我正在创建基本的Devise / Rails授权设置,无法使用已知/验证的电子邮件/密码值登录用户。据我所知,在这里我什么都不能说出来。 Signin params显示传递给服务器的正确数据:
开始发布" / users / sign_in" for :: 1 at 2017-07-08 14:34:45 -0400 由Devise处理:: SessionsController #create as HTML参数: {" utf8" =>"✓"," authenticity_token" =>" Fa7u5V ... lq81XEw ==", "用户" => {"电子邮件" =>" teb@gmail.com","密码" =>&#34 [FILTERED]&#34 ;, " remember_me" =>" 0"},"提交" =>"登录"}
服务器输出指示用户的存在(基于具有已知电子邮件值的SELECT语句):
用户负载(0.7ms)SELECT"用户"。* FROM"用户"哪里 #&34;用户""电子邮件" = $ 1 LIMIT $ 2 [[" email"," teb@gmail.com"],[" LIMIT", 11]] @user:#]>
但是当Devise在此检查语句之后立即运行相同的查询时,它将返回"已完成401未经授权......"
用户负载(0.6ms)SELECT"用户"。* FROM"用户"哪里 #&34;用户""电子邮件" = $ 1 ORDER BY"用户"。" id" ASC限制2美元[["电子邮件", " teb@gmail.com"],[" LIMIT",1]]在14ms内完成401未授权 (ActiveRecord:1.9ms)
以下是routes.rb和user.rb模型文件:
======= routes.rb =======
Rails.application.routes.draw do
get "/" => "users#home"
devise_for :users
resources :users do
resources :posts
end
end
======= user.rb =======
class User < ApplicationRecord
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
has_many :posts
has_many :comments
end
可能导致这种缺乏授权的原因是什么?任何帮助将不胜感激!
答案 0 :(得分:0)
Look for your controllers and Application controller with the statements such as cuurent_user or before_action
class UsersController < ApplicationController
before_filter :login_required, :only => [:method1,:method2]
...
end
could be that the method you are trying to call is listed as requiring authentication, but you are not logged in.
Can you also post an excerpt of your Controller with the methods in it?
Another possible problem is that your route might be defined incorrectly: