Omniauth 身份 InvalidAuthenticityToken
Omniauth-identity InvalidAuthenticityToken
我遵循了这个关于如何实施 Omniauth 身份的 railcasts 教程,但遇到了障碍。
当我尝试注册用户时弹出以下错误
ActionController::InvalidAuthenticityToken in SessionsController#create
在控制台日志中弹出以下错误
Processing by SessionsController#create as HTML
Parameters: {"name"=>"asdasd asdasd", "email"=>"asd@yopmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "provider"=>"identity"}
Can't verify CSRF token authenticity
用户被毫无问题地插入到身份模型中,但是当应用程序试图创建一个会话时,一切都是徒劳的。
这是我正在使用的相关代码
Gemfile
OpenID 身份验证
gem 'bcrypt-ruby', '~> 3.1.2'
gem 'omniauth-facebook'
gem 'omniauth-twitter'
gem 'omniauth-google-oauth2'
gem 'omniauth-identity'
initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET']
provider :identity
end
路线
get 'auth/:provider/callback', to: 'sessions#create'
post 'auth/:provider/callback', to: 'sessions#create'
get 'auth/failure', to: redirect('/')
get 'signout', to: 'sessions#destroy', as: 'signout'
会话控制器
def create
user = User.from_omniauth(env['omniauth.auth'])
session[:user_id] = user.id
redirect_to root_url, notice: "Signed In!"
end
用户模型
def self.from_omniauth(auth)
find_by_provider_and_uid(auth["provider"], auth["uid"]) || create_with_omniauth(auth)
end
Rails 检查 CSRF token, you can disable CSRF protection on controller by skipping the verification skip_before_action 时引发的错误 InvalidAuthenticityToken,添加到 SessionsController 的顶部:
skip_before_action :verify_authenticity_token, only: :create
但是你必须小心并阅读所有关于 CSRF 保护的内容。
我遵循了这个关于如何实施 Omniauth 身份的 railcasts 教程,但遇到了障碍。
当我尝试注册用户时弹出以下错误
ActionController::InvalidAuthenticityToken in SessionsController#create
在控制台日志中弹出以下错误
Processing by SessionsController#create as HTML
Parameters: {"name"=>"asdasd asdasd", "email"=>"asd@yopmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "provider"=>"identity"}
Can't verify CSRF token authenticity
用户被毫无问题地插入到身份模型中,但是当应用程序试图创建一个会话时,一切都是徒劳的。
这是我正在使用的相关代码
Gemfile
OpenID 身份验证
gem 'bcrypt-ruby', '~> 3.1.2'
gem 'omniauth-facebook'
gem 'omniauth-twitter'
gem 'omniauth-google-oauth2'
gem 'omniauth-identity'
initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET']
provider :identity
end
路线
get 'auth/:provider/callback', to: 'sessions#create'
post 'auth/:provider/callback', to: 'sessions#create'
get 'auth/failure', to: redirect('/')
get 'signout', to: 'sessions#destroy', as: 'signout'
会话控制器
def create
user = User.from_omniauth(env['omniauth.auth'])
session[:user_id] = user.id
redirect_to root_url, notice: "Signed In!"
end
用户模型
def self.from_omniauth(auth)
find_by_provider_and_uid(auth["provider"], auth["uid"]) || create_with_omniauth(auth)
end
Rails 检查 CSRF token, you can disable CSRF protection on controller by skipping the verification skip_before_action 时引发的错误 InvalidAuthenticityToken,添加到 SessionsController 的顶部:
skip_before_action :verify_authenticity_token, only: :create
但是你必须小心并阅读所有关于 CSRF 保护的内容。