应用强参数后,设计完成401在1ms内未授权

时间:2013-10-09 08:58:19

标签: ruby-on-rails ruby-on-rails-4 devise

我刚刚在我的应用中配置了强参数,一切似乎都很好。但我的设计登录失败了。我仍然可以注册一个用户,这将登录用户。我在设计3.1.1

我添加到application_controller:

   before_filter :configure_permitted_parameters, if: :devise_controller? 

     protected
      def configure_permitted_parameters
        devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) }
        devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) }
      end

在我的模特中

   devise :database_authenticatable, :registerable,
     :recoverable, :rememberable, :trackable, :validatable, :token_authenticatable, :invitable, :invite_for => 2.weeks, :authentication_keys => [:username]

我的日志中有一个DEPRECATION WARNING:devise:token_authenticatable已弃用。不确定这是不是问题?

       Started POST "/users/login" for 127.0.0.1 at 2013-10-09 21:54:13 +1300
      DEPRECATION WARNING: devise :token_authenticatable is deprecated. Please check Devise 3.1 release notes for more information on how to upgrade. (called from <class:User> at /home/jcui/Desktop/workspace/iv/app/models/user.rb:6)
        Configuration Load (0.4ms)  SELECT "configurations".* FROM "configurations" 
      Processing by Devise::SessionsController#create as HTML
        Parameters: {"utf8"=>"✓", "authenticity_token"=>"G1aVfzHcwHAI7ao6sBLF9WtgJAWlQ8c5KlKzEHpZzTo=", "user"=>{"email"=>"xxx@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
      Completed 401 Unauthorized in 1ms
      Processing by Devise::SessionsController#new as HTML
        Parameters: {"utf8"=>"✓", "authenticity_token"=>"G1aVfzHcwHAI7ao6sBLF9WtgJAWlQ8c5KlKzEHpZzTo=", "user"=>{"email"=>"xxx@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
        Rendered devise/shared/_links.erb (0.6ms)
        Rendered devise/sessions/new.html.erb within layouts/application (6.8ms)
      Completed 200 OK in 169ms (Views: 83.0ms | ActiveRecord: 0.0ms | Solr: 0.0ms)

我尝试在会话新视图中输出资源错误对象,但没有错误!! 

#<ActiveModel::Errors:0xe911424 @base=#<User id: nil, email: "myemail@gmail.com", encrypted_password: "$2a$10$j6lAQhBNgsO01HuBjxbgCOdvd0biRehWhQct50ee8cAo...", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil,
  sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil, created_at: nil, updated_at: nil, api_key: nil, avatar: nil, deleted_at: nil, roles_mask: nil, subdomain_id: nil, 
  invitation_token: nil, invitation_sent_at: nil, invitation_accepted_at: nil, invitation_limit: nil, invited_by_id: nil, invited_by_type: nil, username: nil, avatar_processing: nil, lang: nil>, @messages={}>

1 个答案:

答案 0 :(得分:1)

您在设计模型中使用用户名作为身份验证模式

:authentication_keys => [:username]

在登录时,您需要有用于身份验证的电子邮件。尝试从

更改允许的参数 
 devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) } 


devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :password, :remember_me) }

同时修改config / initializers / devise.rb:

config.case_insensitive_keys = [ :email, :username ]
config.strip_whitespace_keys = [ :email, :username ]

如果您想使用用户名或密码登录,请查看此链接: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address

相关问题
最新问题