Rails:用户身份验证在输入正确的用户名/密码后不会重定向

时间:2012-11-01 15:00:32

标签: ruby-on-rails redirect http-headers authentication

我有一个rails应用程序,出于某种原因我的登录操作不起作用。我输入了正确的用户名/密码,但它没有重定向到所需的“菜单”操作。它只是将我重定向到每次登录操作(我已经设置在登录不成功时发生)。我陈述unless session[:user_id]。当我故意输入错误的密码时,flash消息是正确的,它显示“无效的用户名/密码”,当输入正确的密码时,它不会意味着它识别它,不知何故会话没有被创建。以下是我的代码

应用程序控制器

protected
def confirm_logged_in
    unless session[:user_id]
        flash[:notice] = "Please Log In"
        redirect_to(:controller => 'access', :action => 'login')
        return false
    else
        return true
    end
end

访问控制器(魔法应该发生的地方)

Class AccessController < ApplicationController

layout 'admin'

before_filter :confirm_logged_in, :except => [:login, :attempt_login, :logout]

def index
    menu
    render('menu')
end

def menu
    #display text & links
end

def login
    #login form
end

def attempt_login
    authorised_user = AdminUser.authenticate(params[:username], params[:password])
    if authorised_user
        flash[:notice] = "You are now logged in"
        redirect_to(:action => 'menu')
    else
        flash[:notice] = "Invalid username/password"
        redirect_to(:action => 'login')
    end
end

def logout
    session[:user_id] = nil
    session[:username] = nil
    flash[:notice] = "You have been logged out"
    redirect_to(:action => 'login')
end

end

AdminUser Model

require 'digest/sha1'

class AdminUser < ActiveRecord::Base

# because we created a migration to change the name of the users tabe to admin_users we have   to specify
# set_table_name("admin_users")
# or we can change the class name and file name like we did
attr_accessible :first_name, :last_name, :username, :email 
attr_accessor :password
attr_protected :hashed_password, :salt

scope :named, lambda {|first,last| where(:first_name => first, :last_name => last)}

has_and_belongs_to_many :pages
has_many :section_edits
has_many :sections, :through => :section_edits

EMAIL_REGEX = /^[A-Z0-9._%+-]+@[A-Z)0-9.-]+\.[A-Z]{2,4}$/i

validates_presence_of :first_name
validates_presence_of :last_name
validates_presence_of :username

validates_length_of :first_name, :maximum => 25
validates_length_of :last_name, :maximum => 50
validates_length_of :username, :within => 3..25

validates_length_of :password, :within => 8..25, :on => :create

validates_uniqueness_of :username

validates :email, :presence => true, :length => {:maximum => 100}, :format => EMAIL_REGEX, :confirmation => true

before_save :create_hashed_password
after_save :clear_password

def self.authenticate(username="", password="")
user = AdminUser.find_by_username(username)
if user && user.password_match?(password)
  return user
else
  return false
end
end

def password_match?(password="")
hashed_password == AdminUser.hash_with_salt(password,salt) 
end

def self.make_salt(username="")
Digest::SHA1.hexdigest("User #{username} with #{Time.now} to make salt")
end

def self.hash_with_salt(password="", salt="")
Digest::SHA1.hexdigest("Put #{salt} on the #{password}")
end

private

def create_hashed_password
unless password.blank?
  self.salt = AdminUser.make_salt(username) if salt.blank?
  self.hashed_password = AdminUser.hash_with_salt(password,salt)
end
end

def clear_password
self.password = nil
end

end

1 个答案:

答案 0 :(得分:0)

我找到了解决方案。这很简单。问题是我在登录时没有创建会话,这就是登录无法识别会话的原因,因为它们没有初始化。 在Access Controller中,我只是将其更改为:

def attempt_login
    authorised_user = AdminUser.authenticate(params[:username], params[:password])
    if authorised_user
        session[:user_id] = authorised_user.id
        session[:username] = authorised_user.username
        flash[:notice] = "You are now logged in"
        redirect_to(:action => 'menu')
    else
        flash[:notice] = "Invalid username/password"
        redirect_to(:action => 'login')
    end
end

修正案是添加到代码中的两个会话行