登录后,用户将重定向受authenticate_user!保护的控制器:
before_filter :authenticate_user!
在Rails 3.2.8中,这不会进行身份验证并返回'Completed 401 Unauthorized'。
但是,它适用于Rails 3.2.7,但仅限于我将account_id添加到表单(HAML)
= f.hidden_field :account_id, :value => @account.id
添加了隐藏字段后,我在日志中看到了这个查询:
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."email" = 'email@gmail.com' AND "users"."account_id" = 41 LIMIT 1
但是,当我删除account_id隐藏字段时,不会执行用户查询,并且日志显示相同的“已完成401未授权”消息。
在Rails 3.2.8中,无论是否有account_id,它都不起作用。
我正在使用最新的Devise(2.1.2)
这个问题长期困扰着我,所以非常感谢任何帮助。
编辑:
我的路线中有这个.rb:
devise_for :users, :controllers => { :passwords => "passwords", :sessions => "sessions", :omniauth_callbacks => "users/omniauth_callbacks" }
和我的初始值设定项/ devise.rb:
Devise.setup do |config|
# ==> Mailer Configuration
# Configure the e-mail address which will be shown in DeviseMailer.
config.mailer_sender = "info@mydomain.com"
# Configure the class responsible to send e-mails.
# config.mailer = "Devise::Mailer"
# ==> ORM configuration
# Load and configure the ORM. Supports :active_record (default) and
# :mongoid (bson_ext recommended) by default. Other ORMs may be
# available as additional gems.
require 'devise/orm/active_record'
# omniauth stuff
require "omniauth-facebook"
require 'openid/store/filesystem'
config.omniauth :facebook, "#key", "#secret"
config.omniauth :open_id, :store => OpenID::Store::Filesystem.new('/tmp'), :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id', :require => 'omniauth-openid'
# ==> Configuration for any authentication mechanism
# Configure which keys are used when authenticating a user. The default is
# just :email. You can configure it to use [:username, :subdomain], so for
# authenticating a user, both parameters are required. Remember that those
# parameters are used only when authenticating and not when retrieving from
# session. If you need permissions, you should implement that in a before filter.
# You can also supply a hash where the value is a boolean determining whether
# or not authentication should be aborted when the value is not present.
config.authentication_keys = [ :email, :account_id ]
# Configure which authentication keys should be case-insensitive.
# These keys will be downcased upon creating or modifying a user and when used
# to authenticate or find a user. Default is :email.
config.case_insensitive_keys = [ :email ]
# Configure which authentication keys should have whitespace stripped.
# These keys will have whitespace before and after removed upon creating or
# modifying a user and when used to authenticate or find a user. Default is :email.
config.strip_whitespace_keys = [ :email ]
config.stretches = 10
config.reset_password_within = 2.hours
config.navigational_formats = [:"*/*", "*/*", :html, :mobile]
config.sign_out_via = :delete
end