当我登录日志文件时,我收到以下日志文件输出:
Started POST "/login" for x.x.x.x at 2015-09-15 17:40:56 -0400
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"MO/Efr8/893XItcJdmNGsrq1iZ0
94AS/+GubuIRcpIhqZcWoRXyFnOK15TjoJOtfD9BUhDRKV2fpb1Gk1EqTSw==", "session"=>{"e
mail"=>"5@5.com", "password"=>"[FILTERED]"}, "commit"=>"Log in"}
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"
."email" IS NULL LIMIT 1
Rendered sessions/new.html.erb within layouts/application (1.3ms)
user.rb
class User < ActiveRecord::Base
has_secure_password
validates :password_digest, length: { minimum: 6 }
end
app / view / sessions中的new.html如下
app / view / sessions中的new.html.erb
<% provide(:title, "Log in") %>
<h1>Log in</h1>
<div class="row">
<div class="col-md-6 col-md-offset-3">
<%= form_for(:session, url: login_path) do |f| %>
<%= f.label :email %>
<%= f.email_field :email, class: 'form-control' %>
<%= f.label :password %>
<%= f.password_field :password, class: 'form-control' %>
<%= f.submit "Log in", class: "btn btn-primary" %>
<% end %>
<p>New user? <%= link_to "Sign up now!", signup_path %></p>
</div>
</div>
我的application.html.erb文件如下:
<html>
<head>
<title>RailsBlog</title>
<%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
<%= javascript_include_tag 'application' %>
<%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
<%= csrf_meta_tags %>
</head>
<body>
<div class="container">
<%= link_to "sample app", root_path, id: "logo" %>
<nav>
<ul class="nav navbar-nav navbar-right">
<li><%= link_to "Home", root_path %></li>
<% if logged_in? %> Welcome, <%= current_user.email %>
<li><%= link_to "Users", '#' %></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
Account <b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><%= link_to "Profile", current_user %></li>
<li><%= link_to "Settings", '#' %></li>
<li class="divider"></li>
<li>
<%= link_to "Log out", logout_path, method: "delete" %>
</li>
</ul>
</li>
<% else %>
<li><%= link_to "Log in", login_path %></li>
<% end %>
</ul>
</nav>
</div>
<%= yield %>
</body>
</html>
我的session.controller文件如下:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
redirect_to root_url, :notice => "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
def destroy
session[:user_id] = nil
redirect_to root_url, :notice => "Logged out!"
end
end
我的application.controller文件如下
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
include SessionsHelper
=begin
private
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
helper_method :current_usera
=end
helper_method :current_user, :logged_in?
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def logged_in?
current_user != nil
end
end
我的SessionsHelper如下(来自帮助目录)
module SessionsHelper
#Logs in the given user
def log_in(user)
session[:user_id] = user.id
end
#returns the current logged-in user (if
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
end
routes.rb文件:
get 'signup' => 'users#new'
get 'login' => 'sessions#new'
post 'login' => 'sessions#create'
delete 'logout' => 'sessions#destroy'
resources :users # , only: [:new, :create, :destroy]
resources :authors
resources :posts
resources :sessions
# get 'posts/index'
root 'users#index'
我在我的Gem文件中启用了bcrypt,之后我也运行了bundle install。
答案 0 :(得分:1)
表单中的会话字段将传递到params[:session]下的控制器,因此您要使用
user = User.find_by_email(params[:session][:email])
而不是
user = User.find_by_email(params[:email])。
答案 1 :(得分:1)
您在验证密码长度方面也存在重大错误。 不验证摘要的长度(总是超过6个字符,顺便说一下)。验证密码的长度。
而不是:
validates :password_digest, length: { minimum: 6 }
使用:
validates :password, length: { minimum: 6 }