アプリケーションを認証しようとしていますが、ログインに失敗します。資格情報(ユーザー名とパスワードに問題がない場合)でも、常に再度ログインにリダイレクトされることがわかりました。
私のuser.rbには次のものがあります:
class User < ActiveRecord::Base
validates :nome, :presence => true, :uniqueness => true
validates :password, :confirmation => true
attr_accessor :password_confirmation
attr_reader :password
validate :password_must_be_present
def User.authenticate(nome, password)
if user = find_by_nome(nome)
if user.hashed_password == encrypt_password(password, user.salt)
user
end
end
end
def User.encrypt_password(password, salt)
Digest::SHA2.hexdigest(password + "wibble" + salt)
end
# 'password' is a virtual attribute
def password=(password)
@password = password
if password.present?
generate_salt
self.hashed_password = self.class.encrypt_password(password, salt)
end
end
private
def password_must_be_present
errors.add(:password, "Missing password") unless hashed_password.present?
end
def generate_salt
self.salt = self.object_id.to_s + rand.to_s
end
attr_accessible :hashed_password, :nome, :salt
end
私のuser_controllerには次のものがあります:
class UsersController < ApplicationController
# GET /users
# GET /users.xml
def index
@users = User.order(:nome)
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @users }
end
end
# GET /users/1
# GET /users/1.xml
def show
@user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/new
# GET /users/new.xml
def new
@user = User.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @user }
end
end
# GET /users/1/edit
def edit
@user = User.find(params[:id])
end
# POST /users
# POST /users.xml
def create
@user = User.new(params[:user])
respond_to do |format|
if @user.save
format.html { redirect_to(users_url,
:notice => "Usuario #{@user.nome} criado com sucesso") }
format.xml { render :xml => @user,
:status => :created, :location => @user }
else
format.html { render :action => "new" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# PUT /users/1
# PUT /users/1.xml
def update
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to(users_url,
:notice => "Usuario #{@user.nome} actualizado com sucesso.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @user.errors,
:status => :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.xml
def destroy
@user = User.find(params[:id])
@user.destroy
respond_to do |format|
format.html { redirect_to(users_url) }
format.xml { head :ok }
end
end
end
私の session_controller には次のものがあります。
class SessionsController < ApplicationController
skip_before_filter :authorize
def new
end
def create
if user = User.authenticate(params[:nome], params[:password])
session[:user_id] = user.id
redirect_to admin_url
else
redirect_to login_url, :alert => "Nome do usuario/password invalido"
end
end
def destroy
session[:user_id] = nil
redirect_to store_url, :notice => "Logged out"
end
end
私の _form には次のものがあります。
<div class="mapira_form" >
<%= form_for @user do |f| %>
<% if @user.errors.any? %>
<div id="error_explanation" >
<h2><%= pluralize(@user.errors.count, "error") %>
prohibited this user from being saved:</h2>
<ul>
<% @user.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<fieldset>
<legend>Entrar detalhes do usuarioo</legend>
<div>
<%= f.label :nome %>:
<%= f.text_field :nome, :size => 40 %>
</div>
<div>
<%= f.label :password, 'Password' %>:
<%= f.password_field :password, :size => 40 %>
</div>
<div>
<%= f.label :password_confirmation, 'Confirmar password' %>:
<%= f.password_field :password_confirmation, :size => 40 %>
</div>
<div>
<%= f.submit %>
</div>
</fieldset>
<% end %>
</div>
そして、私のサーバーはこのように応答しています:
=> Booting Thin
=> Rails 3.2.9 application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Called from: C:/Ruby193/lib/ruby/gems/1.9.1/gems/actionpack-3.2.9/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `ini
tialize'.
>> Thin web server (v1.5.1 codename Straight Razor)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3000, CTRL+C to stop
Started POST "/login" for 127.0.0.1 at 2013-08-13 10:37:16 +0200
Connecting to database specified by database.yml
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"1a785Bi1Q0DqLq6kdCS7ieP1HJ4Aqh3yLg51rRte31Y=", "nome"=>"prombas", "password"=>"[FILTERED]"
, "commit"=>"Login"}
←[1m←[36mUser Load (1.0ms)←[0m ←[1mSELECT "users".* FROM "users" WHERE "users"."nome" = 'prombas' LIMIT 1←[0m
Redirected to http://localhost:3000/login
Completed 302 Found in 136ms (ActiveRecord: 11.0ms)
Started GET "/login" for 127.0.0.1 at 2013-08-13 10:37:18 +0200
Processing by SessionsController#new as HTML
Rendered sessions/new.html.erb within layouts/application (10.0ms)
Completed 200 OK in 53ms (Views: 53.0ms | ActiveRecord: 0.0ms)
Started GET "/assets/logo.png" for 127.0.0.1 at 2013-08-13 10:37:19 +0200
Served asset /logo.png - 304 Not Modified (5ms)
誰か助けてくれませんか?