應用強參數后,設計完成401在1ms內未授權
[英]Devise Completed 401 Unauthorized in 1ms after apply strong parameter
問題描述
我只是在我的應用程序中配置了強參數,一切似乎都很好。 但我的設計登錄失敗了。 我仍然可以注冊一個用戶,然后登錄用戶。我在設計3.1.1
我添加到application_controller:
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) }
end
在我的模型中
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :token_authenticatable, :invitable, :invite_for => 2.weeks, :authentication_keys => [:username]
和我的日志一樣,有一個DEPRECATION WARNING:devise:token_authenticatable已被棄用。不確定這是不是問題?
Started POST "/users/login" for 127.0.0.1 at 2013-10-09 21:54:13 +1300
DEPRECATION WARNING: devise :token_authenticatable is deprecated. Please check Devise 3.1 release notes for more information on how to upgrade. (called from <class:User> at /home/jcui/Desktop/workspace/iv/app/models/user.rb:6)
Configuration Load (0.4ms) SELECT "configurations".* FROM "configurations"
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"G1aVfzHcwHAI7ao6sBLF9WtgJAWlQ8c5KlKzEHpZzTo=", "user"=>{"email"=>"xxx@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Completed 401 Unauthorized in 1ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"G1aVfzHcwHAI7ao6sBLF9WtgJAWlQ8c5KlKzEHpZzTo=", "user"=>{"email"=>"xxx@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Rendered devise/shared/_links.erb (0.6ms)
Rendered devise/sessions/new.html.erb within layouts/application (6.8ms)
Completed 200 OK in 169ms (Views: 83.0ms | ActiveRecord: 0.0ms | Solr: 0.0ms)
我試圖在會話新視圖中輸出資源錯誤對象,但沒有錯誤!!
#<ActiveModel::Errors:0xe911424 @base=#<User id: nil, email: "myemail@gmail.com", encrypted_password: "$2a$10$j6lAQhBNgsO01HuBjxbgCOdvd0biRehWhQct50ee8cAo...", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil,
sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil, created_at: nil, updated_at: nil, api_key: nil, avatar: nil, deleted_at: nil, roles_mask: nil, subdomain_id: nil,
invitation_token: nil, invitation_sent_at: nil, invitation_accepted_at: nil, invitation_limit: nil, invited_by_id: nil, invited_by_type: nil, username: nil, avatar_processing: nil, lang: nil>, @messages={}>
1 個解決方案
解決方案1
1 2015-06-20 08:17:14
您在設計模型中使用用戶名作為身份驗證模式
:authentication_keys => [:username]
在您登錄的位置,您有用於身份驗證的電子郵件。 嘗試更改您允許的參數
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) }
至
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :password, :remember_me) }
還要修改config / initializers / devise.rb以使:
config.case_insensitive_keys = [ :email, :username ]
config.strip_whitespace_keys = [ :email, :username ]
如果您想使用用戶名或密碼登錄,請查看此鏈接: https : //github.com/plataformatec/devise/wiki/How-To : -Allow-users- to-sign-in-using-their-username -或電子郵件地址
篩選器鏈因:authenticate_user呈現或重定向而暫停。已完成401未經授權,1ms(ActiveRecord:0.0ms)
[英]Filter chain halted as :authenticate_user rendered or redirected Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.