[英]Rails authentication error using bcrypt
I have a list of users I want to show on rails app API. 我有一个要在Rails应用程序API上显示的用户列表。 I am using bcrypt to hash the password.
我正在使用bcrypt哈希密码。 I have created and checked that I have a list of several users on rails console:
我创建并检查了Rails控制台上的几个用户列表:
2.2.2 :010 > User.all
User Load (8.9ms) SELECT "users".* FROM "users"
=> #<ActiveRecord::Relation [#<User id: 2, created_at: "2016-07-19 06:23:35", updated_at: "2016-07-19 06:23:35", username: "iggy1", encrypted_password: "", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil, password_digest: "$2a$10$We2V5sFx3XJNHP9iHTx.5udLA9hEbJVDOcA01nemj0R...">,
I am testing this on localhost. 我正在本地主机上对此进行测试。 The goal is for me to go to
http://localhost:3000/api/users
and have a list of all users in json format. 我的目标是转到
http://localhost:3000/api/users
并以json格式列出所有用户的列表。
When I go to the site, I was prompted username and password. 当我转到该站点时,系统提示我用户名和密码。 I entered one of the User's username and password : "iggy1", "helloworld".
我输入了用户的用户名和密码之一:“ iggy1”,“ helloworld”。 I see this error message:
我看到此错误消息:
SQLite3::SQLException: no such column: users.password: SELECT "users".* FROM "users" WHERE "users"."username" = ? AND "users"."password" = 'helloworld'
My schema looks like: 我的架构如下所示:
create_table "users", force: :cascade do |t|
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "username"
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0, null: false
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.string "password_digest"
end
I tried playing around with it a little bit. 我尝试了一下。 I followed the code given on bcrypt website .
我遵循bcrypt网站上给出的代码。
Here are my codes: 这是我的代码:
#controller/api/users_controller.rb
class UsersController < ApplicationController
def create
@user = User.new(params[:user])
@user.password = params[:password]
@user.save!
end
end
#controllers/users_controller.rb
class UsersController < ApplicationController
def create
@user = User.new(params[:user])
@user.password = params[:password]
@user.save!
end
end
#models/user.rb
require 'bcrypt'
class User < ActiveRecord::Base
#include 'bcrypt'
has_many :lists
has_many :items, through: :lists
has_secure_password
def password
@password ||= Password.new(password_hash)
end
def password=(new_password)
@password = Password.create(new_password)
self.password_hash = @password
end
end
#controllers/application_controller.rb
class ApiController < ApplicationController
skip_before_action :verify_authenticity_token
private
def authenticated?
authenticate_or_request_with_http_basic {|username, password| User.where( username: username, password: password).present? }
end
end
#config routes
Rails.application.routes.draw do
namespace :api, defaults: { format: :json} do #supports JSON requests
resources :users
end
end
Now when I have include 'bcrypt' line un-commented, I see a different error when I go to http://localhost:3000/api/users
现在,当我包含未注释的“ bcrypt”行时,当我转到
http://localhost:3000/api/users
时,会看到另一个错误
wrong argument type String (expected Module)
I have several hypothesis on why this happens. 关于这种情况的发生,我有几个假设。
First, I think it is because I use bcrypt, and it has password_digest. 首先,我认为这是因为我使用bcrypt,并且具有password_digest。 I don't specifically have
password
on my schema (on application controller it says username and password, explicitly). 我的架构上没有特别的
password
(在应用程序控制器上,密码明确显示了用户名和密码)。 I think rails might have tried to look for 'password' but couldn't find it. 我认为Rails可能试图寻找“密码”,但找不到它。 I don't know bcrypt enough to say this is the case, though.
我对bcrypt的了解还不足以说是这种情况。
Second, on bcrypt website , I didn't implement the following code because I was not sure where to put it. 其次,在bcrypt网站上 ,我不确定以下位置,因此未实现以下代码。 Could this be the case bcrypt not behaving as I wanted?
难道是bcrypt无法按照我的要求行事吗?
def login
@user = User.find_by_email(params[:email])
if @user.password == params[:password]
give_token
else
redirect_to home_url
end
end
I was not sure what is missing. 我不确定缺少什么。
There are two fields available for password in your DB Schema 数据库模式中有两个字段可用于输入密码
If you are using Devise for Authentication then encrypted_password
field is used for storing password. 如果您使用的设计进行验证,然后
encrypted_password
字段用于存储密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.