Ruby on rails 登录失败,没有明确的错误说明
我正在尝试验证我的应用程序,但它无法登录。我看到它总是重定向到再次登录,即使凭据(用户名和密码都可以) 在my user.rb中,我有:Ruby on rails 登录失败,没有明确的错误说明,ruby-on-rails,Ruby On Rails,我正在尝试验证我的应用程序,但它无法登录。我看到它总是重定向到再次登录,即使凭据(用户名和密码都可以) 在my user.rb中,我有: class User < ActiveRecord::Base validates :nome, :presence => true, :uniqueness => true validates :password, :confirmation => true attr_accessor :password_confir
class User < ActiveRecord::Base
validates :nome, :presence => true, :uniqueness => true
validates :password, :confirmation => true
attr_accessor :password_confirmation
attr_reader :password
validate :password_must_be_present
def User.authenticate(nome, password)
if user = find_by_nome(nome)
if user.hashed_password == encrypt_password(password, user.salt)
user
end
end
end
def User.encrypt_password(password, salt)
Digest::SHA2.hexdigest(password + "wibble" + salt)
end
# 'password' is a virtual attribute
def password=(password)
@password = password
if password.present?
generate_salt
self.hashed_password = self.class.encrypt_password(password, salt)
end
end
private
def password_must_be_present
errors.add(:password, "Missing password") unless hashed_password.present?
end
def generate_salt
self.salt = self.object_id.to_s + rand.to_s
end
attr_accessible :hashed_password, :nome, :salt
end
有人能帮我吗?加密方法区分大小写。尝试在哈希密码设置和身份验证中强制密码为upcase或downcase。检查cookie是否已启用…@Thaha kp它们已启用。我已尝试禁用,但它隐藏了浏览器上的错误消息,仍然无法登录。仍然以相同的失败继续。是否尝试使用调试查看用户中的身份验证方法是否正常工作?是的,我执行了,并出现以下错误:Started GET“/assets/users.js?body=1”对于2013-08-12 18:17:43+0200的127.0.0.1服务资产/users.js-304未修改(1ms)[2013-08-12 18:17:43]警告无法确定响应正文的内容长度。设置响应的内容长度或设置响应#chunked=true。我现在使用“thin”作为解决该问题的建议,但我也无法登录。因此,您确定“user”已从user.authenticate正确返回吗?在这种情况下,admin_url映射到的控制器是什么?authorize方法的内容是什么?是的,它发送参数并检索用户,管理员url重定向到StoreController索引。
class UsersController < ApplicationController
# GET /users
# GET /users.xml
def index
@users = User.order(:nome)
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
# GET /users/1
# GET /users/1.xml
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/new
# GET /users/new.xml
def new
@user = User.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/1/edit
def edit
@user = User.find(params[:id])
end
# POST /users
# POST /users.xml
def create
@user = User.new(params[:user])
respond_to do |format|
if @user.save
format.html { redirect_to(users_url,
:notice => "Usuario #{@user.nome} criado com sucesso") }
format.xml { render :xml => @user,
:status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# PUT /users/1
# PUT /users/1.xml
def update
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to(users_url,
:notice => "Usuario #{@user.nome} actualizado com sucesso.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.xml
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
end
class SessionsController < ApplicationController
skip_before_filter :authorize
def new
end
def create
if user = User.authenticate(params[:nome], params[:password])
session[:user_id] = user.id
redirect_to admin_url
else
redirect_to login_url, :alert => "Nome do usuario/password invalido"
end
end
def destroy
session[:user_id] = nil
redirect_to store_url, :notice => "Logged out"
end
end
<div class="mapira_form" >
<%= form_for @user do |f| %>
<% if @user.errors.any? %>
<div id="error_explanation" >
<h2><%= pluralize(@user.errors.count, "error") %>
prohibited this user from being saved:</h2>
<ul>
<% @user.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<fieldset>
<legend>Entrar detalhes do usuarioo</legend>
<div>
<%= f.label :nome %>:
<%= f.text_field :nome, :size => 40 %>
</div>
<div>
<%= f.label :password, 'Password' %>:
<%= f.password_field :password, :size => 40 %>
</div>
<div>
<%= f.label :password_confirmation, 'Confirmar password' %>:
<%= f.password_field :password_confirmation, :size => 40 %>
</div>
<div>
<%= f.submit %>
</div>
</fieldset>
<% end %>
</div>
=> Booting Thin
=> Rails 3.2.9 application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Called from: C:/Ruby193/lib/ruby/gems/1.9.1/gems/actionpack-3.2.9/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `ini
tialize'.
>> Thin web server (v1.5.1 codename Straight Razor)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3000, CTRL+C to stop
Started POST "/login" for 127.0.0.1 at 2013-08-13 10:37:16 +0200
Connecting to database specified by database.yml
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"1a785Bi1Q0DqLq6kdCS7ieP1HJ4Aqh3yLg51rRte31Y=", "nome"=>"prombas", "password"=>"[FILTERED]"
, "commit"=>"Login"}
←[1m←[36mUser Load (1.0ms)←[0m ←[1mSELECT "users".* FROM "users" WHERE "users"."nome" = 'prombas' LIMIT 1←[0m
Redirected to http://localhost:3000/login
Completed 302 Found in 136ms (ActiveRecord: 11.0ms)
Started GET "/login" for 127.0.0.1 at 2013-08-13 10:37:18 +0200
Processing by SessionsController#new as HTML
Rendered sessions/new.html.erb within layouts/application (10.0ms)
Completed 200 OK in 53ms (Views: 53.0ms | ActiveRecord: 0.0ms)
Started GET "/assets/logo.png" for 127.0.0.1 at 2013-08-13 10:37:19 +0200
Served asset /logo.png - 304 Not Modified (5ms)