Ruby on rails 在Desive上滚动令牌身份验证机制[Rails 4]
阿罗哈 在发现Deviate“token_authenticatable”已贬值后,我现在尝试推出自己的解决方案,但我认为Deviate“sign_in”方法存在问题: 规格:Ruby on rails 在Desive上滚动令牌身份验证机制[Rails 4],ruby-on-rails,api,authentication,devise,ruby-on-rails-4,Ruby On Rails,Api,Authentication,Devise,Ruby On Rails 4,阿罗哈 在发现Deviate“token_authenticatable”已贬值后,我现在尝试推出自己的解决方案,但我认为Deviate“sign_in”方法存在问题: 规格: context "with an admin user" do before(:each) { @user = FactoryGirl.create(:user, account_type: 'admin') } it "should respond with a 200 status" do
context "with an admin user" do
before(:each) { @user = FactoryGirl.create(:user, account_type: 'admin') }
it "should respond with a 200 status" do
post :verify, "token"=> @user.authentication_token
response.status.should eq(200)
end
end
错误:
1) UsersController#verify with an admin user should respond with a 200 status
Failure/Error: post :verify, "token"=> @user.authentication_token
NoMethodError:
undefined method `user' for nil:NilClass
# ./app/controllers/application_controller.rb:24:in `authenticate_user_from_token!'
# ./spec/controllers/users_controller_spec.rb:39:in `block (4 levels) in <top (required)>'
1)用户控制器#与管理员验证用户应以200状态响应
失败/错误:post:验证,“令牌”=>@user.authentication\u令牌
命名错误:
nil:NilClass的未定义方法“user”
#./app/controllers/application\u controller.rb:24:in`authenticate\u user\u from\u token!'
#./spec/controllers/users\u controller\u spec.rb:39:in'block(4级)in'
应用程序_controller.rb:
class ApplicationController < ActionController::Base
# If there's a token present we're using the api authentication
# mechanism, else we fall back to devise auth
before_filter :authenticate_user_from_token!, :authenticate_user!
# Setup an AccessDenied error
class AccessDenied < StandardError; end
# setup a handler
rescue_from AccessDenied, :with => :access_denied
private
# API requests should be made to the resource path
# with the requesters token as params.
#
# This method extracts the params, checks if they are
# valid and then signs the user in using devise' sign_in method
def authenticate_user_from_token!
user = User.find_by_authentication_token params[:token]
if !user.nil? && user.admin?
# store: false ensures we'll need a token for every api request
sign_in user, store: false # this is the line the spec complains about
else
raise ApplicationController::AccessDenied
end
end
def access_denied
render :file => "public/401", :status => :unauthorized
end
end
class ApplicationController:access_denied
私有的
#应向资源路径发出API请求
#将请求者令牌作为参数。
#
#此方法提取参数,检查它们是否正确
#有效,然后使用Desive“sign_in”方法对用户进行签名
def从_令牌验证_用户_!
user=user.find_by_authentication_token params[:token]
如果!user.nil?&&user.admin?
#store:false确保每个api请求都需要一个令牌
登录用户,商店:false#这是规范抱怨的一行
其他的
raise ApplicationController::AccessDenied
结束
结束
def访问被拒绝
呈现:文件=>“公共/401”,:状态=>:未授权
结束
结束
用户\u controller.rb
class UsersController < ApplicationController
[snip]
# We use this 'verify' method to provide an endpoint
# for clients to poll for token verification
# If the before filter rejects the user/token
# they recieve a 401, else we respond with a 200
# and the user params for verification on the remote app
def verify
user = User.find_by_authentication_token params[:token]
render json: user
end
end
class UsersController
我不知道错误提到的“用户”方法在哪里被调用,也不知道它被调用的对象是什么。我发现Authy非常容易使用/修改基于令牌的身份验证,而不是从头开始使用自己的方法。也有同样的问题。如果有人分享一些见解,我会很高兴的!我是这些糟糕的人中的一员,当我发现一个问题时,我会径直往前走,而不是回来补充答案。不过,我确实克服了这一点,因为我最终把这批货变成了一块小宝石。IIRC,这是一个与测试环境有关的问题,而不是实际的应用程序。我会回头看看我做了什么..我认为OP是指令牌身份验证,而不是双因素身份验证。我明白了,我认为令牌是指硬件令牌或身份验证令牌,如软令牌或SecureID。谢谢你的更正。