Custom Devise 401 未经授权的响应
我正在为我的 Rails 3.1 应用程序开发基于 JSON 的 API。我想提供自定义失败响应而不是默认响应,即:
{"error":"You need to sign in or sign up before continuing."}
我的 API 控制器包含对 authenticate_user! 的 before_filter 调用,这就是呈现此 JSON 响应的原因。
在搜索时,我遇到了这个 StackOverflow 问题,其中引用了此 Devise wiki条目。不幸的是,维基条目不够详细,我无法理解它告诉我的内容。具体来说,我不知道应该将该代码放在哪里,以便设计/典狱长知道渲染我想要返回的内容。
从其他 SA 问题的评论来看,听起来我不需要调用 custom_failure! 因为我使用的是 1.2 以上的 Devise 版本(具体是 1.4.2)。但是,wiki 条目没有解释 render 调用应该去哪里,以便 authenticate_user! 知道使用它而不是它自己的渲染调用。
这个 render 调用去哪里了?
编辑:我不仅仅是试图更改消息本身(a la devise en.yml 配置);我正在尝试更改响应的实际格式。具体来说,我想返回这个:
render :text => "You must be logged in to do that.", :status => :unauthorized
I'm working on a JSON-based API for my Rails 3.1 app. I'd like to provide a custom failure response instead of the default, which is:
{"error":"You need to sign in or sign up before continuing."}
My API controller includes a before_filter call to authenticate_user!, which is what is rendering this JSON response.
While searching, I came across this StackOverflow question, which references this Devise wiki entry. Unfortunately, the wiki entry isn't verbose enough for me to understand what it's telling me. Specifically, I have no clue where I'm supposed to put that code such that Devise/Warden knows to render what I want returned.
From the comments on the other SA question, it sounds like I don't need to call custom_failure! since I'm using a version of Devise above 1.2 (1.4.2 to be specific). However, the wiki entry doesn't explain where the render call should go such that authenticate_user! knows to use that instead of its own render call.
Where does this render call go?
Edit: I'm not just trying to change the message itself (a la the devise en.yml config); I'm trying to change the actual format of the response. Specifically, I want to return this:
render :text => "You must be logged in to do that.", :status => :unauthorized
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
作为参考,以防其他人在使用 Devise 尝试登录失败时查找如何自定义 json 错误响应时偶然发现此问题,关键是使用您自己的自定义
FailureApp实现。 (您还可以使用此方法来覆盖某些重定向行为。)并在您的 devise.rb 中查找 config.warden 部分:
一些相关信息:
首先我我想我必须覆盖 Devise::SessionsController,可能使用这
recall选项传递给warden.authenticate!,但如上所述 此处,“不会针对 API 请求调用回调,仅针对导航请求调用。如果您想自定义 http 状态代码,那么在失败应用程序级别执行此操作会更顺利。”另外 https://github.com/plataformatec/devise/wiki/How-To%3a-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated< /a> 显示了与重定向非常相似的内容。
For reference in case anyone else stumbles upon this question when looking for how to customize the json error response when a failed login attempt is made using Devise, the key is to use your own custom
FailureAppimplementation. (You can also use this approach to override some redirect behavior.)and in your
devise.rb, look for theconfig.wardensection:Some related info:
At first I thought I would have to override Devise::SessionsController, possibly using the
recalloption passed towarden.authenticate!, but as mentioned here, "recall is not invoked for API requests, only for navigational ones. If you want to customise the http status code, you will have better luck doing so at the failure app level."Also https://github.com/plataformatec/devise/wiki/How-To%3a-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated shows something very similar for redirection.
如果您只是想更改错误消息中显示的文本,我相信您只需编辑区域设置文件(/config/locales/devise.en.yml)即可。
如果您需要更多具体细节,有关此主题的 RailsCast 也可能会有所帮助。您可以在 http://railscasts.com/episodes/210-customizing-devise
If you're simply wanting to change the text displayed with the error message, I believe you can just edit the locale file (/config/locales/devise.en.yml).
The RailsCast on this topic might be helpful too, if you want more specific details. You can find it at http://railscasts.com/episodes/210-customizing-devise