1. 首页
  2. 问答
  3. 为什么我无法使用devise_token_auth和curl注销?

为什么我无法使用devise_token_auth和curl注销?

2015-09-10 37 views
3

我正在使用rails-api和devise_token_auth进行身份验证。我能够通过登录没有问题:“用户未找到或未登录”为什么我无法使用devise_token_auth和curl注销?

curl -i http://localhost:3000/api/v1/auth/sign_in -F email="[email protected]" -F password="password"

然而,注销失败,404和错误通过:

curl -X DELETE -i http://localhost:3000/api/v1/auth/sign_out

我试图与参数和标头值的多个组合,如这个命令的变体:

curl -X DELETE -i http://localhost:3000/api/v1/auth/sign_out -F email="[email protected]" -H Access-Token="Ae1yaTYLkSAgdhz3LtPAZg" -H Client="9AmYF6NS8tP6EOD5nPSuxw" -H Expiry="1443073493" -H Uid="[email protected]" -H Token-Type="Bearer"

无济于事。一个类似构造的RSpec测试也会失败,具有相同的响应和错误,日志表明请求已经通过DeviseTokenAuth :: SessionsController#销毁为JSON。

当然,我实际上并没有使用curl进行身份验证;只需在编写相关代码之前验证请求结构即可。

来源

2015-09-10 user3006381

+0

我认为标题需要是-H授权=“uid = blahblah”或类似的东西。请参阅http://tools.ietf.org/html/rfc6750和https:// github。com/lynndylanhurley/devise_token_auth – zetetic

回答

6

回答我自己的问题,我没有正确返回sign_in响应头值与sign_out请求。

I found a related post其中指出了一些重要的标题。关键是要捕捉的访问令牌,客户端,并从sign_in响应UID标头值,然后将它们包括如在SIGN_OUT请求参数:

curl -i -X DELETE http://localhost:3000/api/v1/auth/sign_out -F access-token="Ae1yaTYLkSAgdhz3LtPAZg" -F client="9AmYF6NS8tP6EOD5nPSuxw" -F uid="[email protected]"

这里的一个RSpec测试来说明和验证:

require 'rails_helper' 

RSpec.describe "Authentication", type: :request do 

    it "logs a user out" do 
    user = User.create!(
     name: "Some Dude", 
     email: "[email protected]", 
     password: "password", 
     confirmed_at: Date.today 
    ) 

    # initial sign in to generate a token and response 
    post api_v1_user_session_path, { 
     email: user.email, 
     password: user.password 
    } 

    expect(user.reload.tokens.count).to eq 1 

    # sign out request using header values from sign in response 
    delete destroy_api_v1_user_session_path, { 
     "access-token": response.header["access-token"], 
     client: response.header["client"], 
     uid: response.header["uid"] 
    } 

    response_body = JSON.load(response.body) 
    expect(response_body["errors"]).to be_blank 
    expect(response.status).to eq 200 
    # user token should be deleted following sign out 
    expect(user.reload.tokens.count).to eq 0 
    end 

end

来源

2015-09-11 08:30:20 user3006381

+0

我使用相同的东西,检查标题,但仍然没有使其工作 – ImranNaqvi

+0

后链接也已过期 – ImranNaqvi

+0

我喜欢这样做'卷曲-H“访问令牌:HbJiAUvTFoPWbCnHvdplDQ”-H “client:0TtJ9D7TyeSTkfz1KatYug”-H“uid:[email protected]”-X DELETE“http:// localhost:3000/api/v1/auth/sign_out”' –

2

在细节,执行以下步骤:

步骤1:

curl -v -H 'Content-Type: application/json' -H 'Accept: application/json' -X POST http://localhost:3000/api/v1/auth/sign_in -d "{\"email\":\"[email protected]\",\"password\":\"password\"}"

你会得到这样的回答:

* Trying ::1... 
* Connected to localhost (::1) port 3000 (#0) 
> POST /api/v1/auth/sign_in HTTP/1.1 
> Host: localhost:3000 
> User-Agent: curl/7.43.0 
> Content-Type: application/json 
> Accept: application/json 
> Content-Length: 50 
> 
* upload completely sent off: 50 out of 50 bytes 
< HTTP/1.1 200 OK 
< X-Frame-Options: SAMEORIGIN 
< X-Xss-Protection: 1; mode=block 
< X-Content-Type-Options: nosniff 
< Access-Token: BqXcWQi0-9faLyxP1LnUKw 
< Token-Type: Bearer 
< Client: dYSqVgM9VT6fV9Y5MFWpJQ 
< Expiry: 1465679853 
< Uid: [email protected] 
< Content-Type: application/json; charset=utf-8 
< Etag: W/"9ad6a23f014a744a7ec83b4e0e9d27aa" 
< Cache-Control: max-age=0, private, must-revalidate 
< X-Request-Id: 6566bd38-1ad7-491a-a1ab-e41458b9b704 
< X-Runtime: 0.184807 
< Server: WEBrick/1.3.1 (Ruby/2.3.0/2015-12-25) 
< Date: Sat, 28 May 2016 21:17:33 GMT 
< Content-Length: 135 
< Connection: Keep-Alive 
< 
* Connection #0 to host localhost left intact 
{"data":{"id":6,"provider":"email","uid":"[email protected]","name":"testuser","nickname":null,"image":null,"email":"[email protected]"}}%

第2步:

现在,你想退出帐户用户。

curl -i -X DELETE http://localhost:3000/api/v1/auth/sign_out -F access-token="BqXcWQi0-9faLyxP1LnUKw" -F client="dYSqVgM9VT6fV9Y5MFWpJQ" -F uid="[email protected]"

你会得到这样的回答:

HTTP/1.1 200 OK 
X-Frame-Options: SAMEORIGIN 
X-Xss-Protection: 1; mode=block 
X-Content-Type-Options: nosniff 
Content-Type: application/json; charset=utf-8 
Etag: W/"7363e85fe9edee6f053a4b319588c086" 
Cache-Control: max-age=0, private, must-revalidate 
X-Request-Id: 8f7a297a-6a72-4c9d-a210-48c29fb4bfe0 
X-Runtime: 0.095060 
Server: WEBrick/1.3.1 (Ruby/2.3.0/2015-12-25) 
Date: Sat, 28 May 2016 21:19:18 GMT 
Content-Length: 16 
Connection: Keep-Alive 

{"success":true}%

在步骤2中,我已经添加了访问令牌客户按照我们地接收了步骤响应1(访问令牌:BqXcWQi0-9faLyxP1LnUKw客户:dYSqVgM9VT6fV9Y5MFWpJQ)。

就是这样! :)

我接受了@ user3006381的帮助!所有学分给他。

来源

2016-05-28 21:22:44

相关问题

 相关问题