1. 首页
  2. 问答
  3. 在Rails API中使用Devise Token Auth宝石的未经许可的参数

在Rails API中使用Devise Token Auth宝石的未经许可的参数

2015-10-21 32 views
4

我正在使用Rails-api制作一个使用Devise_token_auth宝石的测试认证应用程序。 的User.rb模型看起来像在Rails API中使用Devise Token Auth宝石的未经许可的参数

class User < ActiveRecord::Base 
    before_save :set_auth_token 

    # Include default devise modules. 
    devise :database_authenticatable, :registerable, 
      :recoverable, :rememberable, :trackable, :validatable, 
      :confirmable, :omniauthable 
    include DeviseTokenAuth::Concerns::User 

    private 
    def set_auth_token 
    if self.authentication_token.blank? 
     self.authentication_token = generate_authentication_token 
    end 
    end 

    def generate_authentication_token 
    loop do 
     token = Devise.friendly_token 
     break token unless User.where(authentication_token: token).first 
    end 
    end 

end

的routes.rb包含

mount_devise_token_auth_for 'User', at: 'auth'

我也是使用DeviseTokenAuth宝石定义的默认SessionsController和RegistrationsController

我的前端是在Ember-cli中制作了一个使用Ember-simple-auth-devise的登录表单,Devise authorizer调用/ sign_in ur升轨api。 余烬简单AUTH包装等

{"user"=>{"password"=>"[FILTERED]", "email"=>"[email protected]"}}

的参数而DeviseTokenAuth期望轨道上的请求参数,如

{"password"=>"[FILTERED]", "email"=>"[email protected]"}

产生的误差是

Processing by DeviseTokenAuth::RegistrationsController#create as JSON 
    Parameters: {"user"=>{"password"=>"[FILTERED]", "email"=>"[email protected]"}} 
Unpermitted parameter: user

的问题是可以解决的,如果Rails DeviseTokenAuth gem接受包装在“user”中的参数或者Ember-simple-auth发送参数解包,但不幸的是,他们两人的文档都没有明确提及实现它们的方式。 我试图改变资源名称为灰烬,简单身份验证为空,但它没有工作

ENV['simple-auth-devise'] = { 
    resourceName: null, 
    serverTokenEndpoint: 'http://localhost:3000/auth/sign_in' 
    };

有没有办法在发送解开参数灰烬,简单的认证 - 设计? 或者是否可以允许使用DeviseTokenAuth gem生成的所有控制器的“user”中包含的参数?使用

版本是:

devise_token_auth (0.1.36) 
    devise (~> 3.5.2) 
    rails (~> 4.2) 
"ember-simple-auth": "0.8.0"

来源

2015-10-21 Raman Kumar Sharma

+0

我认为你将不得不使用烬,简单权威性而不色器件插件,自己滚吧。它看起来像特定于香草设计的设计插件。 – penner

+0

Github问题https://github.com/lynndylanhurley/devise_token_auth/issues/822 –

回答

1

一种解决方案是延伸ember-simple-auth/addon/authenticators/devise.js为已完成here

app/authenticators/devise.js,替换:

import Devise from 'ember-simple-auth/authenticators/devise'; 

export default Devise.extend({});

由:

import Ember from 'ember'; 
import Devise from 'ember-simple-auth/authenticators/devise'; 

const { RSVP: { Promise }, isEmpty, getProperties, run, get } = Ember; 

export default Devise.extend({ 
    loginEndpoint: '/auth/sign_in', 
    logoutEndpoint: '/auth/sign_out', 

    authenticate(identification, password) { 
    return new Promise((resolve, reject) => { 
     let { identificationAttributeName } = getProperties(this, 'identificationAttributeName'); 
     let data = { password }; 
     data[identificationAttributeName] = identification; 

     let requestOptions = { url: get(this, 'loginEndpoint') }; 

     this.makeRequest(data, requestOptions).then((response) => { 
     if (response.ok) { 
      response.json().then((json) => { 
      let data = { 
       account: json, 
       accessToken: response.headers.get('access-token'), 
       expiry: response.headers.get('expiry'), 
       tokenType: response.headers.get('token-type'), 
       uid: response.headers.get('uid'), 
       client: response.headers.get('client') 
      }; 

      if (this._validate(data)) { 
       run(null, resolve, data); 
      } else { 
       run(null, reject, 'Check that server response header includes data token and valid.'); 
      } 
      }); 
     } else { 
      response.json().then((json) => run(null, reject, json)); 
     } 
     }).catch((error) => run(null, reject, error)); 
    }); 
    }, 

    invalidate(data) { 
    return new Promise((resolve, reject) => { 
     let headers = { 
     'access-token': data.accessToken, 
     'expiry': data.expiry, 
     'token-type': data.tokenType, 
     'uid': data.uid, 
     'client': data.client 
     }; 

     let requestOptions = { 
     url: get(this, 'logoutEndpoint'), 
     method: 'DELETE', 
     headers 
     }; 

     this.makeRequest({}, requestOptions).then((response) => { 
     response.json().then((json) => { 
      if (response.ok) { 
      run(null, resolve, json); 
      } else { 
      run(null, reject, json); 
      } 
     }); 
     }).catch((error) => run(null, reject, error)); 
    }); 
    }, 

    _validate(data) { 
    let now = (new Date()).getTime(); 

    return !isEmpty(data.accessToken) && !isEmpty(data.expiry) && (data.expiry * 1000 > now) && 
     !isEmpty(data.tokenType) && !isEmpty(data.uid) && !isEmpty(data.client); 
    } 
});

来源

2017-05-22 16:14:19

相关问题

 相关问题