我正在尝试验证我的应用程序,但它无法登录。我看到即使凭据(用户名和密码都可以),它也总是重定向到再次登录。
在我的 user.rb 我有:
class User < ActiveRecord::Base
validates :nome, :presence => true, :uniqueness => true
validates :password, :confirmation => true
attr_accessor :password_confirmation
attr_reader :password
validate :password_must_be_present
def User.authenticate(nome, password)
if user = find_by_nome(nome)
if user.hashed_password == encrypt_password(password, user.salt)
user
end
end
end
def User.encrypt_password(password, salt)
Digest::SHA2.hexdigest(password + "wibble" + salt)
end
# 'password' is a virtual attribute
def password=(password)
@password = password
if password.present?
generate_salt
self.hashed_password = self.class.encrypt_password(password, salt)
end
end
private
def password_must_be_present
errors.add(:password, "Missing password") unless hashed_password.present?
end
def generate_salt
self.salt = self.object_id.to_s + rand.to_s
end
attr_accessible :hashed_password, :nome, :salt
end
在我的 user_controller 我有:
class UsersController < ApplicationController
# GET /users
# GET /users.xml
def index
@users = User.order(:nome)
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
# GET /users/1
# GET /users/1.xml
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/new
# GET /users/new.xml
def new
@user = User.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/1/edit
def edit
@user = User.find(params[:id])
end
# POST /users
# POST /users.xml
def create
@user = User.new(params[:user])
respond_to do |format|
if @user.save
format.html { redirect_to(users_url,
:notice => "Usuario #{@user.nome} criado com sucesso") }
format.xml { render :xml => @user,
:status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# PUT /users/1
# PUT /users/1.xml
def update
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to(users_url,
:notice => "Usuario #{@user.nome} actualizado com sucesso.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.xml
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
end
在我的 session_controller 我有:
class SessionsController < ApplicationController
skip_before_filter :authorize
def new
end
def create
if user = User.authenticate(params[:nome], params[:password])
session[:user_id] = user.id
redirect_to admin_url
else
redirect_to login_url, :alert => "Nome do usuario/password invalido"
end
end
def destroy
session[:user_id] = nil
redirect_to store_url, :notice => "Logged out"
end
end
在我的 _form 中,我有:
<div class="mapira_form" >
<%= form_for @user do |f| %>
<% if @user.errors.any? %>
<div id="error_explanation" >
<h2><%= pluralize(@user.errors.count, "error") %>
prohibited this user from being saved:</h2>
<ul>
<% @user.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<fieldset>
<legend>Entrar detalhes do usuarioo</legend>
<div>
<%= f.label :nome %>:
<%= f.text_field :nome, :size => 40 %>
</div>
<div>
<%= f.label :password, 'Password' %>:
<%= f.password_field :password, :size => 40 %>
</div>
<div>
<%= f.label :password_confirmation, 'Confirmar password' %>:
<%= f.password_field :password_confirmation, :size => 40 %>
</div>
<div>
<%= f.submit %>
</div>
</fieldset>
<% end %>
</div>
我的服务器以这种方式响应:
=> Booting Thin
=> Rails 3.2.9 application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Called from: C:/Ruby193/lib/ruby/gems/1.9.1/gems/actionpack-3.2.9/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `ini
tialize'.
>> Thin web server (v1.5.1 codename Straight Razor)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3000, CTRL+C to stop
Started POST "/login" for 127.0.0.1 at 2013-08-13 10:37:16 +0200
Connecting to database specified by database.yml
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"1a785Bi1Q0DqLq6kdCS7ieP1HJ4Aqh3yLg51rRte31Y=", "nome"=>"prombas", "password"=>"[FILTERED]"
, "commit"=>"Login"}
←[1m←[36mUser Load (1.0ms)←[0m ←[1mSELECT "users".* FROM "users" WHERE "users"."nome" = 'prombas' LIMIT 1←[0m
Redirected to http://localhost:3000/login
Completed 302 Found in 136ms (ActiveRecord: 11.0ms)
Started GET "/login" for 127.0.0.1 at 2013-08-13 10:37:18 +0200
Processing by SessionsController#new as HTML
Rendered sessions/new.html.erb within layouts/application (10.0ms)
Completed 200 OK in 53ms (Views: 53.0ms | ActiveRecord: 0.0ms)
Started GET "/assets/logo.png" for 127.0.0.1 at 2013-08-13 10:37:19 +0200
Served asset /logo.png - 304 Not Modified (5ms)
有人可以帮我吗?