Build background: Rails + device
1. After adding the authentication_token field in user
#Models/user.rbClass User < ActiveRecord::Base Before_save:ensure_authentication_token ... # token automatically generates a new token def Ensure_authentication_token if Authentication_token.blank? self.authentication_token = Generate_authentication_token end End private
# Guarantee Tokend's only def Generate_authentication_token loop do token = Devise.friendly_token break token unless user.where (authentication_token:token). First End EndEnd
2. Add a token authentication method to the program globally
#controllers/application_controller.rbclassApplicationcontroller <Actioncontroller::base#because it's used as an API, it turns off anti-csrf or something goes wrong.protect_from_forgery with:: Null_session private#Get Http:/xxx.com/books.json?token=amuj5kiylbmzdjpr_iau #determine if the value of the token exists, and if it exists and can be found in the user table, log in defauthenticate_user_from_token! Token=params[:token].presence User= Token &&User.find_by_authentication_token (token.to_s)ifuser sign_in User, Store:false end endend
3. Allow login, register to return token
##app/controllers/users/registrations_controller.rb defCreate @user=user.new (user_params) respond_to do|format|if@user. Save Format.json {render json: {success:true, token: @user. Authentication_token, user_id: @user. ID}} End End End Privatedefuser_params params.require (: User). Permit (: Email,:p assword,:p assword_confirmation) End#app/controllers/users/sessions_controller.rb defCreate##验证邮箱是否存在user = User.find_for_database_authentication (: email =Params[:user][:email])returnRender JSON: {error: {status:-1}} Unless user respond_to do|format|#Verify that the password is correct ifResource.valid_password? (params[:user][:p assword]) sign_in ("User", user) User.ensure_authentication_token Format.json {render json: {token:user.authentication _token, user_id:user.id}}ElseFormat.json {Render json: {error: {status:-1}}} end end End#Sign Out is to replace user token defDestroy Current_user.authentication_token=Devise.friendly_token Sign_out (CURRENT_USER) render JSON: {success:true} end
Use
1. The client sends the account password to the service side, and the server returns token after successful verification, and the client stores the token locally
2. After the URL of a request (GET, POST, DELETE) that requires authentication, add a string such as user=xxxxxxxxxx, such as:
Http:/xxx.com/books.json?token=amuj5kiylbmzdjpr_iau
Examples of sending requests with curl:
#RegisterCurl-x post-h'Content-type:application/json'-D'{"User": {"password": "12345678", "password_confirmation": "12345678", "email": "[email protected]"}}'Http://localhost:3000/Users.json#LoginCurl-x post-h'Content-type:application/json'-D'{"User": {"email": "[email protected]", "Password": "12345678"}}'http://localhost:3000/users/sign_in#get back JSON:{"User_token":"Amuj5kiylbmzdjpr_iau","user_id": 1}#New CommentCurl-x post-h"Content-type:application/json"-D'{"comment": {"comment_content": "Test"}}'Localhost:3000/comments.json?user_token=amuj5kiylbmzdjpr_iau
Token in Rails