Rails 4带有Clearance密码重置问题

时间:2013-08-10 19:22:07

标签: ruby-on-rails authentication ruby-on-rails-4 clearance

我正在使用身份验证gem' clearance'构建一个Rails 4应用程序。我有点困惑于以下问题:

当用户忘记他/她的密码并想要设置新密码时,找不到该用户。 (但存在于DB中),这是服务器日志:

Started PUT "/passwords/1?token=[FILTERED]" for 127.0.0.1 at 2013-08-10 21:00:58 +0200
Processing by PasswordsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "password_reset"=>"[FILTERED]", "token"=>"[FILTERED]", "id"=>"1"}
  User Load (1.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" IS NULL AND "users"."confirmation_token" = 'bcc6a5b49bc64628eff15bf92761fe1775ef252c' LIMIT 1
  Rendered passwords/new.html.slim within layouts/application (0.9ms)
  Rendered partials/_favicon_styles.html.slim (0.4ms)
  User Load (0.9ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  Rendered partials/_navigation.html.slim (11.2ms)
  Rendered partials/_notification.html.slim (0.1ms)
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  Rendered partials/_footer.html.slim (1.0ms)
Filter chain halted as :forbid_non_existent_user rendered or redirected
Completed 200 OK in 38ms (Views: 33.0ms | ActiveRecord: 2.3ms)

但是当用户登录时,他或她可以更改密码并且登录也能正常工作..

我认为问题出在查询中,我发送了带有表单的id,但是当id到达查询时它表示IS NULL。但我已经挣扎了几个小时,但找不到解决方案。

还有7次缓存请求有问题吗?

提前致谢!

更新

更改了强参数和'find_user_by_id_and_confimatrion_token'方法,如下所示:

  def find_user_by_id_and_confirmation_token
    Clearance.configuration.user_model.
    find_by_id_and_confirmation_token params[:**id**], params[:token].to_s  
  end
  

这是:user_id,这不是params的名称。

  def password_reset_params
    # if params.has_key? :user
    #   ActiveSupport::Deprecation.warn %{Since locales functionality was added, accessing params[:user] is no longer supported.}
    #   params[:user][:password]
    # else
    #   params[:password_reset][:password]
    # end

    params.require(:password_reset).permit(:password_reset, :password, :token, :id)
  end

但这引发了另一个错误:

Started PUT "/passwords/1?token=[FILTERED]" for 127.0.0.1 at 2013-08-11 16:31:20 +0200
  Processing by PasswordsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "password_reset"=>"       [FILTERED]", "token"=>"[FILTERED]", "id"=>"1"}
  User Load (1.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'd892a4698f5eff29e34378716ebd46414ad6e8cf' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'd892a4698f5eff29e34378716ebd46414ad6e8cf' LIMIT 1
  (0.4ms)  BEGIN
  User Exists (1.0ms)  SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'user@test.nl' AND "users"."id" != 1) LIMIT 1
  (0.4ms)  ROLLBACK
  Rendered passwords/edit.html.slim within layouts/application (1.2ms)
  Rendered partials/_favicon_styles.html.slim (0.3ms)
  User Load (0.9ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  Rendered partials/_navigation.html.slim (4.7ms)
  Rendered partials/_notification.html.slim (0.1ms)
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  Rendered partials/_footer.html.slim (0.4ms)
Completed 200 OK in 112ms (Views: 12.5ms | ActiveRecord: 4.1ms)

它表示用户已存在,并回滚更改。因为这是更新,所以用户必须存在。

更新2

我仍在尝试解决此问题,此处是正在编辑密码的登录用户与通过密码忘记方法(未登录)之间的区别

登录用户更改密码

Started PATCH "/admin/users/1" for 127.0.0.1 at 2013-08-13 16:12:07 +0200
  Processing by Admin::UsersController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"password"=>"     [FILTERED]", "password_confirmation"=>"[FILTERED]"}, "id"=>"1"}
  User Load (1.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = 'f1078c2b74f6b3b3c9950b87a5b927db3f2bffcd' LIMIT 1
  User Load (0.8ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1(0.4ms)    
  BEGIN
  User Exists (1.0ms)  SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'info@netventief.nl' AND "users"."id" != 1) LIMIT 1
  SQL (1.6ms)  UPDATE "users" SET "encrypted_password" = $1, "updated_at" = $2 WHERE "users"."id" = 1  [["encrypted_password", "$2a$10$F4p6N0va/TY2nKOiXOSQ7e23NnHPyDytQZ6EvhtGd7FJ2oTMVFbSS"], ["updated_at", Tue, 13 Aug 2013 16:12:07 CEST +02:00]](12.6ms)
  COMMIT
  Rendered admin/users/edit.html.slim within layouts/application (8.7ms)
  Rendered partials/_favicon_styles.html.slim (0.3ms)
  Rendered partials/_olderbrowser.html (0.0ms)
  Rendered partials/_navigation.html.slim (2.6ms)
  Rendered partials/_notification.html.slim (0.1ms)
  Rendered partials/_footer.html.slim (0.1ms)
Completed 200 OK in 167ms (Views: 23.0ms | ActiveRecord: 17.3ms)

忘记密码并输入新密码的用户

Started PUT "/passwords/1?token=[FILTERED]" for 127.0.0.1 at 2013-08-13 16:58:45 +0200
  Processing by PasswordsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"password"=>"[FILTERED]"}, "token"=>"[FILTERED]", "id"=>"1"}
  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'b198361b098c1bf110a2171dd7f00258d9ca9240' LIMIT 1
  CACHE   
  (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'b198361b098c1bf110a2171dd7f00258d9ca9240' LIMIT 1
  (0.3ms)BEGIN
  User Exists (0.5ms)  SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'info@netventief.nl' AND "users"."id" != 1) LIMIT 1
  (0.2ms) ROLLBACK
  Rendered passwords/edit.html.slim within layouts/application (1.4ms)
  Rendered partials/_favicon_styles.html.slim (0.3ms)
  Rendered partials/_olderbrowser.html (0.0ms)
  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  Rendered partials/_navigation.html.slim (5.0ms)
  Rendered partials/_notification.html.slim (0.1ms)
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
  Rendered partials/_footer.html.slim (0.5ms)
Completed 200 OK in 102ms (Views: 14.7ms | ActiveRecord: 2.0ms)

仍然期待Put / Patch方法和所有缓存警报。这对我来说似乎很相似..我曾尝试使用补丁http方法,但它没有帮助。

更新3

也是我的控制器代码,它与Clearance :: PasswordsController几乎相同。删除了我的问题未调用的方法。

require 'active_support/deprecation'

class PasswordsController < ApplicationController

skip_before_filter :authorize, :only => [:create, :edit, :new, :update]
before_filter :forbid_missing_token, :only => [:edit, :update]
before_filter :forbid_non_existent_user, :only => [:edit, :update]

def edit
  @user = find_user_for_edit
  render :template => 'passwords/edit'
end

def update
  @user = find_user_for_update

  if @user.update_attributes( password: password_reset_params )
    sign_in @user
    redirect_to url_after_update
  else
    flash_failure_after_update
    render :template => 'passwords/edit'
  end
end

private

def password_reset_params
  if params.has_key? :user
    ActiveSupport::Deprecation.warn %{Since locales functionality was added, accessing params[:user] is no longer supported.}
    params[:user][:password]
  else
    params[:password_reset][:password]
  end
end

def find_user_by_id_and_confirmation_token
  Clearance.configuration.user_model.
    find_by_id_and_confirmation_token params[:id], params[:token].to_s
end

def find_user_for_edit
  find_user_by_id_and_confirmation_token
end

def find_user_for_update
  find_user_by_id_and_confirmation_token
end

def forbid_missing_token
  if params[:token].to_s.blank?
    flash_failure_when_forbidden
    render :template => 'passwords/new'
  end
end

def forbid_non_existent_user
  unless find_user_by_id_and_confirmation_token
    flash_failure_when_forbidden
    render :template => 'passwords/new'
  end
end
end

2 个答案:

答案 0 :(得分:0)

您应该跟踪从以下位置触发以下SQL查询的位置:

User Exists (0.5ms)  SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'info@netventief.nl' AND "users"."id" != 1) LIMIT 1

这是导致保存失败的行。我的猜测是,当您调用@user.update_attributes时,您的用户模型上有一个验证或其他回调。验证/回调失败,导致保存失败。

答案 1 :(得分:0)

这是导致保存失败的行。我的猜测是,当您调用@ user.update_attributes时,您的User模型上有一个验证或其他回调。验证/回调失败,导致保存失败。