复制 headers[ "WWW-Authenticate" ] = %(Token realm=" #{realm . gsub ( /"/ , "" )} ")
复制 authenticate_with_http_token
request_http_token_authentication
authenticate_or_request_with_http_token
复制 class PostsController < ApplicationController
TOKEN = "secret"
before_action :authenticate , except: :index
def index
render plain: "Everyone can see me!"
end
def edit
render plain: "I'm only accessible if you know the password"
end
private
def authenticate
# 使用验证
authenticate_or_request_with_http_token do | token , options |
token == TOKEN
end
end
end
复制 class ApplicationController < ActionController::Base
before_action :set_account , :authenticate
protected
def set_account
@account = Account . find_by(url_name: request . subdomains . first)
end
def authenticate
case request . format
when Mime :: XML , Mime :: ATOM
# 使用验证
if user = authenticate_with_http_token do | t , o |
@account . users . authenticate(t , o)
end
@current_user = user
else
# 使用验证
request_http_token_authentication
end
else
if session_authenticated?
@current_user = @account . users . find(session[:authenticated][:user_id])
else
redirect_to(login_url) and return false
end
end
end
end
复制 authenticate
authentication_request
encode_credentials
params_array_from
rewrite_param_values
token_and_options
raw_params
token_params_from
复制 Authorization: Token token= "abc" , nonce= "def"
复制 def test_access_granted_from_xml
get(
"/notes/1.xml" , nil ,
'HTTP_AUTHORIZATION' =>
ActionController :: HttpAuthentication :: Token . encode_credentials(users(:dhh) . token)
)
assert_equal 200 , status
end