在登录时设计401
问题描述:
我使用Devise进行网站身份验证。我有我的用户模型设置如下:在登录时设计401
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:token_authenticatable, :confirmable
attr_accessible :email, :name, :password, :password_confirmation, :remember_me, :college_id, :role
有以下途径:
devise_for :users
as :user do
get 'sign_in' => 'devise/sessions#new', :as => :login
post 'sign_in' => 'devise/sessions#create', :as => :user_session
delete 'sign_out' => 'devise/sessions#destroy', :as => :logout
get 'signup' => 'devise/registrations#new', :as => :signup
get 'forgot_password' => 'devise/passwords#new', :as => :forgot_password
get 'resend_confirmation' => 'devise/confirmations#new', :as => :resend_confirmation
end
和我收到以下错误:
Started POST "/sign_in" for 127.0.0.1 at 2013-05-06 19:57:34 -0400
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"iy0BI3A6zY5TTIJ2eYkOpgwFIFubO2O8wII8GAmjDmE=", "email"=>"[email protected]", "password"=>"[FILTERED]", "x"=>"-630", "y"=>"-434"}
Completed 401 Unauthorized in 1ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"iy0BI3A6zY5TTIJ2eYkOpgwFIFubO2O8wII8GAmjDmE=", "email"=>"[email protected]", "password"=>"[FILTERED]", "x"=>"-630", "y"=>"-434"}
这是显示在用户界面上向上作为“无效的电子邮件或密码”。但是我确信输入的密码是正确的,并且用户存在于数据库中(通过控制台验证)。设计似乎没有对数据库进行任何查询。这是正常的吗?
任何想法?所有的帮助表示赞赏。
答
尝试这种在配置/初始化/ devise.rb
config.authentication_keys = [ :email ]
在user.rb您需要添加attr_accessor为:密码未保存到数据库出于安全原因
attr_accessor :password
确保您的设计控制器的定制版本不要求您进行认证。确保它们是原始设计基类的扩展,而不仅仅是'ApplicationController'。它看起来像设置,以便应用程序要求您进行身份验证才能进行身份验证。你能告诉我们你的'SessionsController'吗? – PaReeOhNos 2013-05-07 00:46:13
我没有自定义的SesssionController,我完全使用Devise控制器。 – NolanDC 2013-05-07 01:40:39
嗯,为什么你有'as:用户做'块呢?对于普通的老设计,你只需要'devise_for:users'。尝试评论整个区块,看看是否有帮助? – PaReeOhNos 2013-05-07 01:41:39