我正在尝试在新应用程序中重新创建用户身份验证过程。我有一个旧的,现有的用户身份验证,我真的复制了代码(当然是更改名称),而不是期望它是一个很好的起点......但是它不起作用!我已经尝试了一切,但由于某种原因我无法登录这个程序......也许我忽略了一些东西?
登录.html.erb
<div class="login" style="margin-left: 390px;">
<%= form_tag(:action => 'team_login') do %>
<table>
<tr>
<td><%= label_tag(:username) %></td>
<td><%= text_field_tag(:username) %></td>
</tr>
<tr>
<td><%= label_tag(:password) %></td>
<td><%= password_field_tag(:password) %></td>
</tr>
<tr>
<td> </td>
<td><%= submit_tag("Log In") %></td>
</tr>
</table>
<% end %>
</div>
团队控制器.rb
def team_login
authorized_team = Team.authenticate(params[:username], params[:password])
if authorized_team
#To Do: mark user as logged in
session[:team_id] = authorized_team.id
session[:team_name] = authorized_team.username
#check!
flash[:notice] = "You are now logged in."
redirect_to(:controller => 'show', :id => session[:team_id])
else
flash[:notice] = "Invalid username and password combination"
redirect_to(:action => 'login')
end
end
团队.rb
attr_accessible :username, :password
attr_accessor :password
before_save :create_hashed_password
def self.authenticate(username="", password="")
qTeam = Team.find_by_username(username)
if qTeam && qTeam.password_match?(password)
return qTeam
else
return false
end
end
def password_match?(password="")
hashed == Team.salt_hash(salt, password)
end
def self.make_salt(username="")
Digest::SHA1.hexdigest(" #{username} #{Time.now}")
end
def self.salt_hash(salt="", password="")
Digest::SHA1.hexdigest("#{salt} #{password}")
end
private
def create_hashed_password
unless password.blank?
self.salt = Team.make_salt(username) if salt.blank?
self.hashed = Team.salt_hash(password, salt)
end
end
我意识到创建用户时发生了错误。如果我手动进入并使用保存给用户的盐,密码,并生成一个散列密码,它与保存在数据库中的密码不同。我假设这是发生错误的地方 - 我用来创建用户的模板只是从脚手架生成的标准 _form。所有代码都和上面一样——before_save 运行了几个方法(create_hashed_password、make_salt 和 salt_hash)