38

我有我的 Rails 应用程序,但我遇到了设计的一个主要问题。我有一个控制器:

class Users::SessionsController < Devise::SessionsController
  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
  include Devise::Controllers::InternalHelpers

def new
    clean_up_passwords(build_resource)

    respond_to do |format|
      format.html { render :layout => "sessions" }
      format.mobile
    end
  end


    # POST /resource/sign_in
    def create
      resource = User.find_by_email(params[:user][:email])  
      resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
      set_flash_message :notice, :signed_in
      sign_in_and_redirect(resource_name, resource)
    end

end

问题是它永远不会让用户登录,它总是停在这一行

resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")

我什至在实际的 gem 文件中放置了大量的记录器,看看我是否能看到任何东西,但什么也没有,我真的不知道如何解决这个问题。如果我将此行注释掉,则用户会登录,但如果电子邮件不在数据库中并且适用于任何密码(这绝对不是正确的解决方案),则会失败

我该如何解决?

更新

这可行,但看起来很hackish

# POST /resource/sign_in
def create
  resource = User.find_by_email(params[:user][:email])

  redirect_to(new_user_session_path, :notice => 'Invalid Email Address or Password. Password is case sensitive.') and return if resource.encrypted_password.blank?      
  bcrypt   = BCrypt::Password.new(resource.encrypted_password)
  password = BCrypt::Engine.hash_secret("#{params[:user][:password]}#{resource.class.pepper}", bcrypt.salt)
  valid = Devise.secure_compare(password, resource.encrypted_password)
 # resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
  if valid
    set_flash_message :notice, :signed_in
    sign_in_and_redirect(resource_name, resource)
  else
    redirect_to(new_user_session_path, :notice => 'Invalid Email Address or Password. Password is case sensitive.') and return    
  end

end
4

4 回答 4

83

如果要登录用户,sign_in请在控制器操作中使用帮助程序:

sign_in(:user, user)
于 2012-02-18T17:01:48.330 回答
1 
  resource = warden.authenticate!(:scope => resource_name)
   sign_in(resource_name, resource)
于 2012-05-10T07:04:50.250 回答
0

以下是标准create操作的工作原理:

  # POST /resource/sign_in
  def create
    self.resource = warden.authenticate!(auth_options)
    set_flash_message!(:notice, :signed_in)
    sign_in(resource_name, resource)
    yield resource if block_given?
    respond_with resource, location: after_sign_in_path_for(resource)
  end

https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L18

于 2019-01-28T16:33:43.057 回答
0

我发现这篇文章对于设置请求规范的登录很有用。 https://makandracards.com/makandra/37161-rspec-devise-how-to-sign-in-users-in-request-specs 

module DeviseRequestSpecHelpers

  include Warden::Test::Helpers

  def sign_in(resource_or_scope, resource = nil)
    resource ||= resource_or_scope
    scope = Devise::Mapping.find_scope!(resource_or_scope)
    login_as(resource, scope: scope)
  end

  def sign_out(resource_or_scope)
    scope = Devise::Mapping.find_scope!(resource_or_scope)
    logout(scope)
  end

end

将其包含在您的 spec_helper 中

RSpec.configure do |config|
  config.include DeviseRequestSpecHelpers, type: :request
end

并根据需要登录

sign_in create(:user, name: 'John Doe')

于 2017-10-15T12:05:49.563 回答