Authlogic忽略密码参数

时间:2013-06-22 04:14:58

标签: ruby-on-rails ruby authlogic

创建新用户时,Authlogic似乎忽略了密码参数。这是我的users_controller类:

class Api::V1::UsersController < ApplicationController

  def create
    @user = User.new(user_params)

    respond_to do |format|
      if @user.save
        format.json  { render :json => @user, :status => :created}
      else
        format.json  { render :json => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  private
  def user_params
    params.require(:user).permit(:username, :email, :password)
  end

end

我的用户模型:

class User < ActiveRecord::Base
    acts_as_authentic do |c|
      c.require_password_confirmation = false
    end
end

当我使用用户名,电子邮件和密码参数向/ api / v1 / users /发送POST请求时,authlogic表示密码不能为空,即使它不是。这是由铁轨打印出来的:

Started POST "/api/v1/users/" for 127.0.0.1 at 2013-06-22 00:03:30 -0400
Processing by Api::V1::UsersController#create as */*
  Parameters: {"email"=>"someemail@website.com", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"someemail@website.com"}}
   (0.2ms)  BEGIN
  User Exists (0.4ms)  SELECT 1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER('someemail@website.com') LIMIT 1
  User Exists (0.2ms)  SELECT 1 AS one FROM "users" WHERE LOWER("users"."username") = LOWER('myUser') LIMIT 1
  User Exists (0.3ms)  SELECT 1 AS one FROM "users" WHERE "users"."persistence_token" = '7b72bab3627914d33e83e4efe1c5a9dab190750efb227698c8b5b6be7a7ccf118160d8e12623078543e0f4e5f31eb30828799cb0d97fb2af195daee894c79902' LIMIT 1
   (0.2ms)  ROLLBACK
Completed 422 Unprocessable Entity in 33ms (Views: 0.2ms | ActiveRecord: 3.2ms)

我正在使用最新的authlogic和Ruby 2 / Rails 4。

2 个答案:

答案 0 :(得分:3)

看一下Rails日志中的摘录:

{"email"=>"someemail@website.com", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"someemail@website.com"}}

看起来你发送了一些错误的参数。要被Authlogic识别,password参数应该在参数hash的user键下。即来自Rails日志的那一行应该是这样的(注意字符串的结尾):

{"email"=>"someemail@website.com", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"someemail@website.com", "password" => "[FILTERED]"}}

要修复它,你可以这样做:

private
def user_params
  params.require(:user).permit(:username, :email).merge(:password => :password)
end

或者,您可以调整从客户端发送的参数(例如,在发送user[password]请求时使用password参数的名称而不仅仅是HTTP POST

答案 1 :(得分:0)

试试这个: - 

acts_as_authentic do |config|
  config.check_passwords_against_database = false
  config.validate_password_field = false
  config.crypted_password_field = false
end
相关问题
最新问题