简体   繁体   English

设计authenticate_admin_user! 升级到 rails 5 后不起作用

[英]Devise authenticate_admin_user! does not work after upgrading to rails 5

I have an old, rather big Rails app I need to upgrade to a current version.我有一个旧的、相当大的 Rails 应用程序,我需要升级到当前版本。 It is currently running on Rails 4.2.11.它目前在 Rails 4.2.11 上运行。 I've managed to upgrade all my gems now, so it runs Rails version 5.0.7.我现在已经成功升级了我所有的 gem,所以它运行 Rails 5.0.7 版。 And I am in a state where the app starts again and mostly works.而且我处于应用程序再次启动并且大部分工作的状态。 While doing so, I've upgraded the devise gem from version 3.4.0 to 4.0.0, but I've also tried 4.7.3.这样做时,我已将设计 gem 从 3.4.0 版升级到 4.0.0,但我也尝试了 4.7.3。 It does not make a difference to my problem.这对我的问题没有影响。

The only thing which does not work correctly is authentication.唯一不能正常工作的是身份验证。 I can load the login screen and login with a user.我可以加载登录屏幕并使用用户登录。 The login is successful, but then I get redirected back to the main application page, instead of the protected resource.登录成功,但随后我被重定向回主应用程序页面,而不是受保护的资源。

From what I could found out, the Devise session is not persisted in the session, but I don't understand why it does not work.据我所知,Devise 会话并没有保留在会话中,但我不明白为什么它不起作用。 I don't get any error in the log.我在日志中没有收到任何错误。 The log displays the initial 401 error when I request the protected resource, and we are redirected to the login form (as expected).当我请求受保护的资源时,日志显示初始 401 错误,我们将被重定向到登录表单(如预期)。 After a successful login (I see the sign_in_count increase in the database), a redirect to the home page happens, instead of the protected resource.成功登录后(我看到数据库中的 sign_in_count 增加),重定向到主页,而不是受保护的资源。

I've added the following code into the index method of the main page controller (to which I get redirected):我已将以下代码添加到主页控制器的 index 方法中(我被重定向到该方法):

class MainController < ApplicationController
  def index
    puts "Current Admin User: #{current_admin_user} nil: #{current_admin_user.nil?} signedIn: #{admin_user_signed_in?}"

   # rest of the code omitted for simplicity
  end
end

The output is as follows:输出如下:

web_1 | [pid: 1] [c48b7285-3f9e-4cb7-94ba-64b6c9d9bd0e] Processing by MainController#index as HTML
web_1 | Current User:  is nil: true signed_in: false

The (simplified) routes.rb file looks like this: (简化的)routes.rb 文件如下所示:

root 'main#index'
devise_for :admin_users

namespace :admin do
  constraints(CheckIp.new) do
    devise_scope :admin_user do # a
      root to: '/admin/main#index' # b
      
      resources :main_admin, path: :main do
        ... # contains sub resources
      end
    end
  end
end

I've added the lines a and b after the upgrade in the hope it fixes my issues, but I could not see any difference.我在升级后添加了 a 和 b 行,希望它能解决我的问题,但我看不出任何区别。 My understanding is that the devise 4 should redirect to the root (line b) inside my scope, but this is not happening.我的理解是设计 4 应该重定向到我的范围内的根(b 行),但这并没有发生。 I also tried to move the line a before the constraints check and again before the admin namespace.我还尝试在约束检查之前移动 a 行,并在 admin 命名空间之前再次移动。 The results are the same in all cases.结果在所有情况下都是相同的。

Routes have priority in the order they are defined.路由按定义的顺序具有优先级。

Since root 'main#index' was defined at the top of the file Rails will already match the request for / before it gets to your second route with the constraint.由于root 'main#index'是在文件顶部定义的,Rails 在到达带有约束的第二条路由之前就已经匹配了对/的请求。

All you have to do is move the default route below the constraint:您所要做的就是将默认路由移动到约束之下:

devise_for :admin_users

namespace :admin do
  constraints(CheckIp.new) do
    devise_scope :admin_user do # a
      root to: '/admin/main#index' # b
      
      resources :main_admin, path: :main do
        ... # contains sub resources
      end
    end
  end
end

root 'main#index'

That way it "falls through" if the constraint or devise_scope does not produce a matching route.如果约束或devise_scope没有产生匹配的路由,那么它就会“ devise_scope

I've finally found the reason for my issues.我终于找到了我的问题的原因。 I've made some modification to the middleware stack for log tagging like this:我对中间件堆栈进行了一些修改以进行日志标记,如下所示:

Rails.configuration.middleware.delete(ActionDispatch::Cookies)
Rails.configuration.middleware.delete(ActionDispatch::Session::CookieStore)
Rails.configuration.middleware.insert_before(Rails::Rack::Logger, ActionDispatch::Session::CookieStore)   
Rails.configuration.middleware.insert_before(ActionDispatch::Session::CookieStore, ActionDispatch::Cookies)

This does not longer work.这不再起作用。 So for the time being I remove the log tagging, as authentication is more important.因此,我暂时删除了日志标记,因为身份验证更为重要。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM