Ruby on rails 让AuthLogic与ActionCable一起工作
我正在开发一个新的Rails 5(RC1)应用程序。我使用AuthLogic进行用户身份验证,在我使用ActionCable之前,它一直工作得很好Ruby on rails 让AuthLogic与ActionCable一起工作,ruby-on-rails,ruby,authlogic,ruby-on-rails-5,actioncable,Ruby On Rails,Ruby,Authlogic,Ruby On Rails 5,Actioncable,我正在开发一个新的Rails 5(RC1)应用程序。我使用AuthLogic进行用户身份验证,在我使用ActionCable之前,它一直工作得很好 #app/channels/application_cable/connection.rb module ApplicationCable class Connection < ActionCable::Connection::Base identified_by :current_user def connect
#app/channels/application_cable/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
self.current_user = UserSession.find
end
end
end
class ApplicationController < ActionController::Base
before_action :set_verify_cookie
def set_verify_cookie
#action cable needs a way outside of controller logic to lookup a user
return unless current_user
cookies.signed[:vvc] = current_user.persistence_token
end
end
#app/channels/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
self.current_user = find_verified_user
logger.add_tags 'ActionCable', self.current_user.username unless self.current_user.nil?
end
protected
def find_verified_user_or_guest
User.find_by(:persistence_token => cookies.signed[:vvc])
end
end
但这不起作用,因为连接类不是控制器
我查看了AuthLogic代码,但不知道如何绕过它对控制器对象的依赖。我只需要加载用户的会话。有什么想法吗?我自己想出来的。我觉得这是一种黑客行为,基本上在我的ApplicationController中,我用AuthLogic persistence_令牌设置了一个安全cookie,然后我可以读取这个令牌并在ActionCable中手动加载用户
#app/channels/application_cable/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
self.current_user = UserSession.find
end
end
end
class ApplicationController < ActionController::Base
before_action :set_verify_cookie
def set_verify_cookie
#action cable needs a way outside of controller logic to lookup a user
return unless current_user
cookies.signed[:vvc] = current_user.persistence_token
end
end
#app/channels/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
self.current_user = find_verified_user
logger.add_tags 'ActionCable', self.current_user.username unless self.current_user.nil?
end
protected
def find_verified_user_or_guest
User.find_by(:persistence_token => cookies.signed[:vvc])
end
end
class ApplicationControllercookies.signed[:vvc])
结束
结束
一个潜在的问题是,需要在注销时清除cookie,否则ActionCable仍会在后续页面加载中找到用户
#app/controllers/user_sessions_controller.rb
class UserSessionsController < ApplicationController
def destroy
cookies.signed[:vvc] = nil
current_user_session.destroy
flash[:success] = "Logout successful!"
redirect_to root_url
end
end
#app/controllers/user_sessions_controller.rb
类UserSessionController
我自己想出来的。我觉得这是一种黑客行为,基本上在我的ApplicationController中,我用AuthLogic persistence_令牌设置了一个安全cookie,然后我可以读取这个令牌并在ActionCable中手动加载用户
#app/channels/application_cable/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
self.current_user = UserSession.find
end
end
end
class ApplicationController < ActionController::Base
before_action :set_verify_cookie
def set_verify_cookie
#action cable needs a way outside of controller logic to lookup a user
return unless current_user
cookies.signed[:vvc] = current_user.persistence_token
end
end
#app/channels/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
self.current_user = find_verified_user
logger.add_tags 'ActionCable', self.current_user.username unless self.current_user.nil?
end
protected
def find_verified_user_or_guest
User.find_by(:persistence_token => cookies.signed[:vvc])
end
end
class ApplicationControllercookies.signed[:vvc])
结束
结束
一个潜在的问题是,需要在注销时清除cookie,否则ActionCable仍会在后续页面加载中找到用户
#app/controllers/user_sessions_controller.rb
class UserSessionsController < ApplicationController
def destroy
cookies.signed[:vvc] = nil
current_user_session.destroy
flash[:success] = "Logout successful!"
redirect_to root_url
end
end
#app/controllers/user_sessions_controller.rb
类UserSessionController
假设您使用的是Authlogic default,持久性令牌存储在cookie中的键“user\u credentials”下
因此,您可以按如下方式查找您的用户:
# app/channels/application_cable/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
def connect
verify_user
end
private
def verify_user
reject_unauthorized_connection unless verified_user?
end
def verified_user?
cookie_key && User.find_by_persistence_token(token)
end
def token
cookie && cookie.include?('::') && cookie.split("::")[0]
end
def cookie
cookies['user_credentials']
end
end
end
#app/channels/application_cable/connection.rb
模块可应用
类连接
假设您使用的是Authlogic default,持久性令牌存储在cookie中的键“user\u credentials”下
因此,您可以按如下方式查找您的用户:
# app/channels/application_cable/connection.rb
module ApplicationCable
class Connection < ActionCable::Connection::Base
def connect
verify_user
end
private
def verify_user
reject_unauthorized_connection unless verified_user?
end
def verified_user?
cookie_key && User.find_by_persistence_token(token)
end
def token
cookie && cookie.include?('::') && cookie.split("::")[0]
end
def cookie
cookies['user_credentials']
end
end
end
#app/channels/application_cable/connection.rb
模块可应用
类连接
非常好的解决方案!回答得很好。请编辑这行:self.current\u user=find\u verified\u user
For:self.current\u user=find\u verified\u user\u或\u guest
非常好的解决方案!回答得很好。请编辑此行:self.current\u user=find\u verified\u user
For:self.current\u user=find\u verified\u user\u或\u guest