0

Following this tutorial

http://givan.se/p/00000000

I have setup authentication for an ember app with a grape api. The tutorial doesn't store the current session, because there seems to be no need, however, I would like to access the current authenticated user in my api so that I can more easily handle deeply nested relationships. What would be the best way to accomplish this?

Currently using rails 4, and the latest versions of the grape and devise gems.

<EDIT>

Say I have a JSON payload like this

{ person: { user_id: 3, updated_attribute: 'the' } }

with my current setup, should I also include the user's authenticate token with each request to prevent a situation where a logged in user sends a PUT request where they have altered the user_id to update the attributes of another user.

I'm trying to understand how/make sure my rails server knows which user is making/submitting requests to the API.

kaungst
  • 136
  • 6

1 Answers1

1

Checkout this example from the Ember Simple Auth repo - you simply define a custom session class that adds a computed property which returns the current user.

marcoow
  • 4,062
  • 1
  • 14
  • 21
  • Apologies for my delayed response. I am more looking to handle the devise session on the rails server side. For example, I want to make sure that when I submit a PUT request to api/v1/person/2 that id's present in that JSON payload belong to the correct user. Should I be sending the authentication token with each request and reauthenticating? I'll update my question – kaungst Oct 16 '14 at 14:03
  • The authenticated user's token and email will be included in every request that the Ember app makes to the backend automatically - see the README here: https://github.com/simplabs/ember-simple-auth/blob/master/packages/ember-simple-auth-devise/README.md#the-authorizer – marcoow Oct 16 '14 at 15:01
  • 1
    I may have found half the issue? The 'Authorization' header is not being set for some reason. I have tried setting the authorizer in config/environment.js with ENV['simple-auth'] { authorizer: 'simple-auth-authorizer:devise' } but it doesn't seem to be working. I've also done the same thing (though also setting window.ENV = window.ENV || {}; before hand) with no success. Should I submit this as a potential issue in ember-cli-simple-auth-devise/would you be willing to look at my repo? – kaungst Oct 18 '14 at 20:38
  • Hi were you able to solve the problem...I am able to login to my application by for updating other resources like post Authorization: Token token="", user_email="" is not getting added to my sever calls. i used ENV['simple-auth-devise'] = { serverTokenEndpoint: 'users/sign_in', authorizer: 'authorizer:devise', crossOriginWhitelist: ['*'] }; still no working – Rigel Nov 07 '14 at 16:26