解决:对不起,伙计们,我通过做db解决了这个问题:重置并修复导致某些问题的前一种过滤方法。
每当我在我的本地主机上运行我的应用程序时,我立即登录。我在多个浏览器上尝试过此操作,每次都会发生同样的事情。注销功能也不起作用。我不知道该怎么做。我在这里有一个应用程序的回购...... https://github.com/thejourneydude/template
我的问题是,为什么我的签名功能不起作用,为什么每当我去localhost时我都会自动登录?我正在按照Hartl的教程进行一些偏差,所以如果您完成了本教程,这应该看起来很熟悉。
这是会话控制器页面......
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
#sign user in
sign_in user
redirect_back_or user
else
#create an error
render 'new'
flash.now[:error] = "Invalid email/password combination"
end
end
def destroy
sign_out
redirect_to root_url
end
end
这是会话帮助页面......
module SessionsHelper
def sign_in(user)
session[:remember_token] = user.remember_token
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
@current_user = user
end
def current_user
@current_user ||= User.find_by_remember_token(session[:remember_token])
end
def current_user?(user)
user == current_user
end
def sign_out
self.current_user = nil
session.delete(:remember_token)
end
def redirect_back_or(default)
redirect_to(session[:return_to] || default)
session.delete(:return_to)
end
def store_location
session[:return_to] = request.url
end
end
这是我的用户模型页面
class User < ActiveRecord::Base
attr_accessible :name, :email, :password, :password_confirmation
has_secure_password
before_save { |user| user.email = email.downcase }
before_save :create_remember_token
validates :name, presence: true, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: {
case_sensitive: false }
validates :password, length: {minimum: 6}
validates :password_confirmation, presence: true
private
def create_remember_token
self.remember_token = SecureRandom.urlsafe_base64
end
end
对于踢球,每当我点击退出按钮时,这是我的开发日志。
Started DELETE "/signout" for 127.0.0.1 at 2012-11-09 20:38:32 -0500
Processing by SessionsController#destroy as HTML
Parameters: {"authenticity_token"=>"i9mqiuYTW3YWxNU5h1RdtgTeb/2oOWPJU2yjjZQWMfw="}
Redirected to http://localhost:3000/
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Started GET "/" for 127.0.0.1 at 2012-11-09 20:38:32 -0500
Processing by StaticPagesController#home as HTML
Rendered static_pages/home.html.erb within layouts/application (1.2ms)
Rendered layouts/_shim.html.erb (0.1ms)
[1m[36mUser Load (1.1ms)[0m [1mSELECT "users".* FROM "users" WHERE
"users"."remember_token" IS NULL LIMIT 1[0m
Rendered layouts/_header.html.erb (6.9ms)
Rendered layouts/_footer.html.erb (1.4ms)
Completed 200 OK in 83ms (Views: 81.1ms | ActiveRecord: 1.1ms)
答案 0 :(得分:1)
我在你发布的代码中看到的唯一问题是当前用户方法当前没有检查会话中是否存在remember_token。
def current_user
@current_user ||= User.find_by_remember_token(session[:remember_token])
end
如果未设置remember_token,则上述代码将导致查询尝试查找没有remember_token的用户。如果找到这样的用户,则会将该用户记录在其中。
虽然我看到你有一个用于为用户设置记忆令牌的after_create回调,但你的开发数据库可能包含在添加回调之前创建的用户。
更改代码可能是一个好主意,它会在查询db之前检查remember_token是否存在
def current_user
if session_token[:remember_token]
@current_user ||= User.find_by_remember_token(session[:remember_token])
end
end
答案 1 :(得分:1)
我通过执行db来解决了这个问题:在Users控制器中的filter方法之前重置并注释掉redirect_signed_in_user。感谢大家的帮助。