我正在尝试建立一个API,该API可将用户登录到我的应用程序并使用令牌对用户进行身份验证。为此,我要创建一个新会话。
会话控制器
class Api::V1::SessionsController < Api::V1::BaseController
def create
user = User.where(email: params[:email]).first
if user&.valid_password?(params[:password])
render json: user.as_json(only: [:first_name,:last_name,:email]),status: :created
else
head(:unauthorized)
end
end
基本控制器
class Api::V1::BaseController < actionController::API
include Pundit
after_action :verify_authorized,except: :index
after_action :verify_policy_scoped,only: :index
rescue_from StandardError,with: :internal_server_error
rescue_from Pundit::NotAuthorizedError,with: :user_not_authorized
rescue_from activeRecord::RecordNotFound,with: :not_found
private
def internal_server_error(exception)
if Rails.env.development?
response = { type: exception.class.to_s,message: exception.message,backtrace: exception.backtrace }
else
response = { error: "Internal Server Error" }
end
render json: response,status: :internal_server_error
end
def user_not_authorized(exception)
render json: {
error: "Unauthorized #{exception.policy.class.to_s.underscore.camelize}.#{exception.query}"
},status: :unauthorized
end
def not_found(exception)
render json: { error: exception.message },status: :not_found
end
end
测试该方法时,尽管数据库中存在用户,但仍收到AbstractController::DoubleRenderError
。它指向BaseController的internal_server_error(exception)
方法的最后一行。
有人可以帮助我理解为什么当用户实际上存在于数据库中时,此代码为什么不呈现用户的JSON吗?