ruby on rails - Why is current_user called on render in controller? -
i'm getting following error when trying access log in method of sessions controller:
jwt::decodeerror (nil json web token): lib/json_web_token.rb:11:in `decode' app/helpers/sessions_helper.rb:15:in `current_user' app/controllers/api/sessions_controller.rb:11:in `create' if comment out render json: user in controller response, good, except need respond user...why on earth current_user method called on through line 11 of sessions_controller.rb. here's relevant code:
lib/json_web_token.rb
require 'jwt' class jsonwebtoken def self.encode(payload, expiration = 24.hours.from_now) payload = payload.dup payload['exp'] = expiration.to_i jwt.encode(payload, rails.application.secrets.json_web_token_secret) end def self.decode(token) jwt.decode(token, rails.application.secrets.json_web_token_secret).first end end sessions_helper.rb
require 'json_web_token' module sessionshelper def create_session(user) session[:user_id] = user.id end def current_user auth_token = request.headers["authorization"] if auth_token auth_token = auth_token.split(" ").last begin decoded_token = jsonwebtoken.decode auth_token rescue jwt::expiredsignature return end @current_user ||= user.find_by(auth_token: auth_token) end end def log_out(user) logged_in? ? user.generate_authentication_token! : user.destroy_token! auth_token = user.auth_token user.update_attribute(:auth_token, auth_token) end def logged_in? current_user.present? end def authenticate_with_token! render json: { errors: "not authenticated" }, status: :unauthorized unless logged_in? end def log_in(user) create_session(user) user.generate_authentication_token! user.update_attribute(:auth_token, user.auth_token) end def authenticate_as_self_or_admin! render json: { errors: "not authorized" }, status: :unauthorized unless is_self? || is_admin? end def is_self? user = user.find(params[:id]) auth_token = request.headers["authorization"] auth_token = auth_token.split(" ").last if auth_token user.auth_token != auth_token end def is_admin? if logged_in? && current_user.authenticate(params[:password]) current_user.admin end end end sessions_controller.rb
class api::sessionscontroller < applicationcontroller before_action :authenticate_with_token!, only: [:destroy] def new end def create user = user.find_by(email: params[:session][:email].downcase) if user && user.authenticate(params[:session][:password]) log_in user render json: user, status: :created else render json: user, status: :unprocessable_entity end end def destroy log_out current_user render status: 204 end end user.rb
require 'json_web_token' class user < applicationrecord attr_reader :current_password before_save { email.downcase! } before_create :generate_authentication_token! before_update :reset_confirmed!, :if => :email_changed? has_secure_password has_many :posts has_many :comments has_many :votes valid_email_regex = /\a[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i validates :email, presence: true, length: { maximum: 255 }, format: { with: valid_email_regex }, uniqueness: { case_sensitive: false } validates :username, presence: true, length: { maximum: 24 }, uniqueness: { case_sensitive: false } validates :password, presence: true, length: { minimum: 8 } validates :auth_token, uniqueness: true def generate_authentication_token! begin self.auth_token = jsonwebtoken.encode('id' => self.id, 'username' => self.username, 'email' => self.email, 'bio' => self.bio, 'confirmed' => self.confirmed, 'admin' => self.admin, 'points' => self.points) end while self.class.exists?(auth_token: auth_token) end def destroy_token! self.auth_token = nil end def reset_confirmed! self.confirmed = false end def upvotes self.votes.where(polarity: 1) end def downvotes self.votes.where(polarity: -1) end def update_with_password(user_params) current_password = user_params.delete(:current_password) user_params[:password] = current_password if user_params[:password].nil? if self.authenticate(current_password) self.update(user_params) else self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end end end no, not using devise. i'm hoping eyes tired here...
it turns out current_user in fact being called since default scope_name active model serializers. changed name of current_user method avoid conflict. here relevant docs.
Comments
Post a Comment