gpt4 book ai didi

ruby-on-rails-4 - 无法在使用 Knock 的 Rails 4 中获得 Auth0 JWT 身份验证

转载 作者:行者123 更新时间:2023-12-04 07:00:20 27 4
gpt4 key购买 nike

我遵循了 Auth0 for Rails API 中的快速入门指南 here但是向我的 Rails API 发送可验证的请求总是返回 500。 header 中有一个 JWT,我相信它是有效的,因为将它复制到 JWT.io ,将我的私钥粘贴到“ secret ”输入中,然后单击“ secret base64 编码”显示“已验证”。

相关代码如下:

请求信息:

Request URL:https://railie-p0lska1.c9users.io/api/feedbacks.json
Request Method:POST
Status Code:401 Unauthorized
Remote Address:104.155.203.100:443

请求 header :

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,fa;q=0.6
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3JhaWxpZS5hdXRoMC5jb20vIiwic3ViIjoiZmFjZWJvb2t8NTA0MjI0NjEzIiwiYXVkIjoidHhKQXJNODhsTnNtcGpSRjBlZGZXZHlnY2gyMGJFb0QiLCJleHAiOjE0ODM2MjAyNzcsImlhdCI6MTQ4MzU4NDI3N30.KePQsrTFjQjIzB6YmxzJcbhMW6by7WIBOpm51viaDZE
Cache-Control:no-cache
Connection:keep-alive
Content-Length:10
Content-Type:application/json;charset=UTF-8
Cookie:c9.live.user.jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjcxNjI5OSIsIm5hbWUiOiJwMGxza2ExIiwiY29kZSI6IjljWWhzZXc2TXhtZkN2WFNGeWl1IiwiaWF0IjoxNDgzNTExMjU1LCJleHAiOjE0ODM1OTc2NTV9.nkeM2LHqibXDqFQ1ZpQ5RseyO3maO5mz8t5ebtnkDUc; c9.live.user.sso=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjcxNjI5OSIsIm5hbWUiOiJwMGxza2ExIiwiaWF0IjoxNDgzNTExMjU1LCJleHAiOjE0ODM1OTc2NTV9.BOxqLKqy6saBOyRjbpccFn8rXTjncW3H_DT2Ysj4vaU; XSRF-TOKEN=cSD1XB8QFAGZFmKWN16R1P%2B1Kwxnyys6cIzOaee02rpkePtyHwuPhmHftQ%2B4YvFvkd3i3BVkvj5z3NLVBk5UEw%3D%3D; _workspace_session=ZEZ6Q2M1aTdFbXA4SzdTc3o2azlnalhmYTR2akVRSGRobFkrUDNwTmlyZ2RPZDdkR0ozamtET2Roa29LMXM4R1h0MUJmZ2lwUHJzWmJKVThOYUxhcjZid1pqZHQzWTRGdmtNZEhjcDZwNWdIN3o5MXcxdnJUUEdCUHhURmlOUE41Uk9ucXY5bkdDUTUzNHo5S3VQSmlnPT0tLXNaakl6S3YzS0VmQmNzZnRBc2NLS3c9PQ%3D%3D--c88551abbcd6419fc848f66f86e9897a5e93ffa8
Host:railie-p0lska1.c9users.io
Origin:https://railie-p0lska1.c9users.io
Pragma:no-cache
Referer:https://railie-p0lska1.c9users.io/en_AU
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
X-XSRF-TOKEN:cSD1XB8QFAGZFmKWN16R1P+1Kwxnyys6cIzOaee02rpkePtyHwuPhmHftQ+4YvFvkd3i3BVkvj5z3NLVBk5UEw==

服务器错误:

Started POST "/api/feedbacks.json" for 220.244.244.218 at 2017-01-05 03:08:27 +0000
Cannot render console from 220.244.244.218! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by FeedbacksController#create as JSON
Parameters: {"data"=>1, "feedback"=>{"data"=>1}}
Completed 500 Internal Server Error in 20ms (ActiveRecord: 0.0ms)

NoMethodError (undefined method `authenticate_user' for #<FeedbacksController:0x007f818327e000>
Did you mean? authenticate):

反馈 Controller .rb

class FeedbacksController < ApplicationController

before_action :authenticate_user

respond_to :json

def create
VisitorRating.create(request_params)
reply('Thanks for your feedback', :ok)
rescue
reply('Unable to save your feedback', :unprocessable_entity)
end

private

def request_params
params.require(:feedback).permit(:data)
end

end

用户.rb

class User < ActiveRecord::Base
has_secure_password

def self.from_token_payload payload
# Returns a valid user, `nil` or raise
# e.g.
# self.find payload["sub"]
end
end

架构.rb

  create_table "users", force: :cascade do |t|
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "auth_id"
end

create_table "visitor_ratings", force: :cascade do |t|
t.integer "data", null: false
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
end

我根据 this 更改了 Knock 的 knock.rb 配置文件中的一些变量在 Auth0 的论坛发帖。

Knock.setup do |config|

config.current_user_from_token = -> (claims) { User.find_or_create_by(auth_id: claims['sub']) }

config.token_audience = -> { Rails.application.secrets.auth0_client_id }

config.token_secret_signature_key = -> {
secret = Rails.application.secrets.auth0_client_secret
secret += '=' * (4 - secret.length.modulo(4))
Base64.decode64(secret.tr('-_', '+/'))
}

end

application_controller.rb的一部分

class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
before_action :authenticate, only: :testie

protect_from_forgery with: :exception

respond_to :json

# Knock is used for user JWT requests
include Knock::Authenticable

def angular
render 'layouts/application'
end

private

def reply(message, status)
respond_to do |format|
format.json { render :json => {:message => message}, status: status}
end
end

end

写完之后,我认为问题可能与当前不属于 User 模型的 VisitorRating 模型有关,但我是 Rails 的新手,不确定细节。

最佳答案

我假设您的应用是在 12 月 6 日之后创建的。如果是这样,您的 config/initializers/knock.rb 应该如下所示

Knock.setup do |config|
config.token_audience = -> { Rails.application.secrets.auth0_client_id }
config.token_secret_signature_key = -> { Rails.application.secrets.auth0_client_secret }
end

请注意 token 密码不是 base64 编码的:https://github.com/nsarno/knock/issues/149https://github.com/nsarno/knock/issues/146

看起来你的 app/models/user.rb 应该是这样的

class User < ApplicationRecord
def self.from_token_payload(payload)
self.find_or_create_by(auth_id: payload['sub'])
end
end

您的用户不应该有密码,但 from_token_payload 需要从该有效负载中实际获取用户。

除此之外,只需确保删除 Controller 中的重复内容(可能不要在 app/controllers/application_controller.rb 中删除 before_action :authenticate)。

关于ruby-on-rails-4 - 无法在使用 Knock 的 Rails 4 中获得 Auth0 JWT 身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41476862/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com