使用 Curl 时，Devise CanCan 无法通过 Post 创建用户

发布于 2024-10-11 00:11:48 字数 2734 浏览 3 评论 0原文

我遵循了 Tony Amoyal 的指南使用 Devise 和 CanCan 进行 Rails 身份验证第 2 部分 – 管理员的 Restful 资源并创建了用户控制器。

我启用了基于令牌的身份验证，并且 CanCan 设置为仅允许管理员访问以执行任何有用的操作。

值得注意的代码片段是

class User < ActiveRecord::Base
  before_save :ensure_authentication_token

  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :token_authenticatable

  attr_accessible :company_name, :role, :email, :password, :password_confirmation, :remember_me

  ROLES = %w[admin customer]  
end

class UsersController < ApplicationController
  before_filter :get_user, :only => [:index,:new,:edit]
  load_and_authorize_resource

  ...
end

class Ability
    include CanCan::Ability

    def initialize(user)
      user ||= User.new # guest user

      if user.role == "admin"      
        can :manage, :all
      elsif user.role == "customer"
        can :address, :lookup
        cannot [:new, :create, :edit, :update, :destroy, :index], [User]
        can [:show], [User], :id => user.id
      end
    end    
end

现在当我使用curl 进行 GET、PUT 和 GET 时。 DELETE 请求它工作正常。请注意 auth_token 参数（它是管理员用户的令牌）

curl -k -H "Content-Type: application/json" -X GET https://localhost:3000/users.json?auth_token=Z6Sgkd65w1oCWckpNrdya54FkHy6sMgWLn1BNno7wa9xSEi0xvoxfrRD4Y8z -i

POST 请求似乎不起作用并被重定向，这表明身份验证没有使用提供的令牌启动。

发帖请求：

curl -k -H "Content-Type: application/json" -X POST https://localhost:3000/users -d '{"auth_token":"Z6Sgkd65w1oCWckpNrdya54FkHy6sMgWLn1BNno7wa9xSEi0xvoxfrRD4Y8z", "user":{"company_name":"Test","role":"customer","password":"XXXXXXXX","password_confirmation":"XXXXXXXX","email":"[email protected]"}}' -i

开发日志：

Started POST "/users" for 127.0.0.1 at Fri Jan 07 18:54:27 +1100 2011
  Processing by UsersController#create as */*
  Parameters: {"auth_token"=>"Z6Sgkd65w1oCWckpNrdya54FkHy6sMgWLn1BNno7wa9xSEi0xvoxfrRD4Y8z", "user"=>{"company_name"=>"Test", "password_confirmation"=>"[FILTERED]", "role"=>"customer", "password"=>"[FILTERED]", "email"=>"[email protected]"}}
Completed   in 88ms
Redirected to https://localhost:3000/

Curl 的使用是否不正确？或
是否需要先登录，然后在POST请求的cookie中设置session？或
我是在做一些愚蠢的猴子吗？

我对 Rails 和 Rails 还很陌生。 Ruby，非常感谢任何帮助。谢谢。

原文

I've followed Tony Amoyal's guide Rails Authentication with Devise and CanCan part 2 – Restful Resources for Administrators and created the User controller.

I've got token based authentication enabled and CanCan is setup to allow access to only admins to do anything useful.

Code snippets of note are

class User < ActiveRecord::Base
  before_save :ensure_authentication_token

  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :token_authenticatable

  attr_accessible :company_name, :role, :email, :password, :password_confirmation, :remember_me

  ROLES = %w[admin customer]  
end

class UsersController < ApplicationController
  before_filter :get_user, :only => [:index,:new,:edit]
  load_and_authorize_resource

  ...
end

class Ability
    include CanCan::Ability

    def initialize(user)
      user ||= User.new # guest user

      if user.role == "admin"      
        can :manage, :all
      elsif user.role == "customer"
        can :address, :lookup
        cannot [:new, :create, :edit, :update, :destroy, :index], [User]
        can [:show], [User], :id => user.id
      end
    end    
end

Now when I use curl to make GET, PUT & DELETE requests it works fine. Notice the auth_token param (it is admin user's token)

curl -k -H "Content-Type: application/json" -X GET https://localhost:3000/users.json?auth_token=Z6Sgkd65w1oCWckpNrdya54FkHy6sMgWLn1BNno7wa9xSEi0xvoxfrRD4Y8z -i

POST requests don't seem to work and get redirected which suggests authentication did not kick in using the provided token.

Post request:

curl -k -H "Content-Type: application/json" -X POST https://localhost:3000/users -d '{"auth_token":"Z6Sgkd65w1oCWckpNrdya54FkHy6sMgWLn1BNno7wa9xSEi0xvoxfrRD4Y8z", "user":{"company_name":"Test","role":"customer","password":"XXXXXXXX","password_confirmation":"XXXXXXXX","email":"[email protected]"}}' -i

Dev log:

Started POST "/users" for 127.0.0.1 at Fri Jan 07 18:54:27 +1100 2011
  Processing by UsersController#create as */*
  Parameters: {"auth_token"=>"Z6Sgkd65w1oCWckpNrdya54FkHy6sMgWLn1BNno7wa9xSEi0xvoxfrRD4Y8z", "user"=>{"company_name"=>"Test", "password_confirmation"=>"[FILTERED]", "role"=>"customer", "password"=>"[FILTERED]", "email"=>"[email protected]"}}
Completed   in 88ms
Redirected to https://localhost:3000/

Is the use of Curl incorrect? or
Do I need to login first and then set the session in the cookie in the POST request? or
Am I doing some silly monkies?

Am fairly new to Rails & Ruby so any help is greatly appreciated. Thanks.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

葬シ愛 2024-10-18 00:11:48

将其添加到您的控制器中：

# disable csrf protection for the controller: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
  skip_before_filter :verify_authenticity_token

这告诉控制器在接收 POST 时不要检查 Rails 期望的表单真实性令牌。

add this to your controller:

# disable csrf protection for the controller: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
  skip_before_filter :verify_authenticity_token

This is telling the controller not to check the form authenticity token that Rails is expecting when receiving a POST.

回复收藏 0 原文

~没有更多了~