如何使用从 RoR 应用程序到另一个 RoR 应用程序的 HTTP POST 请求来处理 AuthenticityToken 值?
我正在使用 Ruby on Rails 3,我想知道如何使用从 RoR 应用程序到另一个 RoR 应用程序的 HTTP POST 请求来处理 AuthenticityToken 值。在这种情况下,如果他/她提供了正确的电子邮件和密码值,我的目标是提交登录表单并以JSON格式返回用户信息。
我在此 URL 处有一个 RoR 应用程序
pjtnam.com
,在该 URL 处有另一个 RoR 应用程序
users.pjtname.com
如果我从应用程序 pjtname.com 向应用程序 users.pjtname.com 发出 HTTP POST 请求像这样(在这个例子中我使用 Typhoeus gem)
response = Typhoeus::Request.post("http://users.pjtname.com/authentications",
:params => {
:new_authentication => {
:email => email,
:password => password
}
}
)
我得到这个响应
<h1>
ActionController::InvalidAuthenticityToken
in AuthenticationsController#create
</h1>
<pre>ActionController::InvalidAuthenticityToken</pre>
所以,如何以安全的方式\模式处理 AuthenticityToken 值? 我想知道应用程序何时位于同一服务器上以及何时不在同一服务器上。
在 http: //users.pjtname.com/authentications/new 我有以下表单用于登录用户:
<%= form_for(:new_authentication) do |f| %>
<%= f.label :email %>
<%= f.label :password %>
<%= f.submit "Sign in" %>
<% end %>
在authentications_controller.rb中我有
def create
# Note ':authentication' symbol is different than ':new_authentication' seen in HTTP POST parameters and in the above form
@authentication = Authentication.new(params[:authentication])
@account = Account.sign_in_account(params[:new_authentication][:email], params[:new_authentication][:password])
...
respond_to do |format|
format.html {
redirect_to @account
}
format.js {
render(:update) { |page|
page.redirect_to @account
}
}
format.json {
render :json => @account
}
end
end
在routes.rb中我有
resources :authentications do #, :path => "authentication" do
member do
get 'confirm_authentication'
post 'confirm_authentication'
end
end
更新 >@idlefingers 回答
请求
Typhoeus::Request.post("http://users.pjtname.com/authentications/new",
# or
# Typhoeus::Request.post("http://users.pjtname.com/authentications",
:headers => {"Content-Type" => "application/json"},
:params => { ... } # Same parameters as above
}
)
响应
<h1>
StandardError
</h1>
<pre>Invalid JSON string</pre>
请求
Typhoeus::Request.post("http://users.pjtname.com/authentications/new.json",
:params => { ... } # Same parameters as above
}
)
响应
<h1>Routing Error</h1>
<p><pre>No route matches "/authentications/new.json"</pre></p>
I am using Ruby on Rails 3 and I would like to know how to handle the AuthenticityToken value using a HTTP POST request from a RoR application to another RoR application. In this case I aim to submit a sign in form and return the user information in JSON format if he\she provided correct email and password values.
I have a RoR application at this URL
pjtnam.com
and another RoR application at this URL
users.pjtname.com
If I make an HTTP POST request from the application pjtname.com to the application users.pjtname.com like this (in this example I use the Typhoeus gem)
response = Typhoeus::Request.post("http://users.pjtname.com/authentications",
:params => {
:new_authentication => {
:email => email,
:password => password
}
}
)
I get this response
<h1>
ActionController::InvalidAuthenticityToken
in AuthenticationsController#create
</h1>
<pre>ActionController::InvalidAuthenticityToken</pre>
So, how to handle the AuthenticityToken value in a safe approach\mode? I would like to know in both when applications are located on the same server and when they aren't.
At http://users.pjtname.com/authentications/new I have the following form for signing in users:
<%= form_for(:new_authentication) do |f| %>
<%= f.label :email %>
<%= f.label :password %>
<%= f.submit "Sign in" %>
<% end %>
In the authentications_controller.rb I have
def create
# Note ':authentication' symbol is different than ':new_authentication' seen in HTTP POST parameters and in the above form
@authentication = Authentication.new(params[:authentication])
@account = Account.sign_in_account(params[:new_authentication][:email], params[:new_authentication][:password])
...
respond_to do |format|
format.html {
redirect_to @account
}
format.js {
render(:update) { |page|
page.redirect_to @account
}
}
format.json {
render :json => @account
}
end
end
In routes.rb I have
resources :authentications do #, :path => "authentication" do
member do
get 'confirm_authentication'
post 'confirm_authentication'
end
end
UPDATE for the @idlefingers answer
REQUEST
Typhoeus::Request.post("http://users.pjtname.com/authentications/new",
# or
# Typhoeus::Request.post("http://users.pjtname.com/authentications",
:headers => {"Content-Type" => "application/json"},
:params => { ... } # Same parameters as above
}
)
RESPONSE
<h1>
StandardError
</h1>
<pre>Invalid JSON string</pre>
REQUEST
Typhoeus::Request.post("http://users.pjtname.com/authentications/new.json",
:params => { ... } # Same parameters as above
}
)
RESPONSE
<h1>Routing Error</h1>
<p><pre>No route matches "/authentications/new.json"</pre></p>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看起来它没有发送具有正确内容类型的请求。如果内容类型是 application/xml 或 application/json,Rails 应该跳过真实性令牌检查,这样它就可以很好地与 API 配合使用,而不必完全禁用真实性令牌。
我不知道 Typhoeus gem,但看起来您可能需要将“.json”或“.xml”添加到 url(取决于您实现的 API),或者可能需要将其传递为标头哈希中的选项。
It looks like it's not sending the request with the correct content type. Rails should skip the authenticity token check if the content-type is application/xml or application/json, so that it plays nice with APIs without having to disable the authenticity token altogether.
I don't know the Typhoeus gem, but it looks like you may need to just add ".json" or ".xml" to the url (depending on the API you've implemented), or may need to pass it in as options in the headers hash.