Adt*_*Adt 2 api ruby-on-rails devise
我正在通过 Rails 实现 api。
我想实现以下功能但不知道如何实现?
我尝试了这个示例应用程序
我有包含电子邮件、密码和 access_token 的用户模型
class UsersController < ApplicationController
def signin
c_user = User.find_by_email(params[:email])
pass = params[:password]
if c_user.password == pass
render json: c_user.access_token
end
end
private
def users_params
params.require(:user).permit(:email, :password)
end
end
如果用户通过 api 请求http://localhost:3000/signin?email=t1@t.com&password=password
然后它将检查电子邮件和密码并返回用户可以用于将来请求的access_token。
我想用设计或任何其他宝石来实现相同的功能,请帮助我理解它。提前致谢
这就是我在我的应用程序中实现这种机制的方式:
用户.rb
class User < ActiveRecord::Base
# Use this before callback to set up User access_token.
before_save :ensure_authentication_token
# If the user has no access_token, generate one.
def ensure_authentication_token
if access_token.blank?
self.access_token = generate_access_token
end
end
private
def generate_access_token
loop do
token = Devise.friendly_token
break token unless User.where(access_token: token).first
end
end
end
应用程序控制器.rb
class ApplicationController < ActionController::Base
private
# To make authentication mechanism more safe,
# require an access_token and a user_email.
def authenticate_user_from_token!
user_email = params[:user_email].presence
user = user_email && User.find_by_email(user_email)
# Use Devise.secure_compare to compare the access_token
# in the database with the access_token given in the params.
if user && Devise.secure_compare(user.access_token, params[:access_token])
# Passing store false, will not store the user in the session,
# so an access_token is needed for every request.
# If you want the access_token to work as a sign in token,
# you can simply remove store: false.
sign_in user, store: false
end
end
end
然后你可以before_filter在任何你想要通过 access_token 身份验证保护的控制器中使用它:
before_filter :authenticate_user_from_token!
您还需要覆盖 Devise 会话控制器,以便它使用包含 access_token 的 JSON 进行响应。
用户/sessions_controller.rb
class Users::SessionsController < Devise::SessionsController
# Disable CSRF protection
skip_before_action :verify_authenticity_token
# Be sure to enable JSON.
respond_to :html, :json
# POST /resource/sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in) if is_flashing_format?
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource) do |format|
format.json { render json: {user_email: resource.email, access_token: resource.access_token} }
end
end
end
并确保在您的路线中指定它:
路线.rb
devise_for :users, controllers: { sessions: 'users/sessions' }
| 归档时间: |
|
| 查看次数: |
6709 次 |
| 最近记录: |