-
-
Save skozz/8116837 to your computer and use it in GitHub Desktop.
Authenticate your API with Devise gem, token by header. Ruby on Rails 4. Read the comments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Session controller provides a token | |
#/controllers/api/sessions_controller.rb | |
class Api::SessionsController < Devise::SessionsController | |
before_filter :authenticate_user!, :except => [:create] | |
before_filter :ensure_params_exist, :except => [:destroy] | |
respond_to :json | |
def create | |
resource = User.find_for_database_authentication(:email => params[:user_login][:email]) | |
return invalid_login_attempt unless resource | |
if resource.valid_password?(params[:user_login][:password]) | |
sign_in(:user, resource) | |
resource.ensure_authentication_token! | |
render :json=> {:auth_token=>resource.authentication_token, :email=>resource.email}, :status => :ok | |
return | |
end | |
invalid_login_attempt | |
end | |
def destroy | |
resource = User.find_by_authentication_token(params[:auth_token]||request.headers["X-AUTH-TOKEN"]) | |
resource.authentication_token = nil | |
resource.save | |
sign_out(resource_name) | |
render :json => {}.to_json, :status => :ok | |
end | |
protected | |
def ensure_params_exist | |
return unless params[:user_login].blank? | |
render :json=>{:message=>"missing user_login parameter"}, :status=>422 | |
end | |
def invalid_login_attempt | |
render :json=> {:message=>"Error with your login or password"}, :status=>401 | |
end | |
end | |
#Base controller which inherited by every api controller | |
#/controllers/api/base_controller.rb | |
class Api::BaseController < InheritedResources::Base | |
before_filter :authenticate_user! | |
prepend_before_filter :get_auth_token | |
respond_to :xml, :json | |
private | |
def get_auth_token | |
if auth_token = params[:auth_token].blank? && request.headers["X-AUTH-TOKEN"] | |
params[:auth_token] = auth_token | |
end | |
end | |
end | |
#Your resources controllers | |
#/controllers/api/v1/products_controller.rb | |
module Api | |
module V1 | |
class ProductsController < Api::BaseController | |
end | |
end | |
end | |
#Routes | |
namespace :api, :defaults => {:format => 'json'} do | |
devise_for :users | |
namespace :v1 do | |
resources :products | |
end | |
end | |
#*** How to get a token: well, you have to provide email and password *** | |
#with curl | |
curl -d "user_login[email][email protected]&user_login[password]=yourpassword" http://localhost:3001/api/users/sign_in --noproxy localhost | |
{"email":"[email protected]","success":true,"auth_token":"G3xbSrS4uqLU484eUw9h"} | |
#with HTTPClient | |
clnt = HTTPClient.new | |
res = clnt.post("http://localhost:3001/api/users/sign_in", {"user_login[email]" => "[email protected]", "user_login[password]" => "yourpassword"}) | |
auth_token = JSON(res.body)["auth_token"] | |
=> "G3xbSrS4uqLU484eUw9h" | |
#*** How to get data using the token *** | |
#with curl | |
curl -H "X-AUTH-TOKEN: G3xbSrS4uqLU484eUw9h" http://localhost:3001/api/v1/products/1 --noproxy localhost --get | |
#with HTTPClient gem | |
clnt = HTTPClient.new | |
clnt.get("http://localhost:3001/api/v1/products/1", nil, {"X-AUTH-TOKEN" => "G3xbSrS4uqLU484eUw9h"}).content | |
#*** At the end, remove the access token *** | |
#with curl | |
curl -X DELETE -H "X-AUTH-TOKEN: G3xbSrS4uqLU484eUw9h" http://localhost:3001/api/users/sign_out | |
#with HTTPClient gem | |
clnt.delete("http://localhost:3001/api/users/sign_out", {"X-AUTH-TOKEN" => "G3xbSrS4uqLU484eUw9h"}) | |
How do we check for lockable if user attempt to login 5 times failed?
Thanks for helping me to login to my ruby.
I have a little problem.
- When I'm in, my next curl is
#*** How to get data using the token ***
with curl
curl -H "X-AUTH-TOKEN: G3xbSrS4uqLU484eUw9h" http://localhost:3001/api/v1/products/1 --noproxy localhost --get
but i get this:
You are being redirected.
Uh, got to install this before
https://github.com/baschtl/devise-token_authenticatable
And add this columns to users table:
t.string :authentication_token, null: false, default: ""
t.datetime :authentication_token_created_at
Finally add
protect_from_forgery
to sessions controller
👍
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://soryy.com/blog/2014/apis-with-devise/
https://www.airpair.com/ruby-on-rails/posts/building-a-restful-api-in-a-rails-application