我正在使用Devise进行网站身份验证。我的用户模型设置如下:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:token_authenticatable, :confirmable
attr_accessible :email, :name, :password, :password_confirmation, :remember_me, :college_id, :role
使用以下路线:
devise_for :users
as :user do
get 'sign_in' => 'devise/sessions#new', :as => :login
post 'sign_in' => 'devise/sessions#create', :as => :user_session
delete 'sign_out' => 'devise/sessions#destroy', :as => :logout
get 'signup' => 'devise/registrations#new', :as => :signup
get 'forgot_password' => 'devise/passwords#new', :as => :forgot_password
get 'resend_confirmation' => 'devise/confirmations#new', :as => :resend_confirmation
end
并且收到以下错误:
Started POST "/sign_in" for 127.0.0.1 at 2013-05-06 19:57:34 -0400
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"iy0BI3A6zY5TTIJ2eYkOpgwFIFubO2O8wII8GAmjDmE=", "email"=>"user@cmu.edu", "password"=>"[FILTERED]", "x"=>"-630", "y"=>"-434"}
Completed 401 Unauthorized in 1ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"iy0BI3A6zY5TTIJ2eYkOpgwFIFubO2O8wII8GAmjDmE=", "email"=>"user@cmu.edu", "password"=>"[FILTERED]", "x"=>"-630", "y"=>"-434"}
这在UI上显示为“无效的电子邮件或密码”。但是我确信输入的密码是正确的,并且用户存在于数据库中(通过控制台验证)。 Devise似乎没有对数据库进行任何查询。这是正常的吗?
有什么想法吗?感谢所有帮助。
答案 0 :(得分:2)
在config / initializers / devise.rb
中试试config.authentication_keys = [ :email ]
在user.rb中,您需要为:password添加attr_accessor,因为出于安全原因,该密码未保存到数据库中
attr_accessor :password