当我尝试使用已经在数据库中的实际用户信息登录时,错误将被呈现为“无效的电子邮件/密码确认。”,但这不是假设。
为什么?
控制器/ sessions_controller.rb
class SessionsController < ApplicationController
def new
end
def create
user = User.authenticate(params[:session][:email], params[:session][:password])
if user.nil?
flash.now[:error] = "Invalid email/password confirmation."
render :new
else
sign_in user
redirect_to user
end
end
def destroy
sign_out
redirect_to signin_path
end
end
应用/视图/会话/ new.html
<h1>Sign in</h1>
<% if flash[:error] %>
<p><%= flash[:error] %></p>
<% end %>
<%= simple_form_for(:session, url: sessions_path) do |f| %>
<%= f.input :email %>
<%= f.input :password%>
<%= f.button :submit %>
<% end %>
<p>New user? <%= link_to "Sign up now!", signup_path %></p>
应用/助手/ sessions_helper.rb
module SessionsHelper
def sign_in(user)
session[:user_id] = user.id
self.current_user = user
end
def current_user=(user)
@current_user = user
end
def current_user
if session[:user_id]
@current_user ||= User.find(session[:user_id])
end
end
def signed_in?
!current_user.nil?
end
def sign_out
session[:user_id] = nil
self.current_user = nil
end
def current_user?(user)
user == current_user
end
def deny_access
redirect_to signin_path, notice: "Please sign in to access this page."
end
end
模型/ user.rb
class User < ActiveRecord::Base
has_many :tasks
attr_accessor :password, :salt, :encrypted_password
EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :first_name, presence: true,
length: {maximum: 20}
validates :last_name, presence: true,
length: {maximum: 40}
validates :email, presence: true,
format: {with: EMAIL_REGEX},
uniqueness: {case_sensitive: false}
validates :password, presence: true,
confirmation: true,
length: {within: 6..40}
before_save :encrypt_password
def has_password?(submitted_password)
encrypted_password == encrypt(submitted_password)
end
def self.authenticate(email, submitted_password)
user = find_by_email(email)
return nil if user.nil?
return user if user.has_password?(submitted_password)
end
private
def encrypt_password
self.salt = Digest::SHA2.hexdigest("#{Time.now.utc}--#{password}")
self.encrypted_password = encrypt(password)
end
def encrypt(pass)
Digest::SHA2.hexdigest("#{self.salt}--#{pass}")
end
end
有人可以帮忙吗?
答案 0 :(得分:0)
尝试从models / user.rb中的以下行中删除:salt和:encrypted_password
attr_accessor :password, :salt, :encrypted_password
更改为:
attr_accessor :password
这些值存储在数据库中,因此您可能会覆盖为这两个字段创建活动记录的方法,并且它们永远不会被初始化。
答案 1 :(得分:0)
从您的代码中,我看到confirmation :true有一个password,但您的password_confirmation中没有form字段。尝试包括它
<%= f.input :password_confirmation %>
并在attr_accessor模型中将其包含为User。
如果您不想要密码确认字段,请在验证时删除confirmation: true密码。
validates :password, presence: true, length: {within: 6..40}