我试图用色器件和devise_token_auth在我的应用程序进行身份验证。
我将重写注册控制器,如下所示:
module Overrides
class RegistrationsController < DeviseTokenAuth::RegistrationsController
## I am doing these to go around the `Can't verify CSRF token authenticity` Error.
# skip_before_action :valid_authenticity_token, only: :create
protect_from_forgery :except => :create
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation, :name, :nickname)
end
end
end
我还使用swagger docs api发送参数,如下所示:
swagger_api :create do
summary "Sign up a new user"
param :form, "user[email]", :string, :required, "Email of the new user"
param :form, "user[password]", :string, :required, "Password of the new user"
param :form, "user[password_confirmation]", :string, :required, "Retype Password of the new user"
param :form, "user[name]", :string, :optional, "Name of the new user"
param :form, "user[nickname]", :string, :optional, "Nick-Name of the new user"
response :not_acceptable
response :success
end
这将在我的终端上生成参数,如下所示:
Processing by Overrides::RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "name"=>"rgefsrfgrfdfsd", "nickname"=>"rgefsrfgrfdfsd"}}
但是,此请求从未达到我的模型(更不用说创建新用户了)。但是,在页面上,出现以下错误:
并Completed 403 Forbidden in 93ms (Views: 0.3ms | ActiveRecord: 0.0ms)
在终端上。
我该如何解决呢?谢谢
更新:
#route.rb:
namespace :api do
namespace :v1 do
mount_devise_token_auth_for 'User', at: 'auth', controllers: {
confirmations: 'overrides/confirmations',
passwords: 'overrides/passwords',
registrations: 'overrides/registrations',
sessions: 'overrides/sessions',
}
...
end
end
#Countroller:
class ApiController < ApplicationController
include DeviseTokenAuth::Concerns::SetUserByToken
protect_from_forgery with: :null_session
end
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }
end
#user.rb:
class User < ActiveRecord::Base
# Include default devise modules.
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :omniauthable
include DeviseTokenAuth::Concerns::User
该confirm_success_url
参数用于支持多个客户端应用程序。如果不需要该参数,则该API无法在电子邮件确认后知道重定向到何处。
但是对于您来说devise_token_auth
,您application_controller.rb
应该是:
protect_from_forgery with: :null_session
include DeviseTokenAuth::Concerns::SetUserByToken
在你的routes.rb中
mount_devise_token_auth_for 'User', at: 'auth'
删除user.rb中的confirmable
标签,使其如下所示
devise :database_authenticatable, :recoverable,
:trackable, :validatable, :registerable,
:omniauthable
include DeviseTokenAuth::Concerns::User
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句