由于重定向，设计 JSON API 返回 200 而不是 401

Question

我在 Rails API 上运行 Angular。对于身份验证，我正在拦截 401 状态：

.config(['$httpProvider', function($httpProvider){
    // Prevent rails from making new sessions each time
    $httpProvider.defaults.headers.common['X-CSRF-Token'] = $('meta[name=csrf-token]').attr('content');

    var interceptor = ['$location', '$rootScope', '$q', function($location, $rootScope, $q) {
      function success(response) {
        return response;
      }

      function error(response) {
        if (response.status === 401) {
          $rootScope.$broadcast('event:unauthorized');
          $location.path('/login');
          return response;
        }
        return $q.reject(response);
      }

      return function(promise) {
        return promise.then(success, error);
      };
    }];
    $httpProvider.responseInterceptors.push(interceptor);
  }])

但是由于重定向显示状态为 200，拦截器没有触发

Started GET "/api/v1/stages" for 127.0.0.1 at 2014-02-23 04:38:12 +0530
Processing by StagesController#index as HTML
Completed 401 Unauthorized in 5ms


Started GET "/api/v1/users/sign_in" for 127.0.0.1 at 2014-02-23 04:38:12 +0530
Processing by Devise::SessionsController#new as HTML
  Rendered /home/kartikluke/.rvm/gems/ruby-2.0.0-p247/gems/devise-3.2.2/app/views/devise/shared/_links.erb (4.3ms)
  Rendered /home/kartikluke/.rvm/gems/ruby-2.0.0-p247/gems/devise-3.2.2/app/views/devise/sessions/new.html.erb within layouts/application (34.5ms)
Completed 200 OK in 223ms (Views: 171.2ms | ActiveRecord: 5.8ms)

如何让 Devise 返回 401 JSON 错误？

Answer 1

经过大量搜索，我找到了解决方案。

我向 Devise 添加了一个自定义故障应用：

class JsonFailureApp < Devise::FailureApp
  def respond
    self.status = 401
    self.content_type = 'json'
    self.response_body = '{"error" : "authentication error"}'
  end
end

并将其添加到设计中：

config.warden do |manager|
    manager.failure_app = JsonFailureApp
end

现在不调用重定向，而是注册了 401 状态。

Answer 2

首先，您需要配置设计以在 API 应用程序中工作。您可以按照此项目 wiki 页面中的说明进行操作 Configuring devise for APIs