使用Devise进行API身份validation(Ruby on Rails)

我正在尝试使用设计配置:token_authenticatable在我的项目中通过json添加身份validation。

我有从本文中获取的工作sessions_controller #create代码 – http://blog.codebykat.com/2012/07/23/remote-api-authentication-with-rails-3-using-activeresource-and-devise /

def create build_resource resource = User.find_for_database_authentication(:email => params[:email]) return invalid_login_attempt unless resource if resource.valid_password?(params[:password]) resource.ensure_authentication_token! #make sure the user has a token generated render :json => { :authentication_token => resource.authentication_token, :user_id => resource.id }, :status => :created return end end def invalid_login_attempt warden.custom_failure! render :json => { :errors => ["Invalid email or password."] }, :success => false, :status => :unauthorized end 

问题是本机设计sessions_controller #crera看起来像这样

  def create self.resource = warden.authenticate!(auth_options) set_flash_message(:notice, :signed_in) if is_navigational_format? sign_in(resource_name, resource) respond_with resource, :location => after_sign_in_path_for(resource) end 

我不知道如何结合这两个创建方法,以便在网站上和通过json进行身份validation?

UPDATE

工作代码

 def create respond_to do |format| format.json do build_resource resource = User.find_for_database_authentication(:email => params[:email]) return invalid_login_attempt unless resource if resource.valid_password?(params[:password]) resource.ensure_authentication_token! #make sure the user has a token generated render json: { authentication_token: resource.authentication_token, user_id: resource.id }, status: :created return end end format.html do self.resource = warden.authenticate!(auth_options) set_flash_message(:notice, :signed_in) if is_navigational_format? sign_in(resource_name, resource) respond_with resource, :location => after_sign_in_path_for(resource) end end end 

您希望SessionsController#create方法看起来像这样:

 class Users::SessionsController < Devise::SessionsController def create resource = warden.authenticate!(scope: resource_name, recall: "#{controller_path}#new") set_flash_message(:notice, :signed_in) if is_navigational_format? sign_in(resource_name, resource) respond_to do |format| format.html do respond_with resource, location: redirect_location(resource_name, resource) end format.json do render json: { response: 'ok', auth_token: current_user.authentication_token }.to_json, status: :ok end end end end 

...并确保您已配置设备以使用客户端将传递的令牌身份validation密钥。