Ruby on rails Rails在重定向时渲染视图
所以我有一个Rails 4应用程序,它使用Desive进行身份验证。当我注意到奇怪的行为并在firebug中确认它时,我开始编写控制器测试 当我尝试访问控制器操作时,在操作之前有Ruby on rails Rails在重定向时渲染视图,ruby-on-rails,ruby,devise,Ruby On Rails,Ruby,Devise,所以我有一个Rails 4应用程序,它使用Desive进行身份验证。当我注意到奇怪的行为并在firebug中确认它时,我开始编写控制器测试 当我尝试访问控制器操作时,在操作之前有:authenticate\u user,它返回一个带有302 Found头和第一个数据库条目正文的响应,然后重定向到新用户会话路径。因此,如果有人打开一个控制台,看看它,他们可以看到信息,这应该是对他们隐藏的 我只是不明白,当用户像@user=current\u user那样被发现,并且没有current\u user
:authenticate\u user新用户会话路径@user=current\u usercurrent\u userStarted GET "/dashboard" for 127.0.0.1 at 2016-01-28 11:07:27 +0100
Processing by UsersController#show as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2016-01-28 11:07:27 +0100
Processing by Users::SessionsController#new as HTML
Rendered users/sessions/new.html.erb within layouts/application (1.4ms)
Rendered shared/_navigation.html.erb (0.4ms)
Rendered shared/_flashes.html.erb (0.1ms)
Completed 200 OK in 192ms (Views: 191.6ms | ActiveRecord: 0.0ms)
GET dashboard 302 Found localhost:3000 101 B 127.0.0.1:3000 16ms
GET sign_in 200 OK localhost:3000 6,6 KB 127.0.0.1:3000
操作前使用该方法,而不是身份验证用户,它仍然不起作用。该操作渲染视图,尽管当我将byebug
放入该操作时,它没有中断。所以我把问题改名了
编辑3
所有可能相关的代码片段
application.html.erb
<!DOCTYPE html>
<html>
<head>
<title>Oregano</title>
<%= stylesheet_link_tag 'application', media: 'all' %>
<%= javascript_include_tag 'application' %>
<%= csrf_meta_tags %>
</head>
<body>
<div id="wrapper">
<%= render 'shared/navigation' %>
<% if content_for? :welcome %>
<div class="section welcome-section">
<div class="container">
<div id="flashes"><%= render 'shared/flashes' %></div>
<%= yield :welcome %>
</div>
</div>
<% else %>
<div id="page-wrapper">
<div class="section">
<div class="container main-content">
<div id="flashes"><%= render 'shared/flashes' %></div>
<div class="row">
<%= yield :top %>
</div>
<div class="row bottom-index-part">
<div class="col-md-8 index">
<%= yield :main %>
</div>
<div class="col-md-4">
<div id="showDetailsWell" class="well well-sm hidden">
<%= yield :details %>
</div>
</div>
</div>
</div>
</div>
</div>
<% end %>
<%= debug(params) if Rails.env.development? %>
<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span></button>
<h4 class="modal-title" id="myModalLabel"></h4>
</div>
<div class="modal-body">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
摘自routes.rb
get 'dashboard', to: 'users#show', as: 'dashboard'
resources :users, only: [:show, :index] do
resources :user_interests
resources :user_places
resources :relationships, only: [:index]
member do
get 'get_interests_json'
end
collection do
get 'edit_about', to: 'users#edit_about'
patch 'about', to: 'users#update_about'
get 'edit_contact_info', to: 'users#edit_contact_info'
patch 'contact_info', to: 'users#update_contact_info'
end
end
应用控制器
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :init_scope_hash
before_action :authenticate_basic
before_action :authenticate_user!
include ApplicationHelper
protected
def init_scope_hash
@scope = {}
end
def authenticate_basic
if Rails.env.production?
authenticate_or_request_with_http_basic do |username, password|
username == "blablabl" && password == "blablabla"
end
end
end
end
好的,我知道了。这是由浏览器缓存引起的。无rails
错误
这真的是个意外,我对布局做了一些更改,并在登录时将其加载到FF中,然后打开一个私人窗口并观察响应,它也被更改了。然后我改变了布局,做了另一个请求,但注意到响应没有改变。当我在活动会话FF中重新加载它时,它在私有窗口中也发生了变化。所以我禁用了浏览器缓存,它工作了
我仍然不敢相信这是真的。使用一个未命名的yield
而不是application.html.erb
中的(其中一个)命名的
你能更明确一点吗?响应中有什么?你能提供一个小例子来说明这个问题吗?@FrederickCheung see edit细节无关紧要,但响应与请求经过身份验证时相同。你发布的firebug/控制台日志看起来很好-仪表板没有显示任何数据,下一个请求是登录页。这似乎不是Desive的错。即使我实现了我自己的用户身份验证!方法,它仍然执行sameThanks@tillmo,即使你的答案不正确:D,它让我走上了解决它的道路,所以有赏金:)哦,非常感谢!事实上,有时它更像是一个侦探小说:你必须排除一个又一个的可能性。。。
get 'dashboard', to: 'users#show', as: 'dashboard'
resources :users, only: [:show, :index] do
resources :user_interests
resources :user_places
resources :relationships, only: [:index]
member do
get 'get_interests_json'
end
collection do
get 'edit_about', to: 'users#edit_about'
patch 'about', to: 'users#update_about'
get 'edit_contact_info', to: 'users#edit_contact_info'
patch 'contact_info', to: 'users#update_contact_info'
end
end
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :init_scope_hash
before_action :authenticate_basic
before_action :authenticate_user!
include ApplicationHelper
protected
def init_scope_hash
@scope = {}
end
def authenticate_basic
if Rails.env.production?
authenticate_or_request_with_http_basic do |username, password|
username == "blablabl" && password == "blablabla"
end
end
end
end
module ApplicationHelper
def universalise string
res = string.gsub(/[ÁÄáäČčĎďÉéÍíĹ弾ŇÓÔóôŔ੹ŤťÚúÝýŽž]/, 'AAaaCcDdEeIiLlLlNOOooRrSstTUuYyZz')
res.downcase
end
def current_user?(user)
user == current_user
end
end