So, I have a rails 3 application using Devise to handle authentication. I have another website (all client side javascript) that is trying to log into this rails 3 app using ajax basic authentication, like so:
username = "test@testing.com"
password = "testing"
$.ajax({
'url': '/users/sign_in',
'otherSettings': 'othervalues',
'beforeSend': function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
},
sucess: function(result) {
alert('done');
}//sicc
});
It hits the route correctly, and I can see that everything looks a-okay on the rails side (the server even thinks it's redirecting), but if I then try to hit a route (using jquery, to load json data) that requires authentication, I get that ugly basic auth javascript pop up telling me I need to authenticate.
Devise obviously doesn't use cookies to store auth data, and from my understanding you can't just access the HttpSession from javascript...is there ANYTHING I can do, or will I just have to use authentication tokens (and write a custom controller to return this to me).
EDIT:
Even a post with basic auth doesn't work, and THAT is weird ('cause in retrospect, yes, it's a post route i'm trying to get to). I get a 401 Unauthenticated error... Why would you need to be authenticated to authenticate? Having type be 'GET" works just fine, though, but (again, in retrospect) is hitting the 'new' route rather than 'create'.
username = "test@testing.com"
password = "testing"
$.ajax({
'url': '/users/sign_in',
'type': 'POST',
'otherSettings': 'othervalues',
'beforeSend': function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
},
sucess: function(result) {
alert('done');
}//sicc
});
EDIT: Just to confirm, it doesn't seem 开发者_JAVA技巧to be a problem with the "protect_from_forgery" line in the application controller, either...at least, when I comment it out, I still have the same problem.
Nevermind, the problem seems to have been that when I was posting with basic auth, I had a typo in the username, and apparently the way authentication failure is handled is by popping up the basic auth dialogs (very ungraceful, btw)
Solution:
username = "test@testing.com"
password = "testing"
$.ajax({
'url': '/users/sign_in',
'type': 'POST',
'otherSettings': 'othervalues',
'beforeSend': function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
},
sucess: function(result) {
alert('done');
}//sicc
});
Is there any reason you cannot send the username and password in the POST data?
var username = "test@testing.com";
var password = "testing";
$.ajax({
url: '/users/sign_in',
type: 'post',
data: 'username=' + username + '&password=' + password
success: function(result) {
alert('done');
}//sicc
});
First do setup.
In /config/initializers/devise.rb Set config.http_authenticatable = true This will allow you to authenticate via HTTP Set config.http_authenticatable_on_xhr = true (Should be true by default)
Now restart
Now for Sign_in:
username = "a@a.com";
password = "b";
$.ajax({
'url': '/users/sign_in',
'type': 'POST',
'otherSettings': 'othervalues',
'beforeSend': function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
},
sucess: function(result) {
alert('done');
}
});
And for Sign out:
$.ajax({
'url': '/providers/sign_out',
'type': 'DELETE',
'otherSettings': 'othervalues',
sucess: function(result) {
alert('done');
}
});
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论