javascript – 在Rails API中使用Devise Token Auth gem的未经许可的参数
作者:互联网
我正在使用Rails-api制作一个使用Devise_token_auth gem的测试认证应用程序.
User.rb模型看起来像
class User < ActiveRecord::Base
before_save :set_auth_token
# Include default devise modules.
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :omniauthable
include DeviseTokenAuth::Concerns::User
private
def set_auth_token
if self.authentication_token.blank?
self.authentication_token = generate_authentication_token
end
end
def generate_authentication_token
loop do
token = Devise.friendly_token
break token unless User.where(authentication_token: token).first
end
end
end
routes.rb包含
mount_devise_token_auth_for 'User', at: 'auth'
我也使用DeviseTokenAuth gem定义的默认SessionsController和RegistrationsController
我的前端是在Ember-cli中制作的,我在其中使用Ember-simple-auth-devise登录表单,Devise授权者调用rails api的/ sign_in url.
Ember simple auth包装参数如
{"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}}
虽然rails DeviseTokenAuth期望请求参数如
{"password"=>"[FILTERED]", "email"=>"test@mail.com"}
产生的错误是
Processing by DeviseTokenAuth::RegistrationsController#create as JSON
Parameters: {"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}}
Unpermitted parameter: user
如果Rails DeviseTokenAuth gem接受包含在“user”中的参数,或者Ember-simple-auth发送未打包的参数,则问题可以得到解决,但不幸的是,两者的文档都没有明确提及实现相同的方法.
我尝试将Ember-simple-auth的resourceName更改为null但它不起作用
ENV['simple-auth-devise'] = {
resourceName: null,
serverTokenEndpoint: 'http://localhost:3000/auth/sign_in'
};
有没有办法在Ember-simple-auth-devise中发送未包装的参数?
或者是否可以为使用DeviseTokenAuth gem生成的所有控制器允许“user”中包含的参数?
使用的版本是:
devise_token_auth (0.1.36)
devise (~> 3.5.2)
rails (~> 4.2)
"ember-simple-auth": "0.8.0"
解决方法:
解决方案是将ember-simple-auth/addon/authenticators/devise.js扩展为here.
在app / authenticators / devise.js中,替换:
import Devise from 'ember-simple-auth/authenticators/devise';
export default Devise.extend({});
通过:
import Ember from 'ember';
import Devise from 'ember-simple-auth/authenticators/devise';
const { RSVP: { Promise }, isEmpty, getProperties, run, get } = Ember;
export default Devise.extend({
loginEndpoint: '/auth/sign_in',
logoutEndpoint: '/auth/sign_out',
authenticate(identification, password) {
return new Promise((resolve, reject) => {
let { identificationAttributeName } = getProperties(this, 'identificationAttributeName');
let data = { password };
data[identificationAttributeName] = identification;
let requestOptions = { url: get(this, 'loginEndpoint') };
this.makeRequest(data, requestOptions).then((response) => {
if (response.ok) {
response.json().then((json) => {
let data = {
account: json,
accessToken: response.headers.get('access-token'),
expiry: response.headers.get('expiry'),
tokenType: response.headers.get('token-type'),
uid: response.headers.get('uid'),
client: response.headers.get('client')
};
if (this._validate(data)) {
run(null, resolve, data);
} else {
run(null, reject, 'Check that server response header includes data token and valid.');
}
});
} else {
response.json().then((json) => run(null, reject, json));
}
}).catch((error) => run(null, reject, error));
});
},
invalidate(data) {
return new Promise((resolve, reject) => {
let headers = {
'access-token': data.accessToken,
'expiry': data.expiry,
'token-type': data.tokenType,
'uid': data.uid,
'client': data.client
};
let requestOptions = {
url: get(this, 'logoutEndpoint'),
method: 'DELETE',
headers
};
this.makeRequest({}, requestOptions).then((response) => {
response.json().then((json) => {
if (response.ok) {
run(null, resolve, json);
} else {
run(null, reject, json);
}
});
}).catch((error) => run(null, reject, error));
});
},
_validate(data) {
let now = (new Date()).getTime();
return !isEmpty(data.accessToken) && !isEmpty(data.expiry) && (data.expiry * 1000 > now) &&
!isEmpty(data.tokenType) && !isEmpty(data.uid) && !isEmpty(data.client);
}
});
标签:javascript,ruby-on-rails,ember-js,devise,ember-simple-auth 来源: https://codeday.me/bug/20190706/1398324.html