这是我发送给轨道控制器的请求:
function login(){
$.ajax({
type: 'GET',
url: '/api/myapi/show',
username: 'username',
password: 'password',
contentType: "application/json; charset=utf-8",
success: function(data){
console.log(data);
},
error: function(xhr, ajaxOptions, thrownError) {
console.log(arguments);
}
});
}
登录功能如下所示:
<body onload='login();'>
这是控制器:
class Api::MyApi::BaseController < ApplicationController
before_filter :authenticate
attr_reader :user
def authenticate
authenticate_or_request_with_http_basic do |username, password|
#authenticate method checks if user with username and password exists in database
@user = User.authenticate(username, password)
end
end
end
当我发送请求时,这是终端中打印的内容:
Started GET "/api/myapi/show" for 127.0.0.1 at 2015-12-15 09:42:22 +0100
Processing by Api::MyApi#show as JSON
Parameters: {"id"=>"show", "test"=>{}}
Filter chain halted as :authenticate rendered or redirected
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms)
Started GET "/api/myapi/show" for 127.0.0.1 at 2015-12-15 09:42:22 +0100
Processing by Api::MyApi#show as JSON
Parameters: {"id"=>"show", "test"=>{}}
User Load (0.1ms) SELECT `users`.* FROM `users` WHERE `users`.`authorized` = 1 AND `users`.`verification_approved` = 1 AND `users`.`login` = 'user_login' LIMIT 1
Location Load (0.1ms) SELECT `locations`.* FROM `locations` WHERE `locations`.`id` = 9999 LIMIT 1
Rendered api/myapi/show.json.rabl (0.5ms)
Completed 200 OK in 8ms (Views: 2.6ms | ActiveRecord: 0.7ms)
正如您所看到的,它尝试了两次身份验证,但第一次失败了。它甚至不会进入"authenticate_or_request_with_http_basic",因为如果我在"authentication_or_request_with_http_basic"中编写打印语句,它不会在第一次打印(当身份验证失败时),而是在第二次打印。
我尝试过的东西:
1) 当完全删除before_filter并只在show方法中进行身份验证时,问题就不会再发生了。
2) 当保留/使用before_filter,但将authenticate_or_request_with_http_basic替换为true时,如下所示:
def authenticate
true
end
问题也没有发生。
3) 当我用python:发送请求时,问题不会发生
import requests
r = requests.get('URL_TO__RoR_Controller', auth=('username', 'password'))
print r.text
更新:这可能是有用的信息:请求每10秒发送一次,凭据随每个请求一起发送。也许这与这个问题有关。
您将用户名和密码作为参数发送
AFAIK基本身份验证通过设置授权标头来工作
使用jQuery的beforeSend回调添加一个包含身份验证信息的HTTP标头:http://api.jquery.com/jQuery.ajax/
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password));
},
btoa()方法以base-64对字符串进行编码。
在您的控制器中,您可以使用检查标题
request.env["HTTP_AUTHORIZATION"]
让我知道这是否适合你。