2017-01-22 83 views
2

我正在嘗試安裝Mollie API,但我沒有找到webhook的工作方式。我正在Ruby on Rails 4中工作。它一直在說無法驗證CSRF令牌的真實性。我嘗試了幾個從stackoverflow的答案,但他們不工作。例如。無法驗證CSRF令牌的真實性

  • skip_before_filter:verify_authenticity_token
  • protect_from_forgery除外:[:通知]
  • protect_from_forgery用:null_session,如果: - > {?request.format.json}

我的通知控制器看起來像:

class ReservationsController < ApplicationController 
    before_action :authenticate_user!, except: [:notify] 

    skip_before_filter :verify_authenticity_token 

    def preload 
     training = Training.find(params[:training_id]) 
     today = Date.today 
     reservations = training.reservations.where("date >= ?", today) 

     render json: reservations 
    end 

    def create 



     @thrill = Thrill.find(params[:thrill_id]) 
     if @thrill.reservations.length < @thrill.training.tr_max_attendants 
      @reservation = current_user.reservations.create(reservation_params) 

      if @reservation 

       require 'Mollie/API/Client' 

       mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW') 

       payment = mollie.payments.create(
        amount: 10.00, 
        description: 'My first API payment', 
        redirect_Url: 'http://d7459af1.ngrok.io/your_trips', 
        webhookUrl: 'http://d7459af1.ngrok.io/notify', 
        metadata: { 
         reservationid: @reservation.id 
        } 
       ) 



       @reservation.update_attributes payid:payment.id 

       redirect_to payment.payment_url 


      else 
       redirect_to @thrill.training, notice: "Helaas, de training is vol" 
      end 
     end 
    end 

    protect_from_forgery except: [:notify] 
# protect_from_forgery with: :null_session, if: -> {request.format.json?} 

    def notify 

     require 'Mollie/API/Client' 

     mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW') 

     payment = mollie.payments.get(payment.id) 

     params.permit! 
     status = params[:payment_status] 

     if payment.paid? 

      reservation = Reservation.find(params[:payid]) 
      reservation.update_attributes status:true 
     else 
      reservation.destroy 
     end 

     render nothing: true 

    end 

    protect_from_forgery except: [:your_trips] 
    def your_trips 
     @reservations = current_user.reservations.joins(:thrill).order('thrills.thrilldate asc').where('? <= thrills.thrilldate', Date.today) 
    end 

    def your_reservations 
     @trainings = current_user.trainings 
    end 

    private 
     def reservation_params 

      params.permit(:thrill_id, :user_id) 
     end 


    end 

如果有人有一個提示或暗示,將不勝感激! 謝謝!

+0

嗨克里斯。如果你是Rails新手:你在這裏發佈的代碼看起來不像普通的Rails控制器。你能把所有的代碼發佈到你的通知控制器嗎?我希望它啓動'類NotifyController Mauddev

+0

嗨Mauddev,感謝您的評論。我確實對此很新,我添加了完整控制器。希望你能做到這一點。 –

回答

3

你需要在你的控制器的最頂部打電話protect_from_forgery,也可以在ApplicationController刪除protect_from_forgery電話。

例子:

class ReservationsController < ApplicationController 
    before_action :authenticate_user!, except: [:notify] 

    skip_before_filter :verify_authenticity_token 

    protect_from_forgery except: [:notify, :your_trips] 

    # actions go below here 

請注意,您可以通過多個動作爲:except參數

附註:如果你是在一個JSON API唯一的應用程序的工作,我建議你看看到Rails API : https://github.com/rails-api/rails-api

相關問題