堆栈内存溢出
  简体   繁体   English

使用bcrypt的Rails身份验证错误

[英]Rails authentication error using bcrypt

 原文  2016-07-21 05:37:19       ruby-on-rails/ ruby/ api/ bcrypt

问题描述

I have a list of users I want to show on rails app API. 我有一个要在Rails应用程序API上显示的用户列表。 I am using bcrypt to hash the password. 我正在使用bcrypt哈希密码。 I have created and checked that I have a list of several users on rails console: 我创建并检查了Rails控制台上的几个用户列表: 

2.2.2 :010 > User.all
  User Load (8.9ms)  SELECT "users".* FROM "users"
 => #<ActiveRecord::Relation [#<User id: 2, created_at: "2016-07-19 06:23:35", updated_at: "2016-07-19 06:23:35", username: "iggy1", encrypted_password: "", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil, password_digest: "$2a$10$We2V5sFx3XJNHP9iHTx.5udLA9hEbJVDOcA01nemj0R...">,

I am testing this on localhost. 我正在本地主机上对此进行测试。 The goal is for me to go to http://localhost:3000/api/users and have a list of all users in json format. 我的目标是转到http://localhost:3000/api/users并以json格式列出所有用户的列表。

When I go to the site, I was prompted username and password. 当我转到该站点时,系统提示我用户名和密码。 I entered one of the User's username and password : "iggy1", "helloworld". 我输入了用户的用户名和密码之一:“ iggy1”,“ helloworld”。 I see this error message: 我看到此错误消息: 

SQLite3::SQLException: no such column: users.password: SELECT "users".* FROM "users" WHERE "users"."username" = ? AND "users"."password" = 'helloworld'

My schema looks like: 我的架构如下所示: 

create_table "users", force: :cascade do |t|
    t.datetime "created_at",                          null: false
    t.datetime "updated_at",                          null: false
    t.string   "username"
    t.string   "encrypted_password",     default: "", null: false
    t.string   "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer  "sign_in_count",          default: 0,  null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip"
    t.string   "last_sign_in_ip"
    t.string   "password_digest"
  end

I tried playing around with it a little bit. 我尝试了一下。 I followed the code given on bcrypt website . 我遵循bcrypt网站上给出的代码。

Here are my codes: 这是我的代码: 

#controller/api/users_controller.rb

class UsersController < ApplicationController
  def create
    @user = User.new(params[:user])
    @user.password = params[:password]
    @user.save!
  end
end


#controllers/users_controller.rb

class UsersController < ApplicationController
  def create
    @user = User.new(params[:user])
    @user.password = params[:password]
    @user.save!
  end
end


#models/user.rb

require 'bcrypt'

class User < ActiveRecord::Base
  #include 'bcrypt'
  has_many :lists
  has_many :items, through: :lists
  has_secure_password

  def password
    @password ||= Password.new(password_hash)
  end

  def password=(new_password)
    @password = Password.create(new_password)
    self.password_hash = @password
  end

end


#controllers/application_controller.rb

class ApiController < ApplicationController
  skip_before_action :verify_authenticity_token
  private

def authenticated?
    authenticate_or_request_with_http_basic {|username, password| User.where( username: username, password: password).present? }
  end
end

#config routes

Rails.application.routes.draw do
  namespace :api, defaults: { format: :json} do #supports JSON requests
    resources :users
  end
end

Now when I have include 'bcrypt' line un-commented, I see a different error when I go to http://localhost:3000/api/users 现在,当我包含未注释的“ bcrypt”行时,当我转到http://localhost:3000/api/users时,会看到另一个错误 

wrong argument type String (expected Module)

I have several hypothesis on why this happens. 关于这种情况的发生,我有几个假设。

First, I think it is because I use bcrypt, and it has password_digest. 首先,我认为这是因为我使用bcrypt,并且具有password_digest。 I don't specifically have password on my schema (on application controller it says username and password, explicitly). 我的架构上没有特别的password (在应用程序控制器上,密码明确显示了用户名和密码)。 I think rails might have tried to look for 'password' but couldn't find it. 我认为Rails可能试图寻找“密码”,但找不到它。 I don't know bcrypt enough to say this is the case, though. 我对bcrypt的了解还不足以说是这种情况。

Second, on bcrypt website , I didn't implement the following code because I was not sure where to put it. 其次,在bcrypt网站上 ,我不确定以下位置,因此未实现以下代码。 Could this be the case bcrypt not behaving as I wanted? 难道是bcrypt无法按照我的要求行事吗? 

  def login
    @user = User.find_by_email(params[:email])
    if @user.password == params[:password]
      give_token
    else
      redirect_to home_url
    end
  end

I was not sure what is missing. 我不确定缺少什么。

1 个解决方案

解决方案1
 1 已采纳  2016-07-21 05:50:41

There are two fields available for password in your DB Schema 数据库模式中有两个字段可用于输入密码

If you are using Devise for Authentication then encrypted_password field is used for storing password. 如果您使用的设计进行验证,然后encrypted_password字段用于存储密码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 BCrypt身份验证始终失败 - BCrypt authentication always failing RAILS Rails Bcrypt加载错误 - Rails bcrypt load error Ruby on Rails 4身份验证,设计vs bcrypt - Ruby on Rails 4 authentication, devise vs bcrypt Rails中的BCrypt :: Errors :: InvalidHash错误 - BCrypt::Errors::InvalidHash error in Rails 在 Rails 上使用 Ruby 您可以使用会话和身份验证(gem bcrypt)拥有多种用户类型吗? - Using Ruby on rails can you have multiple user types using sessions and authentication (gem bcrypt)? 在Rails中使用BCrypt进行手动身份验证 - Using BCrypt in Rails to manually authenticate Rails 5:Gem bcrypt-抛出错误“无法加载此类文件-bcrypt” - Rails 5: Gem bcrypt - is throwing an error “cannot load such file — bcrypt” Ruby on Rails bcrypt-ruby错误 - Ruby on Rails bcrypt-ruby error Rails 加载错误 - bcrypt 的库版本不兼容 - Rails Load Error - incompatible library version for bcrypt bcrypt错误:设计ruby 2.0和rails 3.2.13 - bcrypt error: Devise ruby 2.0 and rails 3.2.13
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM