0

Railsを使用してログインシステムを作成する方法を学ぼうとしていますが、今はこれをハッキングしているように感じます。このガイドに従いました:

http://rubysource.com/rails-userpassword-authentication-from-scratch-part-ii/

ただし、Rails 4 および Ruby 2 用に開発されたものかどうかはわかりません。

このエラーが発生し続けます:

Rails フレームワーク エラー

セッションのコントローラーに関係しているように感じますが、完全にはわからないので、すべてのファイルを含めます。

ユーザー.rb

   class User < ActiveRecord::Base
    attr_accessor :username, :email, :password, :password_confirmation
    EMAIL_REGEX = /\A[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]+\z/
    validates :username, :presence => true, :uniqueness => true, :length => { :in => 3..20 }
    validates :email, :presence => true, :uniqueness => true, :format => EMAIL_REGEX
    validates :password, :confirmation => true #password_confirmation attr
    validates_length_of :password, :in => 6..20, :on => :create

    before_save :encrypt_password
    after_save :clear_password

    def encrypt_password
        if password.present?
            self.salt = BCrypt::Engine.generate_salt
            self.encrypted_password= BCrypt::Engine.hash_secret(password, salt)
        end
    end

    def clear_password
        self.password = nil
    end
    def self.authenticate(username_or_email="", login_password="")
        if EMAIL_REGEX.match(username_or_email)
            user = User.find_by_email(username_or_email)
        else
            user = User.find_by_username(username_or_email)
        end

        if user && user.match_password(login_password)
            return user
        else
            return false
        end
    end

    def match_password(login_password="")
        encrypted_password == BCrypt::Engine.hash_secret(login_password, salt)
    end
end

users_controller.rb

class UsersController < ApplicationController
    before_filter :save_login_state, :only => [:new, :create]
    def new
        @user = User.new
    end
    def create
        @user = User.new(user_params)
        if @user.save
            flash[:notice] = "You Signed up successfully"
            flash[:color]= "valid"
        else
            flash[:notice] = "Form is invalid"
            flash[:color]= "invalid"
        end
        render "new"
    end
    def user_params
        params.require(:user).permit(:username, :email, :password, :password_confirmation)
    end
end

sessions_controller.rb

class SessionsController < ApplicationController

    before_filter :authenticate_user, :only => [:home, :profile, :setting]
    before_filter :save_login_state, :only => [:login, :login_attempt]

    def login

    end

    def login_attempt
        authorized_user = User.authenticate(params[:username_or_email],params[:login_password])
        if authorized_user
            session[:user_id] = authorized_user.id
            flash[:notice] = "Wow Welcome again, you logged in as #{authorized_user.username}"
            redirect_to(:action => 'home')
        else
            flash[:notice] = "Invalid Username or Password"
            flash[:color]= "invalid"
            render "login"  
        end
    end
    def logout
        session[:user_id] = nil
        redirect_to :action => 'login'
    end

application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  protected
    def authenticate_user
        unless session[:user_id]
            redirect_to(:controller => 'sessions', :action => 'login')
            return false
        else
            # set current user object to @current_user object variable
            @current_user = User.find session[:user_id]
            return true
        end
    end

    def save_login_state
        if session[:user_id]
            redirect_to(:controller => 'sessions', :action => 'home')
            return false
        else
            return true
        end
    end
end

login.html.erb

<% @page_title = "UserAuth | Login" -%>
<div class= "Sign_Form">
    <h1>Log in</h1>
    <%= form_tag :sessions => :login_attempt do %>
        <p>Username or Email:</br> <%= text_field_tag(:username_or_email) %></p>
        <p>Password:</br> <%= password_field_tag :login_password %></p>
        <%= submit_tag("Log In") %>
    <% end %>
</div>

ルート.rb

BillingSystem::Application.routes.draw do
    root :to => "sessions#login"
    match "signup", :to => "users#new", via: [:get, :post]
    match "login", :to => "sessions#login", via: [:get, :post]
    match "logout", :to => "sessions#logout", via: [:get, :post]
    match "home", :to => "sessions#home", via: [:get, :post]
    match "profile", :to => "sessions#profile", via: [:get, :post]
    match "setting", :to => "sessions#setting", via: [:get, :post]
end
4

3 に答える 3

0

これは私にとってはうまくいき、同じチュートリアルを試しました。root :to => "sessions#login"
get "signup", :to => "users#new"
get "login", :to => "sessions#login"
post "login_attempt", :to => "sessions# login_attempt"
get "logout", :to => "sessions#logout"
get "home", :to => "sessions#home"
get "profile", :to => "sessions#profile"
get "setting", : to => "sessions#setting"
リソース :users

于 2014-09-17T09:21:35.093 に答える