Ruby on rails 如何在Rails4上的Door Keeper gem中配置访问令牌? 门卫的规范,通过http头带有令牌
我的目标是在iOS和Rails4之间创建安全的API。所以我已经试了一段时间了。但我现在正在浪费时间进行测试和配置。具体来说,问题是通过HTTP头传输方法和令牌的Ruby on rails 如何在Rails4上的Door Keeper gem中配置访问令牌? 门卫的规范,通过http头带有令牌,ruby-on-rails,ruby-on-rails-4,oauth,oauth-2.0,doorkeeper,Ruby On Rails,Ruby On Rails 4,Oauth,Oauth 2.0,Doorkeeper,我的目标是在iOS和Rails4之间创建安全的API。所以我已经试了一段时间了。但我现在正在浪费时间进行测试和配置。具体来说,问题是通过HTTP头传输方法和令牌的doorkeeper\u。如何使用http请求参数是成功的,但通过参数发送令牌并不好。所以我想用HTTP头发送令牌,但门卫看不到request.header[“My_token\u PLACE”]的位置 环境 现在,我有api\u controller.rb,communities\u controller.rb,communitie
doorkeeper\u。如何使用http请求参数是成功的,但通过参数发送令牌并不好。所以我想用HTTP头发送令牌,但门卫看不到request.header[“My_token\u PLACE”]
的位置
环境 现在,我有
api\u controller.rb
,communities\u controller.rb
,communities\u controller\u spec.rb
,doorkeeper.rb
api\u controller.rb
class ApiController < ApplicationController
before_action :create_token
doorkeeper_for :all, scopes: [:app]
respond_to :json, handler: :jbuilder
private
def error_handle
raise 'Failed.'
end
def create_token
params[:access_token] = request.headers["HTTP_AUTHENTICATION"]
# this does not read by doorkeeper
end
end
class CommunitiesController < ApiController
def show
@community = Community.find params[:id]
end
def search
Query.create q: @search_form.q if @search_form.q.present?
community_search = Community.search title_or_description_cont: @search_form.q
@communities = community_search.result(distinct: true).page params[:page]
end
end
require 'spec_helper'
describe CommunitiesController do
let!(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "http://app.com") }
let(:user){ create :user }
let!(:access_token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id, scopes: "app" }
before(:each) do
request.env["HTTP_ACCEPT"] = 'application/json'
end
describe "#show" do
let(:community) { create :community }
before do
request.headers["HTTP_AUTHENTICATION"] = access_token.token
get :show, id: community
end
it { expect(response).to be_success }
it { expect(response.status).to be 200 }
end
describe "#search" do
before { get :search, access_token: access_token.token }
it { expect(response).to be_success }
it { expect(response.status).to be 200 }
end
end
Doorkeeper.configure do
orm :active_record
resource_owner_authenticator do
User.find id: session[:user_id]
default_scopes :app
end
和
communities\u controller\u spec.rb
class ApiController < ApplicationController
before_action :create_token
doorkeeper_for :all, scopes: [:app]
respond_to :json, handler: :jbuilder
private
def error_handle
raise 'Failed.'
end
def create_token
params[:access_token] = request.headers["HTTP_AUTHENTICATION"]
# this does not read by doorkeeper
end
end
class CommunitiesController < ApiController
def show
@community = Community.find params[:id]
end
def search
Query.create q: @search_form.q if @search_form.q.present?
community_search = Community.search title_or_description_cont: @search_form.q
@communities = community_search.result(distinct: true).page params[:page]
end
end
require 'spec_helper'
describe CommunitiesController do
let!(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "http://app.com") }
let(:user){ create :user }
let!(:access_token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id, scopes: "app" }
before(:each) do
request.env["HTTP_ACCEPT"] = 'application/json'
end
describe "#show" do
let(:community) { create :community }
before do
request.headers["HTTP_AUTHENTICATION"] = access_token.token
get :show, id: community
end
it { expect(response).to be_success }
it { expect(response.status).to be 200 }
end
describe "#search" do
before { get :search, access_token: access_token.token }
it { expect(response).to be_success }
it { expect(response.status).to be 200 }
end
end
Doorkeeper.configure do
orm :active_record
resource_owner_authenticator do
User.find id: session[:user_id]
default_scopes :app
end
和
config/initializer/doorkeeper.rb
class ApiController < ApplicationController
before_action :create_token
doorkeeper_for :all, scopes: [:app]
respond_to :json, handler: :jbuilder
private
def error_handle
raise 'Failed.'
end
def create_token
params[:access_token] = request.headers["HTTP_AUTHENTICATION"]
# this does not read by doorkeeper
end
end
class CommunitiesController < ApiController
def show
@community = Community.find params[:id]
end
def search
Query.create q: @search_form.q if @search_form.q.present?
community_search = Community.search title_or_description_cont: @search_form.q
@communities = community_search.result(distinct: true).page params[:page]
end
end
require 'spec_helper'
describe CommunitiesController do
let!(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "http://app.com") }
let(:user){ create :user }
let!(:access_token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id, scopes: "app" }
before(:each) do
request.env["HTTP_ACCEPT"] = 'application/json'
end
describe "#show" do
let(:community) { create :community }
before do
request.headers["HTTP_AUTHENTICATION"] = access_token.token
get :show, id: community
end
it { expect(response).to be_success }
it { expect(response.status).to be 200 }
end
describe "#search" do
before { get :search, access_token: access_token.token }
it { expect(response).to be_success }
it { expect(response.status).to be 200 }
end
end
Doorkeeper.configure do
orm :active_record
resource_owner_authenticator do
User.find id: session[:user_id]
default_scopes :app
end
这里是rspec communities\u controller.rb的结果
/Users/shogochiai/Documents/anyll% be rspec spec/controllers/communities_controller_spec.rb
FF..
Failures:
1) CommunitiesController#show should be success
Failure/Error: it { expect(response).to be_success }
expected success? to return true, got false
# ./spec/controllers/communities_controller_spec.rb:20:in `block (3 levels) in <top(required)>'
2) CommunitiesController#show should equal 200
Failure/Error: it { expect(response.status).to be 200 }
expected #<Fixnum:401> => 200
got #<Fixnum:803> => 401
Compared using equal?, which compares object identity,
but expected and actual are not the same object. Use
`expect(actual).to eq(expected)` if you don't care about
object identity in this example.
# ./spec/controllers/communities_controller_spec.rb:21:in `block (3 levels) in <top(required)>'
Finished in 0.33439 seconds
4 examples, 2 failures
Failed examples:
rspec ./spec/controllers/communities_controller_spec.rb:20 # CommunitiesController#show should be success
rspec ./spec/controllers/communities_controller_spec.rb:21 # CommunitiesController#show should equal 200
Randomized with seed 18521
未经验证
及
在{get:search,access_-token:access_-token.token}之前
已通过身份验证
补充的
我在控制器中进行了pp
调试,pp请求
和pp响应
结果有一对键值,该键值是“HTTP\u身份验证”:“xrfi24j53iji34…”(一些散列值)