token变量中获取用户标头令牌。

改变

@resource.create_token

至

@token = @resource.create_token

我还添加了

sign_in(:user, @resource, store: false, bypass: false)

登录用户。

我在以下位置找到了解决方案：https ://github.com/lynndylanhurley/devise_token_auth/blob/bef1b0b7172459dff0d0a23f8d911a7b23b9a6c7/app/controllers/devise_token_auth/sessions_controller.rb#L29