Sutto / rocket_pants

API building tools on top of ActionController. Also, an awesome name.
MIT License
981 stars 130 forks source link

Integration with Devise #133

Open gabrieletassoni opened 9 years ago

gabrieletassoni commented 9 years ago

Hi, I'm trying to add Authentication to the api created as per example, but I can't find the way to send email and password in order to authenticate, it always responds "Unauthorized":

Using rocket_pants 1.13.0

app/controllers/api/v1/users_controller.rb

class Api::V1::UsersController < RocketPants::Base
  include Devise::Controllers::Helpers
  before_filter :authenticate_user!

  version 1

  def index
    expose User.all # Not what we'd actually do, of course.
  end
end

config/routes.rb

Hicatalogueenabler::Application.routes.draw do
  mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
  resources :used_instances
  root "pages#home"
  get "home", to: "pages#home", as: "home"
  get "inside", to: "pages#inside", as: "inside"
  get "/contact", to: "pages#contact", as: "contact"
  post "/emailconfirmation", to: "pages#email", as: "email_confirmation"

  devise_for :users

  # Rest API Rocket Pants
  api versions: 1, module: "api/v1" do
    resources :users, only: [:index]
  end
end

This is the curl line I use for testing:

curl -i -X GET -d "user[email]=admin@example.com&user[password]=1234" 'http://localhost:3000/1/users'

The answer I get, from development.log is:

Started GET "/1/users" for 127.0.0.1 at 2015-08-04 03:12:31 +0200
Processing by Api::V1::UsersController#index as 
  Parameters: {"user"=>{"email"=>"admin@example.com", "password"=>"[FILTERED]"}, "version"=>"1"}
Completed 401 Unauthorized in 0ms

I tried even using CocoaRestClient in which I filled the HTTP Basic Auth or HTTP Digest Auth, but still I get:

HTTP 401 Unauthorized

X-Content-Type-Options: nosniff
Content-Type: application/json; charset=utf-8
Server: WEBrick/1.3.1 (Ruby/2.2.1/2015-02-26)
Connection: Keep-Alive
Date: Tue, 04 Aug 2015 00:35:24 GMT
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Request-Id: d860c621-3eed-4259-af9a-999ccd8e1d0c
X-Runtime: 0.021238
Cache-Control: no-cache
Content-Length: 61

Do I need to add something somewhere? Am I missing something in the request? I feel a bit lost, since there seems to be no clear documentation on the web about the integration between Rocket Pants and Devise, and how to use the integrated api...

Thanks for the answer, Gabriele