1. 首页
  2. 问答
  3. Devise Rails 3.2.22 remember_user_token not set

Devise Rails 3.2.22 remember_user_token not set

2016-03-03 67 views
0

我试图用devise 3.5.2和rails 3.2.22来管理一些奇怪的问题。Devise Rails 3.2.22 remember_user_token not set

问题是devise没有设置remember_user_token cookie。 我的应用程序是一个API,所以我有sessions_controller重写。

def create 
    # build_resource 
    resource = User.find_for_database_authentication(email: params[:email]) 
    return invalid_login_attempt(email: t('api.errors.email.user_not_exists', email: params[:email])) unless resource 

    unless resource.active_for_authentication? 
    render json: { success: false }.merge(errors: t('api.errors.email.inactive')), status: :ok 
    return 
    end 

    if resource.is_deleted 
    render json: { success: false }.merge(errors: t('api.errors.email.deleted')), status: :ok 
    return 
    end 

    if resource.valid_password?(params[:password]) 
    sign_in("user", resource) 
    resource.enable_beta unless resource.beta_enabled? 
    render json: { success: true }.merge(user: resource.as_json(user: resource)), status: :ok 
    return 
    end 
    invalid_login_attempt(password: t('api.errors.email.wrong_password')) 
end

这里是我的用户模型(设计部分)

# Extensions 
devise :database_authenticatable, :registerable, :confirmable, 
    :recoverable, :rememberable, :trackable, :validatable, :lastseenable

登录工作就像一个魅力,但reme​​mber_user_token饼干未设置。

Started POST "/api/v1/users/sign_in" for 127.0.0.1 at 2016-03-03 16:09:23 +0600 
Processing by API::V1::SessionsController#create as JSON 
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>true, "session"=>{"email"=>"[email protected]", "password"=>" [FILTERED]", "remember_me"=>true}} 
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."is_deleted" = 'f' AND "users"."email" = '[email protected]' LIMIT 1 
(0.2ms) BEGIN 
(0.5ms) UPDATE "users" SET "last_sign_in_at" = '2016-03-03 10:06:43.642950', "current_sign_in_at" = '2016-03-03 10:09:23.152373', "sign_in_count" = 179, "updated_at" = '2016-03-03 10:09:23.154418', "users_for_mentions" = '--- 
- ''no'' 
' WHERE "users"."id" = 300 
Tag Load (0.4ms) SELECT "tags".* FROM "tags" WHERE "tags"."host_id" = 300 AND "tags"."host_type" = 'User' LIMIT 1 
(0.5ms) COMMIT 
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 300]] 
City Load (0.3ms) SELECT "cities".* FROM "cities" WHERE "cities"."id" = 3 LIMIT 1 
Completed 200 OK in 2515.4ms (Views: 8.7ms | ActiveRecord: 4.4ms | Sphinx: 0.0ms)

cookie browser 我也试图用手来设置cookie的:

cookies["remember_user_token"] = { 
    value: user.class.serialize_into_cookie(user.reload), 
    expires: 3.year.from_now, 
    domain: RAILS_DOMAIN 
    }

,但没有运气了。似乎有些东西可以防止cookie设置。你能分享你的想法吗?

在此先感谢。

来源

2016-03-03 retgoat

回答

0

答案是致命的简单,在GitHub上的设计源代码解释

module Devise 
    module Controllers 
    # A module that may be optionally included in a controller in order 
    # to provide remember me behavior. Useful when signing in is done 
    # through a callback, like in OmniAuth.

所以,我需要做的是包括适当的模块,在我的控制器,并添加方法两行

module API::V1 
    class SessionsController < Devise::SessionsController 
    include Devise::Controllers::Rememberable 
    prepend_before_filter :require_no_authentication, only: [:create] 

    include Corsable 

    ... 

    def create 
    # build_resource 
    resource = User.find_for_database_authentication(email: params[:email]) 
    return invalid_login_attempt(email: t('api.errors.email.user_not_exists', email: params[:email])) unless resource 

    unless resource.active_for_authentication? 
     render json: { success: false }.merge(errors: t('api.errors.email.inactive')), status: :ok 
     return 
    end 

    if resource.is_deleted 
     render json: { success: false }.merge(errors: t('api.errors.email.deleted')), status: :ok 
     return 
    end 

    if resource.valid_password?(params[:password]) 
     sign_in(resource) 
     remember_me(resource) if params["remember_me"].present? 
     resource.enable_beta unless resource.beta_enabled? 
     render json: { success: true }.merge(user: resource.as_json(user: resource)), status: :ok 
     return 
    end 
    invalid_login_attempt(password: t('api.errors.email.wrong_password')) 
    end 

    def destroy 
    forget_me(current_user) 
    sign_out(resource_name) 
    respond_to do |format| 
     format.json { render json: '', status: :no_content } 
    end 
    end 
end

来源

2016-03-10 09:50:57 retgoat

相关问题

 相关问题