[英]What am I missing in this Authenticaton implementation?
這是一個Rails應用,我已經在一個控制器上實現了身份驗證,除了這樣的1個視圖
before_filter :authenticate, except: [:new]
身份驗證在控制器內運行良好。
允許公眾查看.............
localhost:3000/softruns/new
並且不允許公眾視野.............
localhost:3000/softrunss/1/edit
localhost:3000/softruns <---- index page
問題在於,當用戶提交localhost:3000 / softruns / new中的表單時,它將觸發身份驗證。 成功提交后,我什至將用戶重定向到home / index.html頁面。
我可能會缺少什么?
這是我的softruns_controller.rb
require 'digest/sha2'
class SoftrunsController < ApplicationController
before_filter :authenticate, except: [:new]
before_action :set_softrun, only: [:show, :edit, :update, :destroy]
# GET /softruns
# GET /softruns.json
def index
@softruns = Softrun.all
end
# GET /softruns/1
# GET /softruns/1.json
def show
end
# GET /softruns/new
def new
@softrun = Softrun.new
end
# GET /softruns/1/edit
def edit
end
# POST /softruns
# POST /softruns.json
def create
@softrun = Softrun.new(softrun_params)
respond_to do |format|
if @softrun.save
format.html { redirect_to root_path, notice: 'Softrun was successfully created.' }
format.json { render action: 'show', status: :created, location: @softrun }
else
format.html { render action: 'new' }
format.json { render json: @softrun.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /softruns/1
# PATCH/PUT /softruns/1.json
def update
respond_to do |format|
if @softrun.update(softrun_params)
format.html { redirect_to @softrun, notice: 'Softrun was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @softrun.errors, status: :unprocessable_entity }
end
end
end
# DELETE /softruns/1
# DELETE /softruns/1.json
def destroy
@softrun.destroy
respond_to do |format|
format.html { redirect_to softruns_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_softrun
@softrun = Softrun.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def softrun_params
params.require(:softrun).permit(:soft_email, :soft_twitter, :prim_session)
end
private
def authenticate
userhash = { }
User.all.each do |user|
userhash.store(user.username, user.password)
end
authenticate_or_request_with_http_digest("localhost") do |username|
userhash[username]
end
end
end
當用戶提交表單時,它將調用操作create,並且該表單需要身份驗證,因此表單將失敗。 如果將其添加到例外列表中,則可以根據需要創建新記錄。
before_filter :authenticate, except: [:new, :create]
另外,before_action和before_filter相同(Rails 4優先使用)。在Rails中,您不必在每個private方法上都使用private。 班級內低於私人的一切都將是私人的
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.