更新时间:2023-02-07 15:45:59
添加token_authenticable制定模块(适用于色器件版本< = 3.2)
Add token_authenticable to devise modules (works with devise versions <=3.2)
在user.rb加:token_authenticatable制定的模块列表,它应该是这个样子如下:
In user.rb add :token_authenticatable to the list of devise modules, it should look something like below:
class User < ActiveRecord::Base
# ..code..
devise :database_authenticatable,
:token_authenticatable,
:invitable,
:registerable,
:recoverable,
:rememberable,
:trackable,
:validatable
attr_accessible :name, :email, :authentication_token
before_save :ensure_authentication_token
# ..code..
end
在生成令牌验证自己(如果色器件版本> 3.2)
Generate Authentication token on your own (If devise version > 3.2)
class User < ActiveRecord::Base
# ..code..
devise :database_authenticatable,
:invitable,
:registerable,
:recoverable,
:rememberable,
:trackable,
:validatable
attr_accessible :name, :email, :authentication_token
before_save :ensure_authentication_token
def ensure_authentication_token
self.authentication_token ||= generate_authentication_token
end
private
def generate_authentication_token
loop do
token = Devise.friendly_token
break token unless User.where(authentication_token: token).first
end
end
添加迁移authentiction令牌
Add migration for authentiction token
rails g migration add_auth_token_to_users
invoke active_record
create db/migrate/20141101204628_add_auth_token_to_users.rb
编辑迁移文件中加入:authentication_token列给用户
Edit migration file to add :authentication_token column to users
class AddAuthTokenToUsers < ActiveRecord::Migration
def self.up
change_table :users do |t|
t.string :authentication_token
end
add_index :users, :authentication_token, :unique => true
end
def self.down
remove_column :users, :authentication_token
end
end
运行迁移
耙分贝:迁移
生成现有用户令牌
我们需要调用保存的用户,以确保认证令牌每个实例是为每个用户present。
We need to call save on every instance of user that will ensure authentication token is present for each user.
User.all.each(安培;:保存)
使用安全葡萄API身份验证令牌
Secure Grape API using auth token
您需要低于code加入到API ::根在为了增加基于令牌的认证。如果你还没有意识API ::根的话,请用葡萄阅读构建RESTful API
You need to add below code to the API::Root in-order to add token based authentication. If you are unware of API::Root then please read Building RESTful API using Grape
在下面的例子中,我们根据两个方案认证用户 - 如果用户登录到Web应用程序,然后使用相同的会话 - 如果会议不提供身份验证令牌传递然后基于令牌查找用户p>
In below example, We are authenticating user based on two scenarios – If user is logged on to the web app then use the same session – If session is not available and auth token is passed then find user based on the token
# lib/api/root.rb
module API
class Root < Grape::API
prefix 'api'
format :json
rescue_from :all, :backtrace => true
error_formatter :json, API::ErrorFormatter
before do
error!("401 Unauthorized", 401) unless authenticated
end
helpers do
def warden
env['warden']
end
def authenticated
return true if warden.authenticated?
params[:access_token] && @user = User.find_by_authentication_token(params[:access_token])
end
def current_user
warden.user || @user
end
end
mount API::V1::Root
mount API::V2::Root
end
end