基本身份验证的Rails

Question

我试图完成使用

http_basic_authenticate_with name: "admin", password: "secret" 

办法有一个用户的电子邮件和密码使用，而不必硬编码密码进行身份验证。这是我的控制器类的其余部分。

class Api::V1::UserInfosController < ApplicationController 
    before_action :set_user_info, only: [:show, :edit, :update, :destroy] 
    http_basic_authenticate_with name: "admin", password: "secret" 

    # GET /user_infos 
    def index 
    @user_infos = UserInfo.all 
    end 

    respond_to :json 

    def show 
    respond_with UserInfo.find(params[:id]) 
    end 

    # GET /user_infos/new 
    def new 
    @user_info = UserInfo.new 
    end 

    # GET /user_infos/1/edit 
    def edit 
    end 

    # POST /user_infos 
    def create 
    @user_info = UserInfo.new(user_info_params) 

    if @user_info.save 
     redirect_to @user_info, notice: 'User info was successfully created.' 
    else 
     render :new 
    end 
    end 

    # PATCH/PUT /user_infos/1 
    def update 
    if @user_info.update(user_info_params) 
     redirect_to @user_info, notice: 'User info was successfully updated.' 
    else 
     render :edit 
    end 
    end 

    # DELETE /user_infos/1 
    def destroy 
    @user_info.destroy 
    redirect_to user_infos_url, notice: 'User info was successfully destroyed.' 
    end 

    private 
    # Use callbacks to share common setup or constraints between actions. 
    def set_user_info 
     @user_info = UserInfo.find(params[:id]) 
    end 

    # Only allow a trusted parameter "white list" through. 
    def user_info_params 
     params.require(:user_info).permit(:artist, :email, :password) 
    end 
end 

任何帮助都将不胜感激！ :)

Answer 1

我建议您使用Devise gem进行身份验证。它很容易使用，并有一个巨大的社区支持。

然而，回答你的问题，你可以做的就是按照例如ActionController::HttpAuthentication::Basic文档和实现是这样的：

class Api::V1::UserInfosController < ApplicationController 
    before_filter :set_current_user 

    private 

    def set_current_user 
    @current_user ||= authenticate_or_request_with_http_basic do |u, p| 
     User.find(email: u, password: p) 
    end 
    end 
end 

哪里User是你的授权用户的模型。