我已經實施了Matteo Melanis偉大的博客文章A Simple Token Authentication Service for Mobile Devices。它與Chrome擴展Postman的效果非常好。但是,當我嘗試使用cUrl獲取用戶身份驗證令牌時,我遇到了一個混亂問題。連接到捲曲導致錯誤的迴應
首先對(成功)認證development.log條目提取採用了郵差:
Started POST "/api/v1/[email protected]&password=[FILTERED]" for 127.0.0.1 at 2013-11-25 11:28:21 +0100
Processing by Api::V1::TokensController#create as JSON
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]"}
[1m[36mUser Load (1.4ms)[0m [1mSELECT "users".* FROM "users" WHERE "users"."id" = 1 ORDER BY "users"."id" ASC LIMIT 1[0m
Entered create method
[1m[35mUser Load (3.9ms)[0m SELECT "users".* FROM "users" WHERE "users"."email" = '[email protected]' LIMIT 1
Completed 200 OK in 99ms (Views: 0.3ms | ActiveRecord: 5.3ms)
然後,當我跑$ curl -X POST "https://localhost:3000/api/v1/[email protected]&password=somepassword" -d "[email protected]&password=somepassword" -v -k -i
,我得到
Started POST "/api/v1/[email protected]&password=[FILTERED]" for 127.0.0.1 at 2013-11-25 11:29:01 +0100
Processing by Api::V1::TokensController#create as JSON
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]"}
Completed 401 Unauthorized in 12ms
你可能會問,爲什麼我提供的參數既可以作爲HTTP Post數據,也可以作爲查詢字符串。那麼,我最初的捲曲lib樣本http-post.c的研究表明前者,而Postmans成功的查詢則暗示了後者。我試過所有這些組合,但沒有任何作用,所以我很迷路。
在Api::V1::TokensController
,我已經添加日誌每當創建方法被調用,這是
class Api::V1::TokensController < ApplicationController
skip_before_filter :verify_authenticity_token
respond_to :json
def create
Rails.logger.debug("Entered create method")
email = params[:email]
password = params[:password]
if request.format != :json
render :status=>406, :json=>{:message=>"The request must be json"}
return
end
if email.nil? or password.nil?
render :status=>400,
:json=>{:message=>"The request must contain the user email and password."}
return
end
@user=User.find_by_email(email.downcase)
if @user.nil?
logger.info("User #{email} failed signin, user cannot be found.")
render :status=>401, :json=>{:message=>"Invalid email or password."}
return
end
# http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable
@user.ensure_authentication_token!
if not @user.valid_password?(password)
logger.info("User #{email} failed signin, password \"#{password}\" is invalid")
render :status=>401, :json=>{:message=>"Invalid email or password."}
else
render :status=>200, :json=>{:token=>@user.authentication_token}
end
end
def destroy
@user=User.find_by_authentication_token(params[:id])
if @user.nil?
logger.info("Token not found.")
render :status=>404, :json=>{:message=>"Invalid token."}
else
@user.reset_authentication_token!
render :status=>200, :json=>{:token=>params[:id]}
end
end
end
由於可以從日誌可以看出,創建方法被稱爲擺在首位,但不在第二。這就好像Api::V1::TokensController
的skip_before_filter :verify_authenticity_token
一起被忽略。但是,這怎麼可能呢?
任何建議,非常感謝!
我的預感是你沒有正確地發送json的捲曲。看看這裏http://stackoverflow.com/a/7173011/600953 – Dty
在chrome開發工具的網絡選項卡中,您可以將請求複製到cURL格式。嘗試將其與您發送的內容進行比較,以查看缺少的內容。 – Slicedpan
嘗試像curl-d''一樣的基本帖子https:// localhost:3000/api/v1/tokens.json?email = my @ mail.com&password = password'我也看到了你的製作和'https'請求本地主機看看是否需要,如果是的話,那麼也許你提供證書來捲曲或使用'--no-check-certificate'這兩種方式,因爲我一直都在使用它 – Viren