search

mcordell / grape_token_auth

Token auth for grape apps
MIT License
52 stars 19 forks source link

Headers don't contain access-token #53

Open eugen0329 opened 7 years ago

eugen0329 commented 7 years ago 
curl -H "Content-Type: application/json" -X POST localhost:3000/sign_in -d '{"email":"email@email.email","password":"password"}' -v

Results to

Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3000 (#0)
> POST /api/v1/sign_in HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 54
>
* upload completely sent off: 54 out of 54 bytes
< HTTP/1.1 200 OK
< Date: Mon, 30 Jan 2017 14:05:56 GMT
< Connection: close
< Content-Type: application/json
< Content-Length: 962
< ETag: W/"ed93fa39d3ffaddff1c365b7f83001e1"
< Cache-Control: max-age=0, private, must-revalidate
< X-Request-Id: 6c5351f3-e7fc-44b8-bac0-0a70048a9ac3
< X-Runtime: 0.024704
<
* Closing connection 0
{"data":{"id":7, .....}}

Expected:

Response headers contain access-token

Actual result:

Response headers don't contain them.

Files

# api_engine.rb
    include GrapeTokenAuth::MountHelpers
    mount_sessions(for: :user)
#config/routes
  mount API::Engine => '/'
# config/application.rb
    config.after_initialize do
      GrapeTokenAuth.setup! do |config|
        config.change_headers_on_each_request = false
        config.mappings = { user: User }
        config.secret   =  Rails.application.secrets.grape_token_secret
      end
    end
# config/initializers/devise.rb
  config.warden do |manager|
    manager.failure_app = GrapeTokenAuth::UnauthorizedMiddleware
    manager.default_scope = :user
  end
# app/models/user.rb
  include GrapeTokenAuth::ActiveRecord::TokenAuth
  devise :invitable, :database_authenticatable, :registerable,
           :recoverable, :rememberable, :trackable, :validatable

In my Gemfile.lock:

grape (0.17.0)
grape_token_auth (0.1.1)
devise (~> 4.2)
rails (= 4.2.7.1)

Ruby version: ruby 2.3.1p112

bluegod commented 7 years ago

@eugen0329 I can't replicate your problem and I have a similar setup - although, without devise.

Perhaps it has something to do with CORS? I have:

use Rack::Cors do
  allow do
    origins '*'
    resource '*', headers: :any, methods: [:get, :post, :options, :put],
                  expose: ['access-token', 'expiry', 'token-type', 'uid', 'client']
  end
end