无法通过 ng-token-auth/devise-token-auth 请求发送令牌
Can't send token with request with ng-token-auth/devise-token-auth
我正在学习一个很棒的教程,可以在这里找到:https://www.airpair.com/ruby-on-rails/posts/authentication-with-angularjs-and-ruby-on-rails 作者
https://whosebug.com/users/199712/jason-swett.
我想弄清楚为什么我无法在 sign_in 上使用 header 中的令牌发送请求。我的用户注册调用效果很好,在数据库中创建了一个新用户,但是当我尝试登录时,没有发送令牌。
这是我的 index.coffee
angular.module 'angDomino', ['ngAnimate', 'ngCookies', 'ngTouch', 'ngSanitize', 'ngResource', 'ui.router', 'rails', 'ng-token-auth']
.config ($stateProvider, $urlRouterProvider, $locationProvider, $authProvider) ->
$authProvider.configure({
apiUrl: '/api'
})
$locationProvider.html5Mode({
enabled: true,
requireBase: false
})
$stateProvider
.state "home",
url: "/",
templateUrl: "app/views/main.html",
controller: "MainCtrl"
.state "groups",
url: "/groups",
templateUrl: "app/views/groups.html",
controller: "GroupsCtrl"
.state "sign_in",
url: "/sign_in",
templateUrl: "app/views/user_sessions/new.html",
controller: "UserSessionsCtrl"
.state "sign_up",
url: "/sign_up",
templateUrl: "app/views/user_registrations/new.html",
controller: "UserRegistrationsCtrl"
$urlRouterProvider.otherwise '/'
.factory "Group", (RailsResource) ->
class Group extends RailsResource
@configure url: "/api/groups", name: "group"
这是注册请求header:
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:158
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_up
以及注册响应:
access-token:ZAC77KtVm_BBXExMiF5Okg
cache-control:max-age=0, private, must-revalidate
client:AqyOPNCBIiufWAZqTkIPZg
connection:close
content-length:240
content-type:application/json; charset=utf-8
date:Tue, 28 Apr 2015 23:38:58 GMT
etag:"e190da3eab4b3b2da0d6dc8257fd6d91"
expiry:1431473938
server:WEBrick/1.3.1 (Ruby/2.1.2/2014-05-08)
token-type:Bearer
uid:cc0e37ab-f891-4334-a887-c0a71903edf9
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-request-id:8bf9fe8a-73b9-4e3d-ad40-c8574e88e7c3
x-runtime:0.272364
x-xss-protection:1; mode=block
注销完美无缺(要求header):
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
access-token:0PSupG02KwsbU6k1nQuTXQ
Cache-Control:max-age=0
client:AqyOPNCBIiufWAZqTkIPZg
Connection:keep-alive
Cookie:auth_headers=%7B%22access-token%22%3A%220PSupG02KwsbU6k1nQuTXQ%22%2C%22token-type%22%3A%22Bearer%22%2C%22client%22%3A%22AqyOPNCBIiufWAZqTkIPZg%22%2C%22expiry%22%3A%221431474351%22%2C%22uid%22%3A%22d1871d3d-a8a9-437a-88b9-e0a43f5896da%22%7D
DNT:1
expiry:1431474351
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_up
token-type:Bearer
uid:d1871d3d-a8a9-437a-88b9-e0a43f5896da
但是当我尝试使用相同的 email/pwd 登录时,我得到:
一般
Remote Address:127.0.0.1:9000
Request URL:http://localhost:9000/api/auth/sign_in
Request Method:POST
Status Code:401 Unauthorized
请求Headers
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:43
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_in
有人知道为什么登录不发送令牌吗?
这是我的 user_sessions 控制器(在 coffeescript 中):
angular.module('angDomino').controller 'UserSessionsCtrl', [
'$scope'
($scope) ->
$scope.$on 'auth:login-error', (ev, reason) ->
$scope.error = reason.errors[0]
return
return
]
这是完整的 sign_in headers:
General
Remote Address:127.0.0.1:9000
Request URL:http://localhost:9000/api/auth/sign_in
Request Method:POST
Status Code:401 Unauthorized
Response Headers
view source
cache-control:no-cache
connection:close
content-length:59
content-type:application/json; charset=utf-8
date:Thu, 07 May 2015 12:53:46 GMT
server:WEBrick/1.3.1 (Ruby/2.1.2/2014-05-08)
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-request-id:480b63c1-1415-4c49-8774-ccfc11eee644
x-runtime:0.005285
x-xss-protection:1; mode=block
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:43
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_in
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
Request Payload
view source
{email: "b@b.com", password: "1234567890"}
email: "b@b.com"
password: "1234567890"
这是 sign_up 的 dev.log:
Started POST "/api/auth" for 127.0.0.1 at 2015-05-07 07:40:18 -0500
[1m[36mActiveRecord::SchemaMigration Load (0.9ms)[0m [1mSELECT "schema_migrations".* FROM "schema_migrations"[0m
Processing by DeviseTokenAuth::RegistrationsController#create as HTML
Parameters: {"email"=>"b@b.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "confirm_success_url"=>"http://localhost:9000/sign_up", "config_name"=>"default"}
Unpermitted parameters: confirm_success_url, config_name
Unpermitted parameters: confirm_success_url, config_name
[1m[35m (0.4ms)[0m BEGIN
[1m[36m (1.4ms)[0m [1mSELECT COUNT(*) FROM "users" WHERE "users"."provider" = 'email' AND "users"."email" = 'b@b.com'[0m
[1m[35mSQL (2.9ms)[0m INSERT INTO "users" ("confirmed_at", "created_at", "email", "encrypted_password", "provider", "tokens", "uid", "updated_at") VALUES (, , , , , , , ) RETURNING "id" [["confirmed_at", "2015-05-07 12:40:18.475118"], ["created_at", "2015-05-07 12:40:18.475466"], ["email", "b@b.com"], ["encrypted_password", "adSKnalwMHcuTrWSDEbLSen85tzA9DEyH.Q.EnxHllwZeNOdvBUMy"], ["provider", "email"], ["tokens", "{}"], ["uid", "b@b.com"], ["updated_at", "2015-05-07 12:40:18.475466"]]
[1m[36m (79.9ms)[0m [1mCOMMIT[0m
[1m[35m (0.1ms)[0m BEGIN
[1m[36mSQL (0.5ms)[0m [1mUPDATE "users" SET "confirmed_at" = , "tokens" = , "uid" = , "updated_at" = WHERE "users"."id" = 2[0m [["confirmed_at", "2015-05-07 12:40:18.638115"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"a$aJFJmimoQNQFz3T9rItGwOzHMRwtuENcBhZdVCC2b0GBsinKgIhuC\",\"expiry\":1432212018}}"], ["uid", "9ae44b7b-3f7a-4f2d-9091-4cc779751355"], ["updated_at", "2015-05-07 12:40:18.638237"]]
[1m[35m (0.3ms)[0m COMMIT
[1m[36m (0.1ms)[0m [1mBEGIN[0m
[1m[35mUser Load (0.5ms)[0m SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 FOR UPDATE [["id", 2]]
[1m[36mSQL (0.6ms)[0m [1mUPDATE "users" SET "confirmed_at" = , "tokens" = , "uid" = , "updated_at" = WHERE "users"."id" = 2[0m [["confirmed_at", "2015-05-07 12:40:18.712254"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"a$nb1iyRMzNgjvi34tMK5Ysers4IOulvviMJSA5Q8uop5ARuXMOtxDa\",\"expiry\":1432212018,\"last_token\":\"a$aJFJmimoQNQFz3T9rItGwOzHMRwtuENcBhZdVCC2b0GBsinKgIhuC\",\"updated_at\":\"2015-05-07T07:40:18.711-05:00\"}}"], ["uid", "95b1c932-b763-4f32-b441-0968175575d5"], ["updated_at", "2015-05-07 12:40:18.712496"]]
[1m[35m (0.3ms)[0m COMMIT
Completed 200 OK in 363ms (Views: 0.3ms | ActiveRecord: 90.3ms)
Started GET "/api/auth/validate_token" for 127.0.0.1 at 2015-05-07 07:44:29 -0500
Processing by DeviseTokenAuth::TokenValidationsController#validate_token as HTML
[1m[36mUser Load (0.5ms)[0m [1mSELECT "users".* FROM "users" WHERE "users"."uid" = '95b1c932-b763-4f32-b441-0968175575d5' LIMIT 1[0m
[1m[35m (0.3ms)[0m BEGIN
[1m[36mUser Load (0.5ms)[0m [1mSELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 FOR UPDATE[0m [["id", 2]]
[1m[35mSQL (1.0ms)[0m UPDATE "users" SET "confirmed_at" = , "tokens" = , "uid" = , "updated_at" = WHERE "users"."id" = 2 [["confirmed_at", "2015-05-07 12:44:29.561416"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"azZRRlJ3rvIS0H/jQUITB.4kEQfdENDB92uCDf84EXsF93V5EzIFS\",\"expiry\":1432212269,\"last_token\":\"a$nb1iyRMzNgjvi34tMK5Ysers4IOulvviMJSA5Q8uop5ARuXMOtxDa\",\"updated_at\":\"2015-05-07T07:44:29.560-05:00\"}}"], ["uid", "c9719276-a107-41f7-868f-9ed8c87cfa3a"], ["updated_at", "2015-05-07 12:44:29.561612"]]
[1m[36m (1.2ms)[0m [1mCOMMIT[0m
Completed 200 OK in 144ms (Views: 0.2ms | ActiveRecord: 3.4ms)
这是 sign_in 的 dev.log:
Started POST "/api/auth/sign_in" for 127.0.0.1 at 2015-05-07 07:53:46 -0500
Processing by DeviseTokenAuth::SessionsController#create as HTML
Parameters: {"email"=>"b@b.com", "password"=>"[FILTERED]"}
[1m[35mUser Load (1.5ms)[0m SELECT "users".* FROM "users" WHERE (uid='b@b.com' AND provider='email') ORDER BY "users"."id" ASC LIMIT 1
Completed 401 Unauthorized in 3ms (Views: 0.2ms | ActiveRecord: 1.5ms)
显然,至少在这个时间点,您必须让您的用户的 uid 与您的用户的 email 匹配。
我正在学习一个很棒的教程,可以在这里找到:https://www.airpair.com/ruby-on-rails/posts/authentication-with-angularjs-and-ruby-on-rails 作者 https://whosebug.com/users/199712/jason-swett.
我想弄清楚为什么我无法在 sign_in 上使用 header 中的令牌发送请求。我的用户注册调用效果很好,在数据库中创建了一个新用户,但是当我尝试登录时,没有发送令牌。
这是我的 index.coffee
angular.module 'angDomino', ['ngAnimate', 'ngCookies', 'ngTouch', 'ngSanitize', 'ngResource', 'ui.router', 'rails', 'ng-token-auth']
.config ($stateProvider, $urlRouterProvider, $locationProvider, $authProvider) ->
$authProvider.configure({
apiUrl: '/api'
})
$locationProvider.html5Mode({
enabled: true,
requireBase: false
})
$stateProvider
.state "home",
url: "/",
templateUrl: "app/views/main.html",
controller: "MainCtrl"
.state "groups",
url: "/groups",
templateUrl: "app/views/groups.html",
controller: "GroupsCtrl"
.state "sign_in",
url: "/sign_in",
templateUrl: "app/views/user_sessions/new.html",
controller: "UserSessionsCtrl"
.state "sign_up",
url: "/sign_up",
templateUrl: "app/views/user_registrations/new.html",
controller: "UserRegistrationsCtrl"
$urlRouterProvider.otherwise '/'
.factory "Group", (RailsResource) ->
class Group extends RailsResource
@configure url: "/api/groups", name: "group"
这是注册请求header:
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:158
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_up
以及注册响应:
access-token:ZAC77KtVm_BBXExMiF5Okg
cache-control:max-age=0, private, must-revalidate
client:AqyOPNCBIiufWAZqTkIPZg
connection:close
content-length:240
content-type:application/json; charset=utf-8
date:Tue, 28 Apr 2015 23:38:58 GMT
etag:"e190da3eab4b3b2da0d6dc8257fd6d91"
expiry:1431473938
server:WEBrick/1.3.1 (Ruby/2.1.2/2014-05-08)
token-type:Bearer
uid:cc0e37ab-f891-4334-a887-c0a71903edf9
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-request-id:8bf9fe8a-73b9-4e3d-ad40-c8574e88e7c3
x-runtime:0.272364
x-xss-protection:1; mode=block
注销完美无缺(要求header):
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
access-token:0PSupG02KwsbU6k1nQuTXQ
Cache-Control:max-age=0
client:AqyOPNCBIiufWAZqTkIPZg
Connection:keep-alive
Cookie:auth_headers=%7B%22access-token%22%3A%220PSupG02KwsbU6k1nQuTXQ%22%2C%22token-type%22%3A%22Bearer%22%2C%22client%22%3A%22AqyOPNCBIiufWAZqTkIPZg%22%2C%22expiry%22%3A%221431474351%22%2C%22uid%22%3A%22d1871d3d-a8a9-437a-88b9-e0a43f5896da%22%7D
DNT:1
expiry:1431474351
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_up
token-type:Bearer
uid:d1871d3d-a8a9-437a-88b9-e0a43f5896da
但是当我尝试使用相同的 email/pwd 登录时,我得到:
一般
Remote Address:127.0.0.1:9000
Request URL:http://localhost:9000/api/auth/sign_in
Request Method:POST
Status Code:401 Unauthorized
请求Headers
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:43
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_in
有人知道为什么登录不发送令牌吗? 这是我的 user_sessions 控制器(在 coffeescript 中):
angular.module('angDomino').controller 'UserSessionsCtrl', [
'$scope'
($scope) ->
$scope.$on 'auth:login-error', (ev, reason) ->
$scope.error = reason.errors[0]
return
return
]
这是完整的 sign_in headers:
General
Remote Address:127.0.0.1:9000
Request URL:http://localhost:9000/api/auth/sign_in
Request Method:POST
Status Code:401 Unauthorized
Response Headers
view source
cache-control:no-cache
connection:close
content-length:59
content-type:application/json; charset=utf-8
date:Thu, 07 May 2015 12:53:46 GMT
server:WEBrick/1.3.1 (Ruby/2.1.2/2014-05-08)
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-request-id:480b63c1-1415-4c49-8774-ccfc11eee644
x-runtime:0.005285
x-xss-protection:1; mode=block
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:43
Content-Type:application/json;charset=UTF-8
DNT:1
Host:localhost:9000
If-Modified-Since:0
Origin:http://localhost:9000
Referer:http://localhost:9000/sign_in
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
Request Payload
view source
{email: "b@b.com", password: "1234567890"}
email: "b@b.com"
password: "1234567890"
这是 sign_up 的 dev.log:
Started POST "/api/auth" for 127.0.0.1 at 2015-05-07 07:40:18 -0500
[1m[36mActiveRecord::SchemaMigration Load (0.9ms)[0m [1mSELECT "schema_migrations".* FROM "schema_migrations"[0m
Processing by DeviseTokenAuth::RegistrationsController#create as HTML
Parameters: {"email"=>"b@b.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "confirm_success_url"=>"http://localhost:9000/sign_up", "config_name"=>"default"}
Unpermitted parameters: confirm_success_url, config_name
Unpermitted parameters: confirm_success_url, config_name
[1m[35m (0.4ms)[0m BEGIN
[1m[36m (1.4ms)[0m [1mSELECT COUNT(*) FROM "users" WHERE "users"."provider" = 'email' AND "users"."email" = 'b@b.com'[0m
[1m[35mSQL (2.9ms)[0m INSERT INTO "users" ("confirmed_at", "created_at", "email", "encrypted_password", "provider", "tokens", "uid", "updated_at") VALUES (, , , , , , , ) RETURNING "id" [["confirmed_at", "2015-05-07 12:40:18.475118"], ["created_at", "2015-05-07 12:40:18.475466"], ["email", "b@b.com"], ["encrypted_password", "adSKnalwMHcuTrWSDEbLSen85tzA9DEyH.Q.EnxHllwZeNOdvBUMy"], ["provider", "email"], ["tokens", "{}"], ["uid", "b@b.com"], ["updated_at", "2015-05-07 12:40:18.475466"]]
[1m[36m (79.9ms)[0m [1mCOMMIT[0m
[1m[35m (0.1ms)[0m BEGIN
[1m[36mSQL (0.5ms)[0m [1mUPDATE "users" SET "confirmed_at" = , "tokens" = , "uid" = , "updated_at" = WHERE "users"."id" = 2[0m [["confirmed_at", "2015-05-07 12:40:18.638115"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"a$aJFJmimoQNQFz3T9rItGwOzHMRwtuENcBhZdVCC2b0GBsinKgIhuC\",\"expiry\":1432212018}}"], ["uid", "9ae44b7b-3f7a-4f2d-9091-4cc779751355"], ["updated_at", "2015-05-07 12:40:18.638237"]]
[1m[35m (0.3ms)[0m COMMIT
[1m[36m (0.1ms)[0m [1mBEGIN[0m
[1m[35mUser Load (0.5ms)[0m SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 FOR UPDATE [["id", 2]]
[1m[36mSQL (0.6ms)[0m [1mUPDATE "users" SET "confirmed_at" = , "tokens" = , "uid" = , "updated_at" = WHERE "users"."id" = 2[0m [["confirmed_at", "2015-05-07 12:40:18.712254"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"a$nb1iyRMzNgjvi34tMK5Ysers4IOulvviMJSA5Q8uop5ARuXMOtxDa\",\"expiry\":1432212018,\"last_token\":\"a$aJFJmimoQNQFz3T9rItGwOzHMRwtuENcBhZdVCC2b0GBsinKgIhuC\",\"updated_at\":\"2015-05-07T07:40:18.711-05:00\"}}"], ["uid", "95b1c932-b763-4f32-b441-0968175575d5"], ["updated_at", "2015-05-07 12:40:18.712496"]]
[1m[35m (0.3ms)[0m COMMIT
Completed 200 OK in 363ms (Views: 0.3ms | ActiveRecord: 90.3ms)
Started GET "/api/auth/validate_token" for 127.0.0.1 at 2015-05-07 07:44:29 -0500
Processing by DeviseTokenAuth::TokenValidationsController#validate_token as HTML
[1m[36mUser Load (0.5ms)[0m [1mSELECT "users".* FROM "users" WHERE "users"."uid" = '95b1c932-b763-4f32-b441-0968175575d5' LIMIT 1[0m
[1m[35m (0.3ms)[0m BEGIN
[1m[36mUser Load (0.5ms)[0m [1mSELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 FOR UPDATE[0m [["id", 2]]
[1m[35mSQL (1.0ms)[0m UPDATE "users" SET "confirmed_at" = , "tokens" = , "uid" = , "updated_at" = WHERE "users"."id" = 2 [["confirmed_at", "2015-05-07 12:44:29.561416"], ["tokens", "{\"wASSQpP_tjVaK-VoROXwHg\":{\"token\":\"azZRRlJ3rvIS0H/jQUITB.4kEQfdENDB92uCDf84EXsF93V5EzIFS\",\"expiry\":1432212269,\"last_token\":\"a$nb1iyRMzNgjvi34tMK5Ysers4IOulvviMJSA5Q8uop5ARuXMOtxDa\",\"updated_at\":\"2015-05-07T07:44:29.560-05:00\"}}"], ["uid", "c9719276-a107-41f7-868f-9ed8c87cfa3a"], ["updated_at", "2015-05-07 12:44:29.561612"]]
[1m[36m (1.2ms)[0m [1mCOMMIT[0m
Completed 200 OK in 144ms (Views: 0.2ms | ActiveRecord: 3.4ms)
这是 sign_in 的 dev.log:
Started POST "/api/auth/sign_in" for 127.0.0.1 at 2015-05-07 07:53:46 -0500
Processing by DeviseTokenAuth::SessionsController#create as HTML
Parameters: {"email"=>"b@b.com", "password"=>"[FILTERED]"}
[1m[35mUser Load (1.5ms)[0m SELECT "users".* FROM "users" WHERE (uid='b@b.com' AND provider='email') ORDER BY "users"."id" ASC LIMIT 1
Completed 401 Unauthorized in 3ms (Views: 0.2ms | ActiveRecord: 1.5ms)
显然,至少在这个时间点,您必须让您的用户的 uid 与您的用户的 email 匹配。