I'm following this excellent article to setup the authentification part of my rails (3.2) API:
http://blog.joshsoftware.com/2011/12/23/designing-rails-api-using-rabl-and-devise/
I have done the following step:
-Added devise to Gemfile
-Enabled devise for the user model and ran the migrations required
-My user model is
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
devise :token_authenticatable
attr_accessible :email, :authentication_token, :password, :password_confirmation, :remember_me
end
as well as the token_authenticable in Database (via a migration).
-Subclassed the RegistrationController with:
class RegistrationsController < Devise::RegistrationsController
def new
super
end
def create
resource = warden.authenticate!(:scope => resource_name, :recall => " {controller_path}#new")
sign_in(resource_name, resource)
current_user.reset_authentication_token!
respond_with resource, :location => after_sign_in_path_for(resource)
end
def update
super
end
end
-In routes.rb, I have:
devise_for :users, :controllers => {:registrations => "registrations"}
USER CREATION
I'd like the following request to create a user and to send back the authentification_token:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"email@gmail.com", "password":"pass"}}' 'http://localhost:3000/users.json
My understanding is that the logic should go in the "create" method of the registration controller (that should create the user and log him in at the same time). I think I should be wrong as the message I got in return is:
{"error":"You need to sign in or sign up before continuing."}
What is the missing piece to have the new user created and logged ? Isn't POST to users.json mapped to RegistrationController#create ?
USER LOGIN
Also, I'd like the following request to log a user in (sending him back his authentification_token once the login / password have been checked)
curl -H "Accept: application/json" -H "Content-type: application/json" -X GET -d '{"user":{"email":"email@gmail.com","password":"pass"}}' 'http://localhost:3000/users.json
I guess the logic should go in the "update" method of RegistrationController but not 100% sure about that. Once the login is done I will then add the token authentification to protect the creation / view of some other models.
UPDATE
When I issue:
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"user":{"email":"email@gmail.com", "password": "mypass", "phone":"1234567890"}}' 'http://localhost:3000/users.json'
I got the following message:
Started POST "/users.json" for 127.0.0.1 at 2012-03-11 20:50:05 +0100
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"email@gmail.com", , "password"=>"[FILTERED]", "phone"=>"1234567890"}, "registration"=>{"user"=>{"email"=>"email@gmail.com", "password"=>"[FILTERED]", "phone"=>"1234567890"}, "action"=>"create", "controller"=>"registrations", "format"=>"json"}}
WARNING: Can't verify CSRF token authenticity
Completed 401 Unauthorized in 1ms
Any ideas why the user is not created and signed in and why no authentication_token is returned ?
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 老娘就宠你 的文章《Token authentication with Rails and Devise》','https://www.manongdao.com/article-546009.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}