devise中如何使用auth_token认证 与 RubyChina api认证的区别
裴欣然
1. 修改配置文件 config/initializers/devise.rb
config.token_authentication_key = :auth_token
2. 修改controller action
class Users::SessionsController < Devise::SessionsController
def create
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_to do |format|
format.html do
respond_with resource, :location => redirect_location(resource_name, resource)
end
format.json do
render :json => { :response => 'ok', :auth_token => current_user.authentication_token }.to_json, :status => :ok
end
end
end
end
3, 可以使用如下的命令测试
curl - X POST 'http://localhost:3000/users/sign_in.json' -d 'user[email]=example@example.com&user[password]=password'
-> { "response": "ok", "auth_token": "ABCDE0123456789"}
curl - L 'http://localhost:3000/profile?auth_token=ABCDE0123456789'
-> got page that I wanted that needs authentication
devise 提供的auth token 方式不是很合适,需要修改devise.rb配置文件,与web认证冲突
还是RubyChina实现的比较好一点
Ruby-China的代码中如何实现tokenauthentication登录
1, 登录的时候生成private_token代码
# 用户密钥,用于客户端验证
field :private_token
# 重新生成 Private Token
def update_private_token
random_key = "#{SecureRandom.hex(10)}:#{self.id}"
self.update_attribute( :private_token, random_key)
end
2, 在客户端登录的时候,返回 private_token
def create
resource = warden.authenticate!( :scope => resource_name, :recall => "#{controller_path}#new")
set_flash_message( :notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_to do |format|
format.html { redirect_to after_sign_in_path_for(resource) }
format.json { render :status => '201', :json => resource.as_json( :only => [ :login, :email, :private_token]) }
end
end
3, 可以使用如下命令测试
curl - X POST 'http://ruby-china.org/account/sign_in.json' -d "user[login]=xxxx&user[password]=xxxxxx"
4, 如何在下次接口定义中使用?
# file path: lib/api.rb
#
# Post a new topic
# require authentication
# params:
# title
# body
# node_id
post do
authenticate!
@topic = current_user.topics.new( :title => params[ :title], :body => params[ :body])
@topic.node_id = params[ :node_id]
@topic.save!
#TODO error handling
end
5, authenticate!的源代码【在lib/api/helper.rb文件中】
# user helpers
def current_user
@current_user ||= User.where( :private_token => params[ :token] || '').first
end
def authenticate!
error!({ "error" => "401 Unauthorized" }, 401) unless current_user
end
RubyChina没有使用Devise默认的认证码,定义了一套新的认证机制, 结合 Grape 做接口,与 web层
config.token_authentication_key = :auth_token
2. 修改controller action
class Users::SessionsController < Devise::SessionsController
def create
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_to do |format|
format.html do
respond_with resource, :location => redirect_location(resource_name, resource)
end
format.json do
render :json => { :response => 'ok', :auth_token => current_user.authentication_token }.to_json, :status => :ok
end
end
end
end
3, 可以使用如下的命令测试
curl - X POST 'http://localhost:3000/users/sign_in.json' -d 'user[email]=example@example.com&user[password]=password'
-> { "response": "ok", "auth_token": "ABCDE0123456789"}
curl - L 'http://localhost:3000/profile?auth_token=ABCDE0123456789'
-> got page that I wanted that needs authentication
devise 提供的auth token 方式不是很合适,需要修改devise.rb配置文件,与web认证冲突
还是RubyChina实现的比较好一点
Ruby-China的代码中如何实现tokenauthentication登录
1, 登录的时候生成private_token代码
# 用户密钥,用于客户端验证
field :private_token
# 重新生成 Private Token
def update_private_token
random_key = "#{SecureRandom.hex(10)}:#{self.id}"
self.update_attribute( :private_token, random_key)
end
2, 在客户端登录的时候,返回 private_token
def create
resource = warden.authenticate!( :scope => resource_name, :recall => "#{controller_path}#new")
set_flash_message( :notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_to do |format|
format.html { redirect_to after_sign_in_path_for(resource) }
format.json { render :status => '201', :json => resource.as_json( :only => [ :login, :email, :private_token]) }
end
end
3, 可以使用如下命令测试
curl - X POST 'http://ruby-china.org/account/sign_in.json' -d "user[login]=xxxx&user[password]=xxxxxx"
4, 如何在下次接口定义中使用?
# file path: lib/api.rb
#
# Post a new topic
# require authentication
# params:
# title
# body
# node_id
post do
authenticate!
@topic = current_user.topics.new( :title => params[ :title], :body => params[ :body])
@topic.node_id = params[ :node_id]
@topic.save!
#TODO error handling
end
5, authenticate!的源代码【在lib/api/helper.rb文件中】
# user helpers
def current_user
@current_user ||= User.where( :private_token => params[ :token] || '').first
end
def authenticate!
error!({ "error" => "401 Unauthorized" }, 401) unless current_user
end
RubyChina没有使用Devise默认的认证码,定义了一套新的认证机制, 结合 Grape 做接口,与 web层
类似资料: