使用有效信息设计无效的电子邮件或密码
[英]Devise invalid email or password with valid information
问题描述
Here is the setup: 
这是设置:
~/.rvm/gems/ruby-2.1.2/gems/devise-3.2.4
~/.rvm/gems/ruby-2.1.2/gems/rails-4.1.1
~/.rvm/gems/ruby-2.1.2/gems/mongoid-f9e6fdb1a67c
I'm facing an awful error with Devise which never accepts signing a user in except after confirmation. 我面临着Devise的可怕错误,除非经过确认,否则它永远不接受在用户中签名。
I use default devise views for sign in / sign up. 我使用默认的devise视图进行登录/注册。 I overrode two controllers: confirmation, to allow setting up a password from confirmable email as explained in Devise's FAQ and it works like a charm. 我覆盖了两个控制器:确认,以允许按照Devise常见问题解答中的说明从可确认的电子邮件中设置密码,并且它的作用就像一个超级按钮。
I also overrode registration controller to configure permitted parameters for strong parameters as explained in Devise FAQ and this also works like a charm. 我还改写了注册控制器,以按照Devise常见问题解答中的说明为强参数配置允许的参数,这也很吸引人。
Here are my routes: 这是我的路线:
as :user do
patch '/users/confirmation' => 'confirmations#update', :via => :patch, :as => :update_user_confirmation
end
devise_for :users, controllers: { :confirmations => 'confirmations', :registrations => 'registrations' }
Here is my User resource: 这是我的User资源:
class User
include Mongoid::Document
devise :database_authenticatable, :registerable,
:recoverable, :trackable, :validatable,
:confirmable, :lockable, :timeoutable
#required fields
end
So, when creating a user, confirmation mail is sent, confirmation page shows up, user can set his password (which is indeed written in database (checked from console)) and is then signed in and redirected properly. 因此,在创建用户时,将发送确认邮件,显示确认页面,用户可以设置其密码(实际上是写在数据库中(从控制台检查)),然后登录并正确重定向。
Now, if I log the user out and try to log in, I always face the error Invalid email or password and get redirected back to sign_in page. 现在,如果我注销用户并尝试登录,我将始终遇到错误Invalid email or password并被重定向回sign_in页面。
I tried tracking where the problem was and all I could find was that lines beyond self.password = auth_values[:password] of authenticatable#with_authentication_hash strategy were never hit (even though auth_values[:password] is carrying the right password). 我尝试跟踪问题出在哪里,我所能找到的是,从未命中authenticatable#with_authentication_hash策略的self.password = auth_values[:password]以外的行(即使auth_values[:password]携带正确的密码)也没有被发现。
I have no idea what can go wrong with that line. 我不知道那条线会出什么毛病。 Any clue is more than welcome. 任何线索都值得欢迎。
========================= EDITED ========================= =========================编辑======================= =
Here is the registraction controller: 这是注册控制器:
class RegistrationsController < Devise::RegistrationsController
#https://github.com/plataformatec/devise/tree/v3.0.0.rc#strong-parameters
before_filter :configure_permitted_parameters
layout 'public'
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up){ |params| params.permit(:first_name, :email) }
end
end
2 个解决方案
解决方案1
0 2014-06-02 16:44:23
why did you override registration controller? 你为什么要覆盖注册控制器? you can configure permitted parameter in application controller itself(as the explained in the doc which you have pointed at). 您可以在应用程序控制器本身中配置允许的参数(如您所指向的文档中所述)。 I have done it and it works just fine. 我已经做到了,而且效果很好。 i would suggest that you should remove route to controller registration and use application controller to permit extra params. 我建议您应该删除到控制器注册的路由,并使用应用程序控制器允许额外的参数。
解决方案2
0 2014-06-02 21:10:37
OK, I found the answer, someone on my team brutally commited a change to the SessionsController#new.html.erb view. 好的,我找到了答案,我的团队中的某个人残酷地对SessionsController#new.html.erb视图进行了更改。
Instead of 代替
<%= f.email_field :email, autofocus: true %></div>
code was 代码原为
<%= f.email_field :email, autofocus: true, :name => 'email' %></div>
which caused the email field to be dropped out of the user hash. 这导致电子邮件字段从用户哈希中删除。 As it seems that nobody requires(:email), Devise was complaining in fact because email was missing. 似乎没有人要求(:email),Devise实际上抱怨是因为缺少电子邮件。
Thank you BallsOfSteel for your input, you put me on the track dude! 谢谢BallsOfSteel的投入,您让我走上了正轨!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.