有很多方法可以做到這一點。我做了什麼讓設計迴歸錯誤,我的iPhone應用程序,我可以解釋(如401)爲創建自定義的故障應用程序:
# config/initializers/devise.rb
config.warden do |manager|
manager.failure_app = CustomFailure
end
# config/initializers/custom_failure.rb
class CustomFailure < Devise::FailureApp
def respond
unless request.format.to_sym == :html
http_auth
else
super
end
end
end
否則設計只是一個重定向響應代碼返回HTML無論是否登錄信息是正確的或不正確的。在iPhone應用程序,你可以通過發送GET請求,這樣/登錄驗證
#app/controllers/pages_controller.rb
before_filter :authenticate_user!, :only => [:login]
ssl_required :login # you have to set up ssl and ssl_requirement
def login
@user = current_user
respond_to do |format|
format.html {render :text => "#{@user.id}"}
format.xml {render :text => "#{@user.id}" }
end
end
#config/routes.rb
match '/login', :to => 'pages#login'
然後:
由於我的應用程序需要用戶對我的rails後臺驗證,我實現了一個簡單的登錄系統,這樣(我用ASIHTTPRequest,因爲它的真棒):
- (void) validate_login:(NSString*)name :(NSString*)pwd
{
NSURL *login_url = [NSURL URLWithString:@"https://mysite.com/login"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:login_url];
[request setDelegate:self];
[request setUsername:name];
[request setPassword:pwd];
[request addRequestHeader:@"Accept" value:@"application/xml"];
[request startAsynchronous];
}
- (void)requestFinished:(ASIHTTPRequest *)request
{
if ([request responseStatusCode] != 200) {
[self requestFailed:request];
}
else {
// authentication successful, store credentials
NSUSerDefaults* defaults = [NSUserDefaults standardUserDefaults];
[defaults setValue:[request username] forKey:@"username"];
[defaults setValue:[request password] forKey:@"password"];
}
}
- (void)requestFailed:(ASIHTTPRequest *)request
{
NSLog(@"failed with error: %d %@", [request responseStatusCode], [error localizedDescription]);
// tell user incorrect username/password
}
然後,當您需要將數據發佈到應用程序,你可以檢索用戶默認的用戶名和密碼,並將它們連接請求。如果您需要更安全,您可以將它們存儲在鑰匙串中。
我確定有更好的方法來做到這一點,但希望這可以讓你思考API認證策略。
嘿約翰尼,我啓用了基本的HTTP身份驗證,我試圖實現這一點,每次我嘗試訪問http:// localhost:3000/login?user [email] [email protected]&user [password] = password,我得到一個「{」error「:」您需要先登錄或註冊才能繼續。「}」您的想法? – BeachRunnerFred