I'm working on a headless Rails app with Ember on the frontend. I've been trying to get authentication working with devise. I followed this tutorial: http://romulomachado.github.io/2015/09/28/using-ember-simple-auth-with-devise.html but I'm getting the following in my logs:
Started POST "/users/sign_in" for 127.0.0.1 at 2018-05-12 01:36:58 -0700
Processing by SessionsController#create as JSON
Parameters: {"user"=>{"password"=>"[FILTERED]"}, "session"=>{"user"=>{"password"=>"[FILTERED]"}}}
HTTP Origin header (http://localhost:4200) didn't match request.base_url (http://localhost:3000)
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)
ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
I'm running my rails app locally at the default port :3000, and also running the ember instance locally (out of a different directory) at the default port :4200.
I've installed ember-cli-cors and ember install ember-cli-content-security-policy, and tried everything I know of to get it working. Any help is greatly appreciated.
Here are my files:
//config/environment.js
module.exports = function(environment) {
let ENV = {
modulePrefix: 'dino-ui',
environment,
rootURL: '/',
locationType: 'auto',
contentSecurityPolicy: {
'default-src': "'self' *",
'script-src': "'self' *",
'connect-src': "'self' *"
},
EmberENV: {
FEATURES: {
},
EXTEND_PROTOTYPES: {
Date: false
}
},
APP: {
}
};
ENV['ember-simple-auth'] = {
routeAfterAuthentication: 'dashboard',
routeIfAlreadyAuthenticated: 'dashboard'
}
...
return ENV;
}
//components/login-form.js
import Ember from 'ember';
const { service } = Ember.inject;
export default Ember.Component.extend({
session: service('session'),
actions: {
authenticate: function() {
let { email, password } = this.getProperties('email', 'password');
return this.get('session').authenticate('authenticator:devise', email, password).catch((reason) => {
this.set('errorMessage', reason.error);
});
}
}
});
//templates/login-form.hbs
<form >
<label for="email">Login</label>
<label for="password">Password</label>
<button type="submit">Login</button>
</form>
//application.rb
class Application < Rails::Application
# Initialize configuration defaults for originally generated Rails version.
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', :headers => :any, :methods => [:get, :post, :put, :delete, :options, :patch, :head]
end
end
config.middleware.use ActionDispatch::Flash
....
//controllers/application.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception, prepend: true
before_action :authenticate_user_from_token!
before_action :authenticate_user!
private
def authenticate_user_from_token!
authenticate_with_http_token do |token, options|
user_email = options[:email].presence
user = user_email && User.find_by_email(user_email)
if user && Devise.secure_compare(user.authentication_token, token)
sign_in user, store: false
end
end
end
end
//controllers/sessions.rb
class SessionsController < Devise::SessionsController
respond_to :html, :json
def create
super do |user|
if request.format.json?
data = {
token: user.authentication_token,
email: user.email
}
render json: data, status: 201 and return
end
end
end
end
Aucun commentaire:
Enregistrer un commentaire