2

已解决:对不起,伙计们,我自己解决了这个问题,方法是执行 db:reset 并修复导致一些问题的之前的过滤器方法之一。

每当我在本地主机上运行我的应用程序时,我都会立即登录。我在多个浏览器上尝试过,每次都会发生同样的事情。退出功能也不起作用。我不知道该怎么做。我在这里有一个应用程序的回购...... https://github.com/thejourneydude/template

我的问题是,为什么我的退出功能不起作用,为什么我每次去 localhost 时都会自动登录?我正在关注 Hartl 的教程,但有一些偏差,所以如果你已经完成了教程,这应该看起来很熟悉。

这是会话控制器页面...

class SessionsController < ApplicationController

def new
end

def create
  user = User.find_by_email(params[:session][:email].downcase)
  if user && user.authenticate(params[:session][:password])
    #sign user in
    sign_in user
    redirect_back_or user
  else
    #create an error
    render 'new'
    flash.now[:error] = "Invalid email/password combination"
  end
end

def destroy
  sign_out
  redirect_to root_url
end

end

这是会话帮助页面...

module SessionsHelper

  def sign_in(user)
    session[:remember_token] = user.remember_token
    self.current_user = user
  end

  def signed_in?
    !current_user.nil?
  end

  def current_user=(user)
    @current_user = user
  end

  def current_user
    @current_user ||= User.find_by_remember_token(session[:remember_token])
  end

  def current_user?(user)
    user == current_user
  end

  def sign_out
    self.current_user = nil
    session.delete(:remember_token)
  end

  def redirect_back_or(default)
    redirect_to(session[:return_to] || default)
    session.delete(:return_to)
  end

  def store_location
    session[:return_to] = request.url
  end

end

这是我的用户模型页面

class User < ActiveRecord::Base

  attr_accessible :name, :email, :password, :password_confirmation

  has_secure_password

  before_save { |user| user.email = email.downcase }
  before_save :create_remember_token

  validates :name,  presence: true, length: { maximum: 50 }

  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i

  validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: { 
  case_sensitive: false }

  validates :password, length: {minimum: 6}

  validates :password_confirmation, presence: true

  private
     def create_remember_token
      self.remember_token = SecureRandom.urlsafe_base64
     end

end

顺便说一句,每当我点击退出按钮时,这里就是我的开发日志。

Started DELETE "/signout" for 127.0.0.1 at 2012-11-09 20:38:32 -0500
Processing by SessionsController#destroy as HTML
  Parameters: {"authenticity_token"=>"i9mqiuYTW3YWxNU5h1RdtgTeb/2oOWPJU2yjjZQWMfw="}
Redirected to http://localhost:3000/
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)


Started GET "/" for 127.0.0.1 at 2012-11-09 20:38:32 -0500
Processing by StaticPagesController#home as HTML
  Rendered static_pages/home.html.erb within layouts/application (1.2ms)
  Rendered layouts/_shim.html.erb (0.1ms)
  [1m[36mUser Load (1.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE 
"users"."remember_token" IS NULL LIMIT 1[0m
  Rendered layouts/_header.html.erb (6.9ms)
  Rendered layouts/_footer.html.erb (1.4ms)
Completed 200 OK in 83ms (Views: 81.1ms | ActiveRecord: 1.1ms)
4

2 回答 2

1

我可以在您发布的代码中看到的唯一问题是当前用户方法当前不检查会话中是否存在 remember_token。

  def current_user
    @current_user ||= User.find_by_remember_token(session[:remember_token])
  end

如果没有设置 remember_token,上面的代码将导致一个查询,该查询试图找到一个没有 remember_token 的用户。如果它找到这样的用户,它将登录该用户。

尽管我看到您有一个 after_create 回调来为用户设置记住令牌,但您的开发数据库可能包含在您添加回调之前创建的此类用户。

以这样的方式更改代码可能是个好主意,即在查询数据库之前检查 remember_token 的存在

def current_user
 if session_token[:remember_token]
  @current_user ||= User.find_by_remember_token(session[:remember_token])
 end
end
于 2012-11-12T04:05:35.157 回答
1

I solved the issue by doing a db:reset and commenting out redirect_signed_in_user before filter method in Users controller. Thanks for the help everyone.

于 2012-11-12T04:39:17.947 回答