2017-04-06 62 views
0

嘗試使用ajax登錄用戶,因此而不是使用sign_in_and_redirect我使用了sign_in方法。用戶在使用ajax,devise和omniauth時登錄失敗

函數結束時的signed_in_user?如預期的那樣是真實的,但是當再次點擊服務器時signed_in_user?其實是錯誤的。 我錯過了什麼?

class OmniauthCallbacksController < Devise::OmniauthCallbacksController 
     respond_to :json 
     def all_omniauth_providers 
     @user = User.find_for_oauth(request.env["omniauth.auth"]) 
     if @user.persisted? 
      # sign_in_and_redirect @user, :event => :authentication 
      if (sign_in(@user, :event => :authentication)) 
       respond_with resource, location: after_sign_in_path_for(resource) 
      else 
       # respond_with resource, location: root_path 
      end 
     else 
      session["devise.#{provider}_data"] = request.env["omniauth.auth"] 
      render :status => 401, :json => { :errors => alert } 
     end 
     end 

     alias_method :facebook, :all_omniauth_providers 
    end 

和JavaScript連接:

<script type="text/javascript"> 
     window.fbAsyncInit = function() { 
      // init the FB JS SDK 
      FB.init({ 
       appId  : '<%=Rails.application.secrets.facebook_app_id%>', // App ID from the App Dashboard 
       channelUrl : '//localhost:3000/channel.html', // Channel File for x-domain communication 
       status  : true, // check the login status upon init? 
       cookie  : true, // set sessions cookies to allow your server to access the session? 
       xfbml  : true, // parse XFBML tags on this page? 
       version : 'v2.5' 
      }); 

      // Additional initialization code such as adding Event Listeners goes here 

     }; 

    (function(d, s, id){ 
     var js, fjs = d.getElementsByTagName(s)[0]; 
     if (d.getElementById(id)) {return;} 
     js = d.createElement(s); js.id = id; 
     js.src = "//connect.facebook.net/en_US/sdk.js"; 
     fjs.parentNode.insertBefore(js, fjs); 
    }(document, 'script', 'facebook-jssdk')); 

     $(function() { 
      $('#facebook-connect').click(function(e) { 
       e.preventDefault(); 

       FB.login(function(response) { 
       if(response.authResponse) { 
        $.ajax({ 
        type: 'POST', 
        url: '/users/auth/facebook/callback', 
        dataType: 'json', 
        data: {signed_request: response.authResponse.signedRequest}, 
        success: function(data, textStatus, jqXHR) { 
         $('#close').click(); 
         $("#share").jsSocials("option", "url", "<%=url%>?ref=" + data.id); 
         $('#loginout_button').html("<%= j button_to t('auth.logout'), destroy_user_session_path, :class=>'btn btn-default navbar-btn navbar-left btn-xs btn-success', :method => :delete %>"); 
        }, 
        error: function(jqXHR, textStatus, errorThrown) { 
         $('.server_error').addClass('alert alert-danger').html("<%= t('auth.login_failed') %>"); 
         shakeModal(); 
        } 
        }); 
       } 
       } 
       , {scope: 'email'}); 

      }); 
     }); 


     $(function() { 
      $('#facebook-logout').click(function(e) { 
       e.preventDefault(); 

       FB.getLoginStatus(function(response) { 
       if(response.authResponse) { 
        FB.logout(); 
       } 
       } 
       , {scope: 'email'}); 

      }); 
     }); 
    </script> 
    <!-- end Facebook connect script --> 
+0

您可能需要包含進行登錄的JS。我懷疑一個頭/ cookie /?沒有在客戶端上設置。用JavaScript登錄函數更新了 –

+0

。奇怪的是,一旦我刷新頁面,服務器返回user_signed_in?與預期的一樣真實...... – user664859

回答

0

我花了一段時間,但問題是在CSRF認證是爲我所用Ajax和失敗色器件後登錄它改變了CSRF令牌,你有在你的頭:

<%= csrf_meta_tag %> 
在應用控制器

我有這樣的: protect_from_forgery有:null_session

,我不得不跳過驗證(軌道5):

protect_from_forgery with: :exception, unless: -> { request.format.json? } 

我嘗試也在使用一些技巧,從這裏更改登錄後的CSRF標題: WARNING: Can't verify CSRF token authenticity rails

,但未能。所以這就是現在的工作方式。