class Api::RegistrationsController < Api::BaseController | |
respond_to :json | |
def create | |
user = User.new(params[:user]) | |
if user.save | |
render :json=> user.as_json(:auth_token=>user.authentication_token, :email=>user.email), :status=>201 | |
return | |
else | |
warden.custom_failure! | |
render :json=> user.errors, :status=>422 | |
end | |
end | |
end |
class Api::SessionsController < Api::BaseController | |
prepend_before_filter :require_no_authentication, :only => [:create ] | |
include Devise::Controllers::InternalHelpers | |
before_filter :ensure_params_exist | |
respond_to :json | |
def create | |
build_resource | |
resource = User.find_for_database_authentication(:login=>params[:user_login][:login]) | |
return invalid_login_attempt unless resource | |
if resource.valid_password?(params[:user_login][:password]) | |
sign_in("user", resource) | |
render :json=> {:success=>true, :auth_token=>resource.authentication_token, :login=>resource.login, :email=>resource.email} | |
return | |
end | |
invalid_login_attempt | |
end | |
def destroy | |
sign_out(resource_name) | |
end | |
protected | |
def ensure_params_exist | |
return unless params[:user_login].blank? | |
render :json=>{:success=>false, :message=>"missing user_login parameter"}, :status=>422 | |
end | |
def invalid_login_attempt | |
warden.custom_failure! | |
render :json=> {:success=>false, :message=>"Error with your login or password"}, :status=>401 | |
end | |
end |
This comment has been minimized.
This comment has been minimized.
@1ndivisible: My routes for api are:
I also go into more detail http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/ |
This comment has been minimized.
This comment has been minimized.
Nice. Thanks a lot. |
This comment has been minimized.
This comment has been minimized.
How are you authorizing your API controllers? You don't need to add the before_filter :authorize_users! in your API::BaseController |
This comment has been minimized.
This comment has been minimized.
How are you authorizing your API controllers? You don't need to add the before_filter :authorize_users! in your API::BaseController? |
This comment has been minimized.
This comment has been minimized.
@dellerbie I go into more detail here: http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/ .. but I do this to authorize a controller that requires authorization. The above would not, since they are the sign-in and sign-up controllers.
|
This comment has been minimized.
This comment has been minimized.
Nice, thanks for the response. Great blog post! |
This comment has been minimized.
This comment has been minimized.
Does anyone have a small sample to demonstrate this. Let me look around I'll make one when I understand. |
This comment has been minimized.
This comment has been minimized.
@Banta this is a pretty full example: http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/ |
This comment has been minimized.
This comment has been minimized.
I forked this to work with latest devise: https://gist.github.com/2662058 InternalHelpers file is renamed, and made some other changes that now pass my tests |
This comment has been minimized.
This comment has been minimized.
@jesse Okay I'll try it out.
…On Fri, May 11, 2012 at 10:57 PM, Evan Beard < ***@***.*** > wrote:
I forked this to work with latest devise: https://gist.github.com/2662058
InternalHelpers file is renamed, and made some other changes that now pass
my tests
---
Reply to this email directly or view it on GitHub:
https://gist.github.com/1255275
|
This comment has been minimized.
This comment has been minimized.
@jwo Have you got an example of routes.rb when using a :api namespace with a devise_for :users together with the normal devise_for :users? Got the same problem as mentioned here: https://groups.google.com/group/plataformatec-devise/browse_thread/thread/d2f4776e5109c0b3?pli=1# Wondering if you solved this or could point me in the right direction. |
This comment has been minimized.
This comment has been minimized.
@drblok -- I wouldn't have 2 devise_for... You can have separate |
This comment has been minimized.
This comment has been minimized.
@drblok -- actually, sorry, that's incorrect... here's a setup for multiple devise paths. This works for me:
|
This comment has been minimized.
This comment has been minimized.
@jwo Thanks, I'll check it out and post my findings. |
This comment has been minimized.
This comment has been minimized.
@jwo - I decided to remove the devise_for from my :api namespace and write my own as it's nothing more than rendering a JSON message if authentication fails. Thanks anyway for giving me stuff to think about to come to this conclusion ;) |
This comment has been minimized.
This comment has been minimized.
Hi Matthew,
I've removed devise for my API namespace and wrote my own authentication which uses devise/warden to authenticate using an auth_token.
Hope this helps. If you need more info, just contact me :)
Regards,
Dennis
…On Jun 20, 2012, at 5:37 AM, Matthew McClure wrote:
@drblok - I'm trying to do something very similar but the authentication token is not being returned in the JSON object. Does this not occur for you?
---
Reply to this email directly or view it on GitHub:
https://gist.github.com/1255275
|
This comment has been minimized.
This comment has been minimized.
Thanks for the response Dennis! I ended up using a lot of your registrations controller but I did remove the user.as_json in order to be able to return the token.
to
|
This comment has been minimized.
This comment has been minimized.
@sh1ps Errrr.. That's @jwo 's code, but glad it helps ;) |
This comment has been minimized.
This comment has been minimized.
@drblok Errr...Well I feel like an idiot... I completely misread the flow of conversation. Thanks for offering up the help anyway! |
This comment has been minimized.
This comment has been minimized.
np! |
This comment has been minimized.
This comment has been minimized.
Sorry to bring this back out from the dead, but doesn't before_filter :ensure_params_exist mean the app would also try to ensure parameters exist on destroy i.e. sign out ? |
This comment has been minimized.
This comment has been minimized.
Does this work with active_for_authentication? (see http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Authenticatable) |
This comment has been minimized.
This comment has been minimized.
@hackfanatic yes. The line should be |
This comment has been minimized.
This comment has been minimized.
I made some changes to the latest version of @Bomadeno. |
This comment has been minimized.
This comment has been minimized.
What are the names of the helpers devise generates you? After adding namespaces i am forced to change my helpers. namespace :api do
namespace :v1 do
devise_for :users
end
end Now i can access them like this current_api_v1_user or authenticate_api_v1_user!. Is there any way to maintain namespaces and access helper with just the name of the model? thanks |
This comment has been minimized.
This comment has been minimized.
I agree with @bilby91 that 2 namespaces are making the current_user quite ugly. What's the best practice to avoid this? |
This comment has been minimized.
This comment has been minimized.
Hi there, I'm trying to make a API for a iOS app that will upload some videos to AWS s3. This is a great gist but, with the controllers are not extending from Devise::SessionsController and Devise::RegistrationsController? |
This comment has been minimized.
This comment has been minimized.
Try another method, taken from my Spree Application user = Spree::User.find_by(:email => params[:email])
unless user.nil?
if user.valid_password? params[:password]
render :json => '{"api_key": "#{user.spree_api_key}"}'
end
end
render :json => '{"error": "invalid email and password combination"}' The point is that you can use valid_password? in devise for your convenient |
This comment has been minimized.
This comment has been minimized.
Thanks minhtriet, this is useful and simpler. Do you have the RegistrationsController gist? |
This comment has been minimized.
This comment has been minimized.
Is there a reason not to use |
This comment has been minimized.
This comment has been minimized.
getting error |
This comment has been minimized.
This comment has been minimized.
I'd suggest taking a look at https://github.com/gonzalo-bulnes/simple_token_authentication and/or https://github.com/thoulike/rails-api-authentication-token-example. |
This comment has been minimized.
This comment has been minimized.
Dear, It's nice post. It's really helpful to get answers. |
This comment has been minimized.
This comment has been minimized.
I get this error in rails 186
|
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
Good example but confused about where you set token? |
This comment has been minimized.
This comment has been minimized.
In this way failed_attempts, doesn't work. |
This comment has been minimized.
This comment has been minimized.
@Avatarr in this instance, the tokens are probably set or generated by Devise. This was removed from Devise after 3 for security reasons, though you can use a basic implementation like this one to get the functionality back |
This comment has been minimized.
How do you have your routes set up for this controller?