Rails设计登录401未经授权

Question

What I am trying to do

I am trying to set up the Authentication with Devise in the Session Controller , methods new and create . I am using Rails 5 and I customized the View new.html.erb .

What is the problem

I am not able to authenticate successfully after signing out from the Account. The problem is connected with the sign_in_params hash , which is passed blank to the new method of the session_controller

Testing of the functionality

I conducted a test of the Login , by including a breakpoint in my Account::SessionsController , I noticed that the sign_in_params hash was blank, then the program exits with 401 Unauthorized .

     8: def new
     9:   self.resource = resource_class.new(sign_in_params)
 => 10:   clean_up_passwords(resource)
    11:   yield resource if block_given?
    12:   respond_with(resource, serialize_options(resource))
    13: end

sign_in_params => {}

My Code

I was able by resetting my code to identify the cause of my problem. It is connected to the custom Devise View that I modified in app/views/devise/sessions/new.html.erb

This is the code:

<form class="login-form" action="index.html">        
  <div class="login-wrap">
  <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
      <p class="login-img"><i class="icon_lock_alt"></i></p>
      <div class="field">
      </div>      
      <div class="input-group">
        <span class="input-group-addon"><i class="icon_profile"></i></span>
        <%= f.email_field :email, autofocus: true, :class => "form-control", :placeholder => "Username" %>
        <!--<input type="text" class="form-control" placeholder="Username" autofocus>-->
      </div>
      <div class="input-group">
          <span class="input-group-addon"><i class="icon_key_alt"></i></span>
          <%= f.password_field :password, autocomplete: "off", :class => "form-control", :placeholder => "Password" %>
      </div>
      <% if devise_mapping.rememberable? -%>
      <label class="checkbox">
          <%= f.check_box :remember_me %> 
          <%= f.label :remember_me, :class => "remember_me_Label" %>
          <span class="pull-right"> <%= link_to "Forgot Password?", {}, :id => "lostPw" %></span>
      </label>
      <% end -%>      
      <%= f.submit "Login", :class => "btn btn-primary btn-lg btn-block" %>
      <%= link_to "Signup", new_account_registration_path, :method => :get, class: "btn btn-info btn-lg btn-block signuptext" %>
      <% end %>
  </div>
</form>

In the log, I have the following important informations, but no errors:

Started GET "/account/index.html?utf8=%E2%9C%93&authenticity_token=s1aA%2FNcZo1HIkF1qJOlrIAlM9rJM3y1ced8tQLiWnGsSugBVs0AYKVJR8QLa1I%2BT500sYu7H1%2BPQ2UwH3JG2ew%3D%3D&account%5Bemail%5D=test%40email.com&account%5Bpassword%5D=[FILTERED]&account%5Bremember_me%5D=0&commit=Login" for 127.0.0.1 at 2017-02-06 19:16:04 +0100 (pid:8311)
2017-02-06 19:16:04.557 [fyi] Processing by AccountController#index as HTML (pid:8311)
2017-02-06 19:16:04.557 [fyi] Parameters: {"utf8"=>"✓", "authenticity_token"=>"s1aA/NcZo1HIkF1qJOlrIAlM9rJM3y1ced8tQLiWnGsSugBVs0AYKVJR8QLa1I+T500sYu7H1+PQ2UwH3JG2ew==", "account"=>{"email"=>"test@email.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Login"} (pid:8311)
2017-02-06 19:16:04.558 [fyi] Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms) (pid:8311)

Following is the solution of the problem Thanks Fabrizio Bertoglio

Answer 1

Solution

The problem is in the html code of new.html.erb , as I did not remove the html <form> tags from the html and this would cause problems with my <%= form_for > <% end %> rails tag. This is the reason why strong_params is empty.

The form was not submitting any value to the controller , the problem could have been easily discovered by debugging directly the new.html.erb view instead of the controller.

Was helpful having the input from Max, that suggested me to restart all over with Devise , so that I could understand that the problem was connected with the form and not with rails strong parameters .

This is the correct new.html.erb.

<%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { class: "login-form"}) do |f| %>
  <div class="login-wrap">
    <p class="login-img"><i class="icon_lock_alt"></i></p>    
    <div class="input-group">
      <span class="input-group-addon"><i class="icon_profile"></i></span>
      <%#= f.label :email %>
      <%= f.email_field :email, autofocus: true, :class => "form-control", :placeholder => "Username" %>
      <!--<input type="text" class="form-control" placeholder="Username" autofocus>-->
    </div>
    <div class="input-group">
        <span class="input-group-addon"><i class="icon_key_alt"></i></span>
        <%#= f.label :password %>
        <%= f.password_field :password, autocomplete: "off", :class => "form-control", :placeholder => "Password" %>
    </div>
    <% if devise_mapping.rememberable? -%>
    <label class="checkbox">
        <%= f.check_box :remember_me %> 
        <%= f.label :remember_me, :class => "remember_me_Label" %>
        <span class="pull-right"> <%= link_to "Forgot Password?", {}, :id => "lostPw" %></span>
    </label>
    <% end -%>      
    <%= f.submit "Login", :class => "btn btn-primary btn-lg btn-block" %>
    <%= link_to "Signup", new_registration_path(resource_name), :method => :get, class: "btn btn-info btn-lg btn-block signuptext" %>

    <div class="links ">
    <%= render "devise/shared/links2" %>
    </div>

  </div>
<% end %>

<div class="text-right">
        <div class="credits">
            <!-- 
                All the links in the footer should remain intact. 
                You can delete the links only if you purchased the pro version.
                Licensing information: https://bootstrapmade.com/license/
                Purchase the pro version form: https://bootstrapmade.com/buy/?theme=NiceAdmin
            -->
            <a href="https://bootstrapmade.com/free-business-bootstrap-themes-website-templates/">Business Bootstrap Themes</a> by <a href="https://bootstrapmade.com/">BootstrapMade</a>
        </div>
    </div>
</div>