When I'm trying to sign in with an actual user information who's already in database, an error's being rendered "Invalid email/password confirmation.", however it's not supposed.
Why is that?
controllers/sessions_controller.rb
class SessionsController < ApplicationController
def new
end
def create
user = User.authenticate(params[:session][:email], params[:session][:password])
if user.nil?
flash.now[:error] = "Invalid email/password confirmation."
render :new
else
sign_in user
redirect_to user
end
end
def destroy
sign_out
redirect_to signin_path
end
end
app/views/sessions/new.html
<h1>Sign in</h1>
<% if flash[:error] %>
<p><%= flash[:error] %></p>
<% end %>
<%= simple_form_for(:session, url: sessions_path) do |f| %>
<%= f.input :email %>
<%= f.input :password%>
<%= f.button :submit %>
<% end %>
<p>New user? <%= link_to "Sign up now!", signup_path %></p>
app/helpers/sessions_helper.rb
module SessionsHelper
def sign_in(user)
session[:user_id] = user.id
self.current_user = user
end
def current_user=(user)
@current_user = user
end
def current_user
if session[:user_id]
@current_user ||= User.find(session[:user_id])
end
end
def signed_in?
!current_user.nil?
end
def sign_out
session[:user_id] = nil
self.current_user = nil
end
def current_user?(user)
user == current_user
end
def deny_access
redirect_to signin_path, notice: "Please sign in to access this page."
end
end
models/user.rb
class User < ActiveRecord::Base
has_many :tasks
attr_accessor :password, :salt, :encrypted_password
EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :first_name, presence: true,
length: {maximum: 20}
validates :last_name, presence: true,
length: {maximum: 40}
validates :email, presence: true,
format: {with: EMAIL_REGEX},
uniqueness: {case_sensitive: false}
validates :password, presence: true,
confirmation: true,
length: {within: 6..40}
before_save :encrypt_password
def has_password?(submitted_password)
encrypted_password == encrypt(submitted_password)
end
def self.authenticate(email, submitted_password)
user = find_by_email(email)
return nil if user.nil?
return user if user.has_password?(submitted_password)
end
private
def encrypt_password
self.salt = Digest::SHA2.hexdigest("#{Time.now.utc}--#{password}")
self.encrypted_password = encrypt(password)
end
def encrypt(pass)
Digest::SHA2.hexdigest("#{self.salt}--#{pass}")
end
end
Can somebody help?
Try removing :salt and :encrypted_password from the following line in models/user.rb
attr_accessor :password, :salt, :encrypted_password
change to:
attr_accessor :password
Those values are stored in the database so chances are you're overwriting the methods created my active-record for those two fields and they're never being initialised.
From your code, what I see is there is a confirmation :true
for password
but you don't have password_confirmation
field in your form
. Try including it
<%= f.input :password_confirmation %>
and also include it as attr_accessor
in User
model.
If you don't want a confirmation field for password, then remove confirmation: true
for password in validations.
validates :password, presence: true, length: {within: 6..40}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.