尝试使用Devise登录用户时,我收到了无效的真实性令牌错误。
我的布局中有authenticity_token,请求参数中存在protect_from_forgery with: :exception。正如其他问题的答案所示,before_action :authenticate_user!在protect_from_forgery之前。
如果我注释掉Started POST "/users/sign_in" for 127.0.0.1 at 2018-01-19 16:13:46 -0500
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[TOKEN]", "user"=>{"badge_number"=>"0285", "password"=>"[FILTERED]"}, "commit"=>"Log in"}
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`badge_number` = '0285' ORDER BY `users`.`id` ASC LIMIT 1
(0.2ms) SELECT `divisions`.`id` FROM `divisions` INNER JOIN `divisions_users` ON `divisions`.`id` = `divisions_users`.`division_id` WHERE `divisions_users`.`user_id` = 2
CACHE (0.0ms) SELECT `divisions`.`id` FROM `divisions` INNER JOIN `divisions_users` ON `divisions`.`id` = `divisions_users`.`division_id` WHERE `divisions_users`.`user_id` = 2 [["user_id", 2]]
Redirected to http://localhost:3000/
Completed 302 Found in 141ms (ActiveRecord: 2.1ms)
Started GET "/" for 127.0.0.1 at 2018-01-19 16:13:46 -0500
Processing by IncidentsController#index as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms)
,我会在服务器日志中看到以下内容:
/所以看起来登录工作正常,但是重定向到请求的路径(docker_image 'rancher/convoy-agent' do
tag 'v0.9.0'
action :pull
end
docker_container 'convoy-nfs-storagepool' do
labels ['io.rancher.container.create_agent:true', 'io.rancher.scheduler.affinity:host_label:nfs-server=true']
labels ['mount_dir:/', "nfs_server:#{node['hostname']}"]$
command "storagepool-agent"
repo 'rancher/convoy-agent:v0.9.0'
volumes [ '/var/run:/host/var/run', '/run:/host/run']
subscribes :run, 'docker_image[rancher/convoy-agent]'
end
docker_container 'convoy-nfs' do
labels ['io.rancher.scheduler.global:true', 'io.rancher.container.create_agent:true']
labels ['mount_dir:/', "nfs_server:#{node['hostname']}", 'mount_opts: proto=tcp,port=2049,nfsvers=4']$
command "volume-agent-nfs"
repo 'rancher/convoy-agent:v0.9.0'
pid_mode host
privileged true
volumes [ '/var/run:/host/var/run', '/run:/host/run', '/lib/modules:/lib/modules:ro', '/proc:/host/proc', '/etc/docker/plugins:/etc/docker/plugins']
subscribes :run, 'docker_image[rancher/convoy-agent]'
end
docker _image 'cpuguy83/nfs-server' do
action :pull
end
docker_container 'nfs' do
repo 'cpuguy83/nfs-server'
command "/exports"
privileged true
volumes "/exports"
subscribes :run, 'docker_image[cpuguy83/nfs-server]'
end
)会导致401并重定向到登录页面,就像登录不起作用一样。
然而,这一切都没有真正解释为什么我首先得到了真实性令牌错误。
不确定调查问题的下一步可能是什么,因为据我所知,所有必需的CSRF令牌验证元素都已到位。
答案 0 :(得分:1)
对于Rails 5,请注意不再保留protect_from_forgery before_action链,所以如果你之前设置了authenticate_user protect_from_forgery,您的请求将导致"无法验证CSRF 令牌真实性。" [link]
要解决此问题,请更改您调用它们的顺序,或使用:
protect_from_forgery with: :exception, prepend: true
答案 1 :(得分:1)
我通过清除localhost的cookie来解决这个问题。
我曾通过localhost端口使用SSH隧道访问生产站点,因此基于冲突会话的cookie和secret_key_base位于localhost域中。
我通过将Rails环境添加到cookie的名称来防止再次发生这种情况:
Rails.application.config.session_store :cookie_store, key: "_incidents_#{Rails.env}_session"
因此,尽管使用localhost访问我的开发和生产环境,但他们会因为处于不同的环境而写入不同的cookie。