Ruby on rails 为什么ruby jwt在将gem从1.3.0更新到2.2.2后停止解码jwt?
更新后,我对ruby jwt的实现有一个问题:Ruby on rails 为什么ruby jwt在将gem从1.3.0更新到2.2.2后停止解码jwt?,ruby-on-rails,ruby,heroku,jwt,Ruby On Rails,Ruby,Heroku,Jwt,更新后,我对ruby jwt的实现有一个问题: 轨道4.1.6至4.2.11.3 Ruby 2.1.4至2.6.6 ruby jwt gem来自1.3.0 至2.2.2 更新后,它不会解码令牌并返回“无效登录信息”。错误消息来自loginclassdecode方法 这是在原始版本上成功登录的日志: 2020-12-04T09:51:42.814533+00:00 app[web.1]: I, [2020-12-04T09:51:42.814461 #8] INFO -- : Started
- 轨道4.1.6至4.2.11.3
- Ruby 2.1.4至2.6.6
- ruby jwt gem来自1.3.0 至2.2.2
login
classdecode
方法
这是在原始版本上成功登录的日志:
2020-12-04T09:51:42.814533+00:00 app[web.1]: I, [2020-12-04T09:51:42.814461 #8] INFO -- : Started POST "/api/p/v1/users/verify" for 54.210.159.54 at 2020-12-04 09:51:42 +0000
2020-12-04T09:51:42.859735+00:00 app[web.1]: I, [2020-12-04T09:51:42.859575 #8] INFO -- : Processing by API::P::V1::UsersController#verify as JSON
2020-12-04T09:51:42.859766+00:00 app[web.1]: I, [2020-12-04T09:51:42.859707 #8] INFO -- : Parameters: {"login"=>"long token....................."}
2020-12-04T09:51:43.483446+00:00 heroku[router]: at=info method=POST path="/api/p/v1/users/verify" host=rails-api-app.herokuapp.com request_id=7f6dbb16-df78-4714-9b7c-b984905a2d6b fwd="54.210.159.54" dyno=web.1 connect=1ms service=674ms status=200 bytes=1457 protocol=https
2020-12-04T09:51:43.481107+00:00 app[web.1]: I, [2020-12-04T09:51:43.481016 #8] INFO -- : Completed 200 OK in 621ms (Views: 477.0ms | ActiveRecord: 25.7ms)
以下是我在Heroku上构建更新应用程序后得到的回应:
2020-12-04T09:48:11.749514+00:00 app[web.1]: I, [2020-12-04T09:48:11.749444 #16] INFO -- : Started POST "/api/p/v1/users/verify" for 54.210.159.54 at 2020-12-04 09:48:11 +0000
2020-12-04T09:48:11.818319+00:00 app[web.1]: I, [2020-12-04T09:48:11.818203 #16] INFO -- : Processing by API::P::V1::UsersController#verify as JSON
2020-12-04T09:48:11.818504+00:00 app[web.1]: I, [2020-12-04T09:48:11.818425 #16] INFO -- : Parameters: {"login"=>"long token....................."}
2020-12-04T09:48:11.892237+00:00 app[web.1]: I, [2020-12-04T09:48:11.892151 #16] INFO -- : Rendered ActiveModel::Serializer::Null with Hash (0.35ms)
2020-12-04T09:48:11.892681+00:00 app[web.1]: I, [2020-12-04T09:48:11.892583 #16] INFO -- : Completed 400 Bad Request in 74ms (Views: 22.9ms | ActiveRecord: 9.0ms)
2020-12-04T09:48:11.893186+00:00 app[web.1]: I, [2020-12-04T09:48:11.893118 #16] INFO -- : source=rack-timeout id=89c370e4-54e2-4442-83b2-d0c19b67c027 wait=6ms timeout=15000ms service=145ms state=completed
2020-12-04T09:48:11.894875+00:00 heroku[router]: at=info method=POST path="/api/p/v1/users/verify" host=rails-api-app.herokuapp.com request_id=89c370e4-54e2-4442-83b2-d0c19b67c027 fwd="54.210.159.54" dyno=web.1 connect=0ms service=151ms status=400 bytes=406 protocol=https
服务器端:
def verify(email, password)
payload = { email: email, password: password }
encrypted_payload = { login: RubyClient::JWTEncryptable.encode(payload) }.to_json
response = public_client.post('/users/verify', { body: encrypted_payload })
if response.code == 200
{ user_token: RubyClient::JWTEncryptable.encode(response["user"]), user: response["user"] }
else
{ error: response['message'] }
end
end
以及带有登录
类和解码
模块的可加密
模块:
module RailsAppName
module Encryptable
class Login
def self.decode(encrypted_payload, secret)
begin
new(Decoder.decode(encrypted_payload, secret))
rescue JWT::DecodeError
new({ valid: false, error_message: 'Invalid login information.' })
rescue JWT::ExpiredSignature
new({ valid: false, error_message: 'The signature has expired.' })
end
end
end
module Decoder
DECODER = JWT
EXPIRATION = 10
ENCRYPTION_ALGORITHM = "HS512"
def self.decode(encrypted_payload = {}, secret = "")
DECODER.decode(
encrypted_payload,
secret,
ENCRYPTION_ALGORITHM
).first
end
def self.encode(payload = {}, secret = "")
prepare!(payload)
DECODER.encode(
payload,
secret,
ENCRYPTION_ALGORITHM
)
end
private
def self.prepare!(payload)
payload.merge! exp: expiration_time
end
def self.expiration_time
EXPIRATION.minutes.from_now.to_i
end
end
end
end
客户端:
def verify(email, password)
payload = { email: email, password: password }
encrypted_payload = { login: RubyClient::JWTEncryptable.encode(payload) }.to_json
response = public_client.post('/users/verify', { body: encrypted_payload })
if response.code == 200
{ user_token: RubyClient::JWTEncryptable.encode(response["user"]), user: response["user"] }
else
{ error: response['message'] }
end
end
在彻底阅读了这本书之后
将decode
方法更改为以下方法对我有效:
module Decoder
DECODER = JWT
EXPIRATION = 10
ENCRYPTION_ALGORITHM = { algorithm: 'HS512' }
def self.decode(encrypted_payload = {}, secret = "")
DECODER.decode(
encrypted_payload,
secret,
true,
ENCRYPTION_ALGORITHM
).first
end
end