API signin to generate token using devise in rails 4 -

April 15, 2012

i implementing api via rails.

i want implement following feature unable figure out how?

i tried sample app

i have user model email, password , access_token

class userscontroller < applicationcontroller     def signin           c_user = user.find_by_email(params[:email])         pass = params[:password]         if c_user.password == pass            render json: c_user.access_token         end       end      private       def users_params             params.require(:user).permit(:email, :password)      end  end

if user request via api http://localhost:3000/signin?email=t1@t.com&password=password

then check email , password , return access_token user can use future request.

i want implement same devise or other gem please me understand it. in advance

this how emplement such mechanism in apps:

generate access_token whenever user created.
respond access_token whenever user signs in.
require access_token authentication every request needed.

user.rb

class user < activerecord::base   # use before callback set user access_token.   before_save :ensure_authentication_token    # if user has no access_token, generate one.   def ensure_authentication_token     if access_token.blank?       self.access_token = generate_access_token     end   end    private      def generate_access_token       loop         token = devise.friendly_token         break token unless user.where(access_token: token).first       end     end end

application_controller.rb

class applicationcontroller < actioncontroller::base    private    # make authentication mechanism more safe,   # require access_token , user_email.   def authenticate_user_from_token!     user_email = params[:user_email].presence     user       = user_email && user.find_by_email(user_email)      # use devise.secure_compare compare access_token     # in database access_token given in params.     if user && devise.secure_compare(user.access_token, params[:access_token])        # passing store false, not store user in session,       # access_token needed every request.       # if want access_token work sign in token,       # can remove store: false.       sign_in user, store: false     end   end end

then can use before_filter in controller want protect access_token authentication:

before_filter :authenticate_user_from_token!

you needs override devise sessions controller, responds json holding access_token.

users/sessions_controller.rb

class users::sessionscontroller < devise::sessionscontroller    # disable csrf protection   skip_before_action :verify_authenticity_token    # sure enable json.   respond_to :html, :json    # post /resource/sign_in   def create     self.resource = warden.authenticate!(auth_options)     set_flash_message(:notice, :signed_in) if is_flashing_format?     sign_in(resource_name, resource)     yield resource if block_given?      respond_with resource, location: after_sign_in_path_for(resource) |format|       format.json { render json: {user_email: resource.email, access_token: resource.access_token} }     end   end  end

and make sure specify in routes:

routes.rb

devise_for :users, controllers: { sessions: 'users/sessions' }

Search This Blog

UV code

API signin to generate token using devise in rails 4 -

Comments

Post a Comment

Popular posts from this blog

shopping cart - Page redirect not working PHP -

php - How to modify a menu to show sub-menus -

python - Installing PyDev in eclipse is failed -