注销不工作轨道3.2

时间:2012-06-27 22:07:25

标签: ruby-on-rails-3 session destroy

我已经完成了Michael Hartl的教程,现在我用它来构建一个项目。对于身份验证/授权,我基本上使用的是教程和我用它构建的示例应用程序中的相同代码。在我的项目中虽然注销(销毁会话)不起作用。点击退出链接后,它会重定向到主页,但它在导航中有错误的链接,我仍然可以访问我不应该访问的页面(表示我仍然登录),我不能弄清楚什么是错的。有什么想法吗?

会话控制器

class SessionsController < ApplicationController
 def new
render 'new'
end

def create
user = User.find_by_email(params[:session][:email])
if user && user.authenticate(params[:session][:password])
  sign_in user
  redirect_to user
else
  flash.now[:error] = 'Invalid email/password combination'
  render 'new'
end
end

def destroy
 sign_out
 redirect_to root_path
end
end

Sessions Helper 

module SessionsHelper

  def sign_in(user)
cookies.permanent[:remember_token] = user.remember_token
self.current_user = user
end

def signed_in?
!current_user.nil?
end

def current_user=(user)
@current_user = user
end

def current_user
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
end

def current_user?(user)
user == current_user
end

def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
end

标题链接

  <header>
          <h1><%= link_to image_tag('logo.gif'), root_path %></h1>
           <div id="login-sec">
          <div class="login-row">
            <div class="col">

            <% if signed_in? %>

            <ul>
              <li><%= link_to "Signout", signout_path, method: "delete" %></li>
            </ul>

            <% else %>  

            <ul>
                <li><%= link_to "Forgot Password", "#" %></li>
                <li class="last"><%= link_to "New user register here", signup_path %>               </li>
            </ul>

            <br /><br /><center><%= link_to image_tag('go-btn.png'), signin_path %></center>
            <% end %>

          </div>
        </header>

用户模型(记住令牌已创建)

class User < ActiveRecord::Base
attr_accessible :company, :name, :email, :password, :password_confirmation
has_secure_password

before_save { |user| user.email = email.downcase }
before_save :create_remember_token

validates :name,  presence: true, length: { maximum: 70 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, 
                  format: { with: VALID_EMAIL_REGEX },
                  uniqueness: { case_sensitive: false }
validates :password, presence: true, length: { minimum: 6 }
validates :password_confirmation, presence: true        

private

def create_remember_token
  self.remember_token = SecureRandom.urlsafe_base64
end       
end

路线档案

App::Application.routes.draw do
resources :users
resources :sessions, only: [:new, :create, :destroy]

root to: 'static_pages#home'

match '/about',          to: 'static_pages#about'
match '/contact',        to: 'static_pages#contact'
match '/signup',         to: 'users#new'
match '/about-yourself', to: 'users#about-yourself'
match '/signin',         to: 'sessions#new'
match '/signout',        to: 'sessions#destroy', via: :delete

3 个答案:

答案 0 :(得分:2)

想出来。在我进行注销操作之前,我创建了用户,因此我可以测试登录和注册操作。不记得为这些用户创建了令牌,因此他们总是登录并且没有记住要销毁的令牌

答案 1 :(得分:0)

您提供的所有代码看起来都不错。你确定在config / routes.rb中有相应的条目,它应该看起来像    匹配'/ signout',以:'sessions#destroy',通过:: delete

答案 2 :(得分:0)

正如您正确指出的那样,问题在于没有记忆令牌的用户。

如果您的用户型号有以下行:

before_save:create_remember_token

然后只需通过rails控制台循环并重新保存数据库中的每个条目即可:

User.all.each { |user| user.save(validate:false)}

或者,rake db:reset然后通过网站创建所有新用户。

相关问题
最新问题