我正在尝试学习如何使用 Rails 编写登录系统,但我觉得我现在正在努力解决这个问题,我遵循了这个指南:
http://rubysource.com/rails-userpassword-authentication-from-scratch-part-ii/
但我不确定它是否是为 Rails 4 和 Ruby 2 开发的。
我不断收到此错误:
我感觉这与会话的控制器有关,但我不完全确定,所以我将包括我的所有文件。
用户.rb
class User < ActiveRecord::Base
attr_accessor :username, :email, :password, :password_confirmation
EMAIL_REGEX = /\A[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]+\z/
validates :username, :presence => true, :uniqueness => true, :length => { :in => 3..20 }
validates :email, :presence => true, :uniqueness => true, :format => EMAIL_REGEX
validates :password, :confirmation => true #password_confirmation attr
validates_length_of :password, :in => 6..20, :on => :create
before_save :encrypt_password
after_save :clear_password
def encrypt_password
if password.present?
self.salt = BCrypt::Engine.generate_salt
self.encrypted_password= BCrypt::Engine.hash_secret(password, salt)
end
end
def clear_password
self.password = nil
end
def self.authenticate(username_or_email="", login_password="")
if EMAIL_REGEX.match(username_or_email)
user = User.find_by_email(username_or_email)
else
user = User.find_by_username(username_or_email)
end
if user && user.match_password(login_password)
return user
else
return false
end
end
def match_password(login_password="")
encrypted_password == BCrypt::Engine.hash_secret(login_password, salt)
end
end
users_controller.rb
class UsersController < ApplicationController
before_filter :save_login_state, :only => [:new, :create]
def new
@user = User.new
end
def create
@user = User.new(user_params)
if @user.save
flash[:notice] = "You Signed up successfully"
flash[:color]= "valid"
else
flash[:notice] = "Form is invalid"
flash[:color]= "invalid"
end
render "new"
end
def user_params
params.require(:user).permit(:username, :email, :password, :password_confirmation)
end
end
session_controller.rb
class SessionsController < ApplicationController
before_filter :authenticate_user, :only => [:home, :profile, :setting]
before_filter :save_login_state, :only => [:login, :login_attempt]
def login
end
def login_attempt
authorized_user = User.authenticate(params[:username_or_email],params[:login_password])
if authorized_user
session[:user_id] = authorized_user.id
flash[:notice] = "Wow Welcome again, you logged in as #{authorized_user.username}"
redirect_to(:action => 'home')
else
flash[:notice] = "Invalid Username or Password"
flash[:color]= "invalid"
render "login"
end
end
def logout
session[:user_id] = nil
redirect_to :action => 'login'
end
application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
protected
def authenticate_user
unless session[:user_id]
redirect_to(:controller => 'sessions', :action => 'login')
return false
else
# set current user object to @current_user object variable
@current_user = User.find session[:user_id]
return true
end
end
def save_login_state
if session[:user_id]
redirect_to(:controller => 'sessions', :action => 'home')
return false
else
return true
end
end
end
登录.html.erb
<% @page_title = "UserAuth | Login" -%>
<div class= "Sign_Form">
<h1>Log in</h1>
<%= form_tag :sessions => :login_attempt do %>
<p>Username or Email:</br> <%= text_field_tag(:username_or_email) %></p>
<p>Password:</br> <%= password_field_tag :login_password %></p>
<%= submit_tag("Log In") %>
<% end %>
</div>
路线.rb
BillingSystem::Application.routes.draw do
root :to => "sessions#login"
match "signup", :to => "users#new", via: [:get, :post]
match "login", :to => "sessions#login", via: [:get, :post]
match "logout", :to => "sessions#logout", via: [:get, :post]
match "home", :to => "sessions#home", via: [:get, :post]
match "profile", :to => "sessions#profile", via: [:get, :post]
match "setting", :to => "sessions#setting", via: [:get, :post]
end