Ruby on rails Rails gem jwt_会话注销未经授权
注册和登录工作正常。在cookies和localStorage中添加了csrf。但当我尝试注销时,会出现错误401 登录控制器:Ruby on rails Rails gem jwt_会话注销未经授权,ruby-on-rails,ruby,jwt,Ruby On Rails,Ruby,Jwt,注册和登录工作正常。在cookies和localStorage中添加了csrf。但当我尝试注销时,会出现错误401 登录控制器: class SigninController < ApplicationController before_action :authorize_access_request!, only: [:destroy] def create user = User.find_by!(email: params[:email]) if user
class SigninController < ApplicationController
before_action :authorize_access_request!, only: [:destroy]
def create
user = User.find_by!(email: params[:email])
if user.authenticate(params[:password])
payload = { user_id: user.id }
session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
tokens = session.login
response.set_cookie(JWTSessions.access_cookie,
value: tokens[:access],
httponly: true,
secure: Rails.env.production?)
render json: { csrf: tokens[:csrf]}
else
not_authorized
end
end
def destroy
session = JWTSessions::Session.new(payload: payload)
session.flush_by_access_payload
render json: :ok
end
private
def not_found
render json: { error: 'Cannot find such email/password combination' }, status: :not_found
end
end
Started DELETE "/signin" for 127.0.0.1 at 2018-08-12 21:56:17 +0300
(0.5ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
↳ /home/greifrut/.rbenv/versions/2.4.4/lib/ruby/gems/2.4.0/gems/activerecord-5.2.0/lib/active_record/log_subscriber.rb:98
Processing by SigninController#destroy as HTML
Completed 401 Unauthorized in 2ms (Views: 0.2ms | ActiveRecord: 0.0ms)
你能发布你的
授权访问请求吗代码>方法。另外,您确定在注销时确实发送了令牌头吗?授权\u访问\u请求!jwt_会议gems中的标准方法。删除会话的操作已记录在案,并且相同的代码正在另一个应用程序中运行