1

我正在使用 Devise 进行站点身份验证。我的用户模型设置如下:

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :lockable, :timeoutable and :omniauthable

  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable,
         :token_authenticatable, :confirmable 

  attr_accessible :email, :name, :password, :password_confirmation, :remember_me, :college_id, :role

有以下路线:

  devise_for :users
  as :user do
    get 'sign_in'             => 'devise/sessions#new',       :as => :login
    post 'sign_in'            => 'devise/sessions#create',    :as => :user_session
    delete 'sign_out'         => 'devise/sessions#destroy',   :as => :logout
    get 'signup'              => 'devise/registrations#new',  :as => :signup
    get 'forgot_password'     => 'devise/passwords#new',      :as => :forgot_password
    get 'resend_confirmation' => 'devise/confirmations#new',  :as => :resend_confirmation
  end

并收到以下错误:

Started POST "/sign_in" for 127.0.0.1 at 2013-05-06 19:57:34 -0400
Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"iy0BI3A6zY5TTIJ2eYkOpgwFIFubO2O8wII8GAmjDmE=", "email"=>"user@cmu.edu", "password"=>"[FILTERED]", "x"=>"-630", "y"=>"-434"}
Completed 401 Unauthorized in 1ms
Processing by Devise::SessionsController#new as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"iy0BI3A6zY5TTIJ2eYkOpgwFIFubO2O8wII8GAmjDmE=", "email"=>"user@cmu.edu", "password"=>"[FILTERED]", "x"=>"-630", "y"=>"-434"}

这在 UI 上显示为“无效的电子邮件或密码”。但是我确信输入的密码是正确的,并且用户存在于数据库中(通过控制台验证)。设计似乎没有对数据库进行任何查询。这是正常的吗?

有任何想法吗?感谢所有帮助。

4

1 回答 1

2

在 config/initializers/devise.rb 试试这个 

config.authentication_keys = [ :email ]

在 user.rb 中,您需要为 :password 添加 attr_accessor,因为出于安全原因,它不会保存到数据库中

attr_accessor :password
于 2013-05-07T11:03:12.447 回答