Ruby on rails 4 Can';在Rails 4中使用敲打无法获得Auth0 JWT身份验证
我遵循了Auth0 for Rails API中的快速入门指南,但是向我的Rails API发送可验证的请求总是返回500。头中有一个JWT,我相信它是有效的,因为将它复制到,将我的私钥粘贴到“secret”输入中,然后单击“secret base64 encoded”显示“verified” 相关代码如下: 请求信息:Ruby on rails 4 Can';在Rails 4中使用敲打无法获得Auth0 JWT身份验证,ruby-on-rails-4,auth0,Ruby On Rails 4,Auth0,我遵循了Auth0 for Rails API中的快速入门指南,但是向我的Rails API发送可验证的请求总是返回500。头中有一个JWT,我相信它是有效的,因为将它复制到,将我的私钥粘贴到“secret”输入中,然后单击“secret base64 encoded”显示“verified” 相关代码如下: 请求信息: Request URL:https://railie-p0lska1.c9users.io/api/feedbacks.json Request Method:POST Sta
Request URL:https://railie-p0lska1.c9users.io/api/feedbacks.json
Request Method:POST
Status Code:401 Unauthorized
Remote Address:104.155.203.100:443
请求标头:
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,fa;q=0.6
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3JhaWxpZS5hdXRoMC5jb20vIiwic3ViIjoiZmFjZWJvb2t8NTA0MjI0NjEzIiwiYXVkIjoidHhKQXJNODhsTnNtcGpSRjBlZGZXZHlnY2gyMGJFb0QiLCJleHAiOjE0ODM2MjAyNzcsImlhdCI6MTQ4MzU4NDI3N30.KePQsrTFjQjIzB6YmxzJcbhMW6by7WIBOpm51viaDZE
Cache-Control:no-cache
Connection:keep-alive
Content-Length:10
Content-Type:application/json;charset=UTF-8
Cookie:c9.live.user.jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjcxNjI5OSIsIm5hbWUiOiJwMGxza2ExIiwiY29kZSI6IjljWWhzZXc2TXhtZkN2WFNGeWl1IiwiaWF0IjoxNDgzNTExMjU1LCJleHAiOjE0ODM1OTc2NTV9.nkeM2LHqibXDqFQ1ZpQ5RseyO3maO5mz8t5ebtnkDUc; c9.live.user.sso=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjcxNjI5OSIsIm5hbWUiOiJwMGxza2ExIiwiaWF0IjoxNDgzNTExMjU1LCJleHAiOjE0ODM1OTc2NTV9.BOxqLKqy6saBOyRjbpccFn8rXTjncW3H_DT2Ysj4vaU; XSRF-TOKEN=cSD1XB8QFAGZFmKWN16R1P%2B1Kwxnyys6cIzOaee02rpkePtyHwuPhmHftQ%2B4YvFvkd3i3BVkvj5z3NLVBk5UEw%3D%3D; _workspace_session=ZEZ6Q2M1aTdFbXA4SzdTc3o2azlnalhmYTR2akVRSGRobFkrUDNwTmlyZ2RPZDdkR0ozamtET2Roa29LMXM4R1h0MUJmZ2lwUHJzWmJKVThOYUxhcjZid1pqZHQzWTRGdmtNZEhjcDZwNWdIN3o5MXcxdnJUUEdCUHhURmlOUE41Uk9ucXY5bkdDUTUzNHo5S3VQSmlnPT0tLXNaakl6S3YzS0VmQmNzZnRBc2NLS3c9PQ%3D%3D--c88551abbcd6419fc848f66f86e9897a5e93ffa8
Host:railie-p0lska1.c9users.io
Origin:https://railie-p0lska1.c9users.io
Pragma:no-cache
Referer:https://railie-p0lska1.c9users.io/en_AU
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
X-XSRF-TOKEN:cSD1XB8QFAGZFmKWN16R1P+1Kwxnyys6cIzOaee02rpkePtyHwuPhmHftQ+4YvFvkd3i3BVkvj5z3NLVBk5UEw==
服务器错误:
Started POST "/api/feedbacks.json" for 220.244.244.218 at 2017-01-05 03:08:27 +0000
Cannot render console from 220.244.244.218! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by FeedbacksController#create as JSON
Parameters: {"data"=>1, "feedback"=>{"data"=>1}}
Completed 500 Internal Server Error in 20ms (ActiveRecord: 0.0ms)
NoMethodError (undefined method `authenticate_user' for #<FeedbacksController:0x007f818327e000>
Did you mean? authenticate):
根据Auth0论坛上的帖子,我更改了Knock的Knock.rb配置文件中的一些变量
Knock.setup do |config|
config.current_user_from_token = -> (claims) { User.find_or_create_by(auth_id: claims['sub']) }
config.token_audience = -> { Rails.application.secrets.auth0_client_id }
config.token_secret_signature_key = -> {
secret = Rails.application.secrets.auth0_client_secret
secret += '=' * (4 - secret.length.modulo(4))
Base64.decode64(secret.tr('-_', '+/'))
}
end
应用程序的一部分\u controller.rb
class FeedbacksController < ApplicationController
before_action :authenticate_user
respond_to :json
def create
VisitorRating.create(request_params)
reply('Thanks for your feedback', :ok)
rescue
reply('Unable to save your feedback', :unprocessable_entity)
end
private
def request_params
params.require(:feedback).permit(:data)
end
end
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
before_action :authenticate, only: :testie
protect_from_forgery with: :exception
respond_to :json
# Knock is used for user JWT requests
include Knock::Authenticable
def angular
render 'layouts/application'
end
private
def reply(message, status)
respond_to do |format|
format.json { render :json => {:message => message}, status: status}
end
end
end
class ApplicationController{:message=>message},status:status}
结束
结束
结束
写了这篇文章后,我认为问题可能与VisitorRating模型有关,该模型目前不属于用户模型,但我对Rails不熟悉,不确定细节。我认为您的应用程序是在12月6日之后创建的。如果是这样,您的config/initializers/knock.rb应该如下所示
Knock.setup do |config|
config.token_audience = -> { Rails.application.secrets.auth0_client_id }
config.token_secret_signature_key = -> { Rails.application.secrets.auth0_client_secret }
end
请注意,令牌密钥不是base64编码的:并且
看起来你的app/models/user.rb应该是
class User < ApplicationRecord
def self.from_token_payload(payload)
self.find_or_create_by(auth_id: payload['sub'])
end
end
class用户
您的用户不应该有密码,但是from\u-token\u-payload
需要实际从该有效负载获取用户
除此之外,只需确保删除控制器中的重复内容(在app/controllers/application\u controller.rb中的\u action:authenticate之前可能不执行)
Knock.setup do |config|
config.token_audience = -> { Rails.application.secrets.auth0_client_id }
config.token_secret_signature_key = -> { Rails.application.secrets.auth0_client_secret }
end
class User < ApplicationRecord
def self.from_token_payload(payload)
self.find_or_create_by(auth_id: payload['sub'])
end
end